kth.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
A Simple and Yet Fairly Effective Defense for Graph Neural Networks
KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Software and Computer systems, SCS.ORCID iD: 0000-0001-9969-4660
DaSciM, LIX, Ecole Polytechnique, Institut Polytechnique de Paris, France.
DaSciM, LIX, Ecole Polytechnique, Institut Polytechnique de Paris, France.
KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Software and Computer systems, SCS. DaSciM, LIX, Ecole Polytechnique, Institut Polytechnique de Paris, France.ORCID iD: 0000-0001-5923-4440
Show others and affiliations
2024 (English)In: AAAI Technical Track on Safe, Robust and Responsible AI Track, Association for the Advancement of Artificial Intelligence (AAAI) , 2024, Vol. 38, p. 21063-21071, article id 19Conference paper, Published paper (Refereed)
Abstract [en]

Graph Neural Networks (GNNs) have emerged as the dominant approach for machine learning on graph-structured data. However, concerns have arisen regarding the vulnerability of GNNs to small adversarial perturbations. Existing defense methods against such perturbations suffer from high time complexity and can negatively impact the model's performance on clean graphs. To address these challenges, this paper introduces NoisyGNNs, a novel defense method that incorporates noise into the underlying model's architecture. We establish a theoretical connection between noise injection and the enhancement of GNN robustness, highlighting the effectiveness of our approach. We further conduct extensive empirical evaluations on the node classification task to validate our theoretical findings, focusing on two popular GNNs: the GCN and GIN. The results demonstrate that NoisyGNN achieves superior or comparable defense performance to existing methods while minimizing added time complexity. The NoisyGNN approach is model-agnostic, allowing it to be integrated with different GNN architectures. Successful combinations of our NoisyGNN approach with existing defense techniques demonstrate even further improved adversarial defense results. Our code is publicly available at: https://github.com/Sennadir/NoisyGNN.

Place, publisher, year, edition, pages
Association for the Advancement of Artificial Intelligence (AAAI) , 2024. Vol. 38, p. 21063-21071, article id 19
Series
Proceedings of the AAAI Conference on Artificial Intelligence, ISSN 2159-5399 ; 38
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:kth:diva-345725DOI: 10.1609/aaai.v38i19.30098Scopus ID: 2-s2.0-85189621980OAI: oai:DiVA.org:kth-345725DiVA, id: diva2:1852501
Conference
38th AAAI Conference on Artificial Intelligence, AAAI 2024, Vancouver, Canada, Feb 20 2024 - Feb 27 2024
Note

QC 20240424

Available from: 2024-04-18 Created: 2024-04-18 Last updated: 2024-04-24Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Ennadir, SofianeVazirgiannis, MichalisBoström, Henrik

Search in DiVA

By author/editor
Ennadir, SofianeVazirgiannis, MichalisBoström, Henrik
By organisation
Software and Computer systems, SCS
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 32 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf