Giter Club home page Giter Club logo

graph-adversarial-learning's Introduction

⚔🛡 Awesome Graph Adversarial Learning (Updating: 📝145 Papers)

Awesome Contributions Welcome

This repository contains 61 Attack-related papers, 66 Defense-related papers, 12 Robustness Certification papers, 2 Other papers, 4 Surveys, ranging from 2017 to 2020. All papers are available for download from Latest Release.

If you find this repository useful, please cite: A Survey of Adversarial Learning on Graph, Arxiv'20, 📝Paper

@article{chen2020survey,
  title={A Survey of Adversarial Learning on Graph},
  author={Chen, Liang and Li, Jintang and Peng, Jiaying and Xie, Tao and Cao, Zengxu and Xu, Kun and He, Xiangnan and Zheng, Zibin},
  journal={arXiv preprint arXiv:2003.05730},
  year={2020}
}

⚔ Attack

📝61 papers in total

💨 Back to Top

2020

📝34 papers in total

Adversarial Attack on Community Detection by Hiding Individuals 📝WWW :octocat:Code
Model CD-ATTACK Algorithm Graph generation
Surrogate GCN Target Task Community Detection
Target Model GCN, Node2vec + K-means, ComE Baseline DICE, MBA, RTA
Metric Hiding performance measure M1 & M2 Dataset DBLP, Finance
Manipulating Node Similarity Measures in Networks 📝AAMAS
Model FPTA Algorithm
Surrogate Target Task Node Similarity
Target Model Node Similarity Measures Baseline Random, Greedy, High Jaccard Similarity (HJ)
Metric Time Dataset Barabasi-Albert (BA), Erdos-Renyi (ER)
A Restricted Black-box Adversarial Framework Towards Attacking Graph Embedding Models 📝AAAI :octocat:Code
Model GF-Attack Algorithm Graph signal processing
Surrogate Target Task Node Classification
Target Model GCN, SGC, DeepWalk, LINE Baseline Random, Degree, RL-S2V,
Metric Accuracy Dataset Cora, CiteSeer, Pubmed
Indirect Adversarial Attacks via Poisoning Neighbors for Graph Convolutional Networks 📝BigData
Model POISONPROBE Algorithm Binary search
Surrogate GCN Target Task Node Classification
Target Model GCN Baseline Nettack
Metric ASR, Recall Dataset CiteSeer, Cora-ML
Non-target-specific Node Injection Attacks on Graph Neural Networks: A Hierarchical Reinforcement Learning Approach 📝WWW
Model NIPA Algorithm Reinforcement learning, Nodes injection
Surrogate GCN Target Task Node Classification
Target Model GCN Baseline Random, FGA, Preferential attack
Metric Accuracy Dataset Cora-ML, CiteSeer, Pubmed
Adversarial Attacks on Graph Neural Networks: Perturbations and their Patterns 📝TKDD
Model Fasttack Algorithm Perturbations Impact Ranking
Surrogate GCN Target Task Node Classification
Target Model GCN, CLN, DeepWalk Baseline Random, FGSM
Metric Classification Margin, Accuracy Dataset Cora-ML, CiteSeer, Polblogs, Pubmed
An Efficient Adversarial Attack on Graph Structured Data 📝IJCAI Workshop
Model Algorithm
Surrogate Target Task
Target Model Baseline
Metric Dataset
Practical Adversarial Attacks on Graph Neural Networks 📝ICML Workshop
Model GC-RWCS Algorithm Greedy
Surrogate Target Task Node Classification
Target Model GCN, JKNetConcat, JKNetMaxpool Baseline Random, Degree, Betweenness, PageRank
Metric Accuracy Dataset Cora, CiteSeer, Pubmed
Link Prediction Adversarial Attack Via Iterative Gradient Attack 📝IEEE Trans
Model IGA Algorithm Gradient
Surrogate GAE Target Task Link Prediction
Target Model GAE, LRW, DeepWalk, Node2vec, CN, RA, Katz Baseline RAN, DICE, GA
Metric ASR, AML Dataset NS, Yeast, FaceBook
Adversarial Attacks on Link Prediction Algorithms Based on Graph Neural Networks 📝Asia CCS
Model GGSP, OGSP Algorithm Greedy
Surrogate Target Task Link Prediction
Target Model SEAL Baseline
Metric ASR, AUC Dataset Cora-ML, CiteSeer, Pubmed
Adversarial attack on BC classification for scale-free networks 📝AIP Chaos
Model DALR, DILR Algorithm Degree
Surrogate Target Task Network Structure
Target Model Broido and Clauset Classification Baseline RLR
Metric Accuracy Dataset Networks generated by BA and UCM
Attackability Characterization of Adversarial Evasion Attack on Discrete Data 📝KDD
Model OMPGS Algorithm Gradient Guided Greedy Search
Surrogate Target Task Classification on Sequential Discret Data
Target Model LSTM, LSTM-Sub, LSTM-Noise Baseline SGS, FSGS, GradAttack, OMPGS-Rand
Metric ANC, AI, SR (Attack Performance) Dataset IPS, HER
MGA: Momentum Gradient Attack on Network 📝Arxiv
Model MGA Algorithm Momentum gradient
Surrogate GCN Target Task Node Classification, Community Detection
Target Model GCN, DeepWalk, Node2vec, GraphGAN, LPA, Louvain Baseline GradArgmax, RL-S2V, Nettack, FGA
Metric ASR, AML Dataset Cora, CiteSeer, Polblogs
Adversarial Attacks to Scale-Free Networks: Testing the Robustness of Physical Criteria 📝Arxiv
Model RLR, DALR, DILR Algorithm Random, Degree
Surrogate Target Task Network Structure
Target Model Physical Criteria Baseline
Metric AML, (diagonal) distance, clustering coefficient Dataset Generated simplex networks
Graph Universal Adversarial Attacks: A Few Bad Actors Ruin Graph Learning Models 📝Arxiv :octocat:Code
Model GUA Algorithm Gradient
Surrogate GCN Target Task Node Classification
Target Model GCN, DeepWalk, Node2Vec, GAT Baseline Random, VCA, FGA
Metric ASR, AML Dataset Cora, CiteSeer, Polblogs
Adversarial Perturbations of Opinion Dynamics in Networks 📝Arxiv
Model Algorithm Graph Laplacian
Surrogate Friedkin-Johnsen model Target Task Network Disruption
Target Model Baseline Opinion dynamics model
Metric Dataset
Network disruption: maximizing disagreement and polarization in social networks 📝Arxiv :octocat:Code
Model Greedy et al. Algorithm Greedy algorithm et al.
Surrogate Friedkin-Johnsen model Target Task Network Disruption
Target Model Friedkin-Johnsen model Baseline
Metric Disagreement,
Polarization		 Dataset Synthetic networks, Reddit, Twitter
Scalable Attack on Graph Data by Injecting Vicious Nodes 📝ECML-PKDD
Model AFGSM Algorithm Gradient
Surrogate GCN Target Task Node Classification
Target Model GCN, GAT, DeepWalk Baseline Nettack, FGSM, Metattack
Metric Accuracy Dataset CiteSeer, Cora, DBLP, Pubmed, Reddit
Stealing Links from Graph Neural Networks 📝Arxiv
Model Link Stealing Attacks Algorithm Supervised/Unsupervised Training
Surrogate GCN Target Task Link Prediction
Target Model GCN Baseline Traditional Link Prediction Algorithms
Metric AUC Dataset CiteSeer, Cora, Pubmed, AIDS, COX2, DHFR, ENZYMES, PROTEINS_full
Adversarial Attack on Hierarchical Graph Pooling Neural Networks|Gradient-Based Pooling Attack 📝Arxiv
Model Gradient-Based Pooling Attack Algorithm Gradient
Surrogate 1-Layer HGP Target Task Graph Classification
Target Model HGP, SAG, HGP-SL Baseline Random
Metric Accuracy Dataset DD, Mutagenicity, ER_MD, DHFR, AIDS, BZR
Graph Backdoor 📝Arxiv
Model GTA Algorithm Gradient
Surrogate Target Task Node Classification, Graph Classification
Target Model GCN, GraphSAGE, GAT Baseline
Metric ASR, AMC, BAD, ADD Dataset Fingerprint, Malware, AIDS, Toxicant, Bitcoin, Facebook
Backdoor Attacks to Graph Neural Networks|Subgraph-based Backdoor Attacks 📝Arxiv
Model Subgraph-based Backdoor Attacks Algorithm Subgraph Generation
Surrogate Target Task Graph Classification
Target Model GIN Baseline Clean
Metric Accuracy, ASR Dataset Bitcoin, Twitter, COLLAB
Adversarial Attack on Large Scale Graph 📝Arxiv :octocat:Code
Model SGA Algorithm Gradient
Surrogate SGC Target Task Node Classification
Target Model GCN, SGC, GAT, ClusterGCN, GraphSAGE Baseline GradArgmax, Nettack
Metric DAC, Accuracy, Classification Margin Dataset Cora, CiteSeer, Pubmed, Reddit
Efficient Evasion Attacks to Graph Neural Networks via Influence Function 📝Arxiv
Model Influence-based Attack Algorithm Influence Function
Surrogate Target Task Node Classification
Target Model GCN, SGC Baseline OTA-KL, OTA-UL, Iter-KL, Iter-UL
Metric ASR, Running Time Dataset Cora, CiteSeer, Pubmed
Reinforcement Learning-based Black-Box Evasion Attacks to Link Prediction in Dynamic Graphs 📝Arxiv
Model RL-based Attack Algorithm Reinforcement Learning
Surrogate Target Task Link Prediction
Target Model DyGCN Baseline Random-whole, Random-partial
Metric F1 Dataset Haggle, Hypertext, Trapping
Semantic-preserving Reinforcement Learning Attack Against Graph Neural Networks for Malware Detection 📝Arxiv
Adaptive Adversarial Attack on Graph Embedding via GAN 📝SocialSec
Scalable Adversarial Attack on Graph Neural Networks with Alternating Direction Method of Multipliers 📝Arxiv
One Vertex Attack on Graph Neural Networks-based Spatiotemporal Forecasting 📝ICLR OpenReview
Single-Node Attack for Fooling Graph Neural Networks 📝ICLR OpenReview
Black-Box Adversarial Attacks on Graph Neural Networks as An Influence Maximization Problem 📝ICLR OpenReview
Adversarial Attacks on Deep Graph Matching 📝NeurIPS
Black-Box Adversarial Attacks on Graph Neural Networks with Limited Node Access 📝NeurIPS
A Graph Matching Attack on Privacy-Preserving Record Linkage 📝CIKM

2019

📝17 papers in total

A Unified Framework for Data Poisoning Attack to Graph-based Semi-supervised Learning 📝NeurIPS :octocat:Code
Model G-SSL Algorithm Gradient based asymptotic linear algorithm
Surrogate Target Task Classification, Regression
Target Model Label propagation & regularization algs Baseline Random, PageRank, Degree
Metric Error rate, RMSE Dataset cadata, E2006, mnist17, rcv1
Adversarial Examples on Graph Data: Deep Insights into Attack and Defense 📝IJCAI :octocat:Code
Model IG-FGSM, IG-JSMA Algorithm Gradient
Surrogate GCN Target Task Node Classification
Target Model GCN Baseline FGSM, JSMA, Nettack
Metric Classification Margin, Accuracy Dataset Cora, CiteSeer, PolBlogs
Topology Attack and Defense for Graph Neural Networks: An Optimization Perspective 📝IJCAI :octocat:Code
Model PGD, Min-Max Algorithm Gradient
Surrogate GCN Target Task Node Classification
Target Model GCN Baseline DICE, Metattack, Greedy
Metric Misclassification Rate Dataset Cora, CiteSeer
Adversarial Attacks on Graph Neural Networks via Meta Learning 📝ICLR :octocat:Code
Model Metattack Algorithm Gradient
Surrogate GCN Target Task Node Classification
Target Model GCN, CLN, DeepWalk Baseline DICE, Nettack, First-order
Metric Misclassification Rate, Accuracy Dataset Cora, CiteSeer, PolBlogs, PubMed
αCyber: Enhancing Robustness of Android Malware Detection System against Adversarial Attacks on Heterogeneous Graph based Model 📝CIKM
Model HG-Attack Algorithm Label propagation algorithm, Nodes injection
Surrogate Target Task Malware Detection
Target Model Orig-HGC Baseline AN-Attack
Metric TP, TN, FP, FN, F1, Precision, Recall, Accuracy Dataset Tencent Security Lab Dataset
Data Poisoning Attack against Knowledge Graph Embedding 📝IJCAI
Model Algorithm Knowledge embedding
Surrogate Target Task Fact Plausibility Prediction
Target Model TransE, TransR, RESCAL Baseline RA
Metric MRR, HR@K Dataset FB15k, WN18
GA Based Q-Attack on Community Detection 📝TCSS
Model Q-Attack Algorithm Genetic algorithm
Surrogate Target Task Community Detection
Target Model FN, Lou, SOA, LPA, INF, Node2vec+KM Baseline Random, CDA, DBA
Metric Modularity Q, NMI Dataset Karate, Dolphins, Football, Polbooks
Attacking Graph-based Classification via Manipulating the Graph Structure 📝CCS
Model Algorithm
Surrogate LinLBP Target Task Node Classification, Evasion
Target Model LinLBP, JWP, LBP, RW, LINE, DeepWalk, Node2vec, GCN Baseline Random, Nettack
Metric FNR, FPR Dataset Facebook, Enron, Epinions, Twitter, Google+
Adversarial Attacks on Node Embeddings via Graph Poisoning 📝ICML :octocat:Code
Model Algorithm Gradient & Eigen-perturbation
Surrogate DeepWalk Target Task Node Classification, Link Prediction
Target Model DeepWalk Baseline
Metric F1 Score, Classification Margin Dataset Cora, CiteSeer, PolBlogs
Network Structural Vulnerability A Multi-Objective Attacker Perspective 📝IEEE Trans
Multiscale Evolutionary Perturbation Attack on Community Detection 📝Arxiv
Model EPA Algorithm Genetic algorithm
Surrogate Target Task Community Detection
Target Model GRE, INF, LOU Baseline ,
Metric NMI, ARI Dataset Synthetic networks, Football, Email, Polblogs
Time-aware Gradient Attack on Dynamic Network Link Prediction 📝IJCAI
Model TGA-Tra, TGA-Gre Algorithm Gradient
Surrogate DDNE Target Task Link Prediction
Target Model DDNE, ctRBM, GTRBM, dynAERNN Baseline Random, DGA, CNA
Metric ASR, AML Dataset RADOSLAW, LKML, FB-WOSN
Attacking Graph Convolutional Networks via Rewiring 📝Arxiv
Model ReWatt Algorithm Reinforcement Learning
Surrogate GCN Target Task Graph Classification
Target Model GCN Baseline RL-S2V, RA
Metric ASR Dataset REDDIT-MULTI-12K, REDDIT-MULTI-5K, IMDB-MULTI
Unsupervised Euclidean Distance Attack on Network Embedding 📝Arxiv
Model EDA Algorithm Genetic algorithm
Surrogate DeepWalk Target Task Node Classification, Community Detection
Target Model HOPE, LPA, EM, DeepWalk Baseline Random, DICE, RLS, DBA
Metric NMI, Micro-F1, Macro-F1 Dataset Karate, Game, Dolphin
Generalizable Adversarial Attacks with Latent Variable Perturbation Modelling 📝Arxiv
Model DAGAER Algorithm Generative model
Surrogate VGAE Target Task Node Classification
Target Model GCN Baseline Nettack
Metric ASR Dataset Cora, CiteSeer
Vertex Nomination, Consistent Estimation, and Adversarial Modification 📝Arxiv
PeerNets Exploiting Peer Wisdom Against Adversarial Attacks 📝ICLR (Poster) :octocat:Code

2018

📝8 papers in total

Adversarial Attack on Graph Structured Data 📝ICML :octocat:Code
Model RL-S2V, GradArgmax, GeneticAlg Algorithm Reinforcement learning, Gradient, Genetic algorithm
Surrogate GCN Target Task Node Classification, Graph Classification
Target Model GCN, GNN Baseline Random
Metric Accuracy Dataset Cora, CiteSeer, PolBlogs, Finance
Adversarial Attacks on Neural Networks for Graph Data 📝KDD :octocat:Code
Model Nettack Algorithm Greedy search & gradient
Surrogate GCN Target Task Node Classification
Target Model GCN, CLN, DeepWalk Baseline Rnd, FGSM
Metric Classification Margin, Accuracy Dataset Cora-ML, CiteSeer, PolBlogs
Attacking Similarity-Based Link Prediction in Social Networks 📝AAMAS
Model Approx-Local Algorithm Similarity methods
Surrogate Target Task Link Prediction
Target Model Local & Global similarity metrics Baseline Random, GreedyBase
Metric Katz Similarity, ACT Distance, Similarity Score Dataset Random network, Facebook
Hiding Individuals and Communities in a Social Network 📝Nature Human Behavior
Model DICE Algorithm Disconnect Internally, Connect Externally
Surrogate Target Task
Target Model Baseline
Metric Dataset
Fake Node Attacks on Graph Convolutional Networks 📝Arxiv
Model Greedy, Greedy GAN Algorithm Gradient
Surrogate GCN, GAN Target Task Node Classification
Target Model GCN Baseline RA
Metric Accuracy, F1 Score, ASR Dataset Cora, CiteSeer
Attack Tolerance of Link Prediction Algorithms: How to Hide Your Relations in a Social Network 📝Arxiv
Model CTR OTC Algorithm Neighbour score based on graph structure
Surrogate Target Task Link Prediction
Target Model Traditional Link Prediction Algs Baseline
Metric AUC, AP Dataset WTC 9/11, ScaleFree, Facebook, Random network
Fast Gradient Attack on Network Embedding 📝Arxiv
Model FGA Algorithm Gradient
Surrogate GCN Target Task Node Classification, Community Detection
Target Model GCN, GraRep, DeepWalk, Node2vec, LINE, GraphGAN Baseline Random, DICE, Nettack
Metric ASR, AML Dataset Cora, CiteSeer, PolBlogs
Data Poisoning Attack against Unsupervised Node Embedding Methods 📝Arxiv
Model Opt-attack Algorithm Gradient
Surrogate DeepWalk, LINE Target Task Link Prediction
Target Model DeepWalk, LINE, Node2vec, SC, GAE Baseline Random, PageRank, Degree sum, Shortest path
Metric Similarity Score, AP Dataset Cora, CiteSeer, Facebook

2017

📝2 papers in total

Practical Attacks Against Graph-based Clustering 📝CCS
Model Targeted noise injection, Small community attack Algorithm Noise Injection
Surrogate Target Task Graph Clustering, Community Detection
Target Model SVD, Node2vec, Community Detection Algs Baseline
Metric ASR, FPR Dataset Reverse Engineered DGA Domains, NXDOMAIN
Adversarial Sets for Regularising Neural Link Predictors 📝UAI :octocat:Code

Taxonomies of Attack

💨 Back to Top

Attack

🛡 Defense

📝66 papers in total

💨 Back to Top

2020

📝41 papers in total

Transferring Robustness for Graph Neural Network Against Poisoning Attacks 📝WSDM :octocat:Code
Model PA-GNN Algorithm Penalized Aggregation, Meta Learning
Defense Type Structure Based Target Task Node Classification
Target Model GNN Baseline GCN, GAT, GCN-Jaccard, RGCN, VPN
Metric Accuracy Dataset Pubmed, Reddit, Yelp
Power up! Robust Graph Convolutional Network against Evasion Attacks based on Graph Powering 📝ICLR OpenReview :octocat:Code
Model r-GCN, VPN Algorithm Graph Powering
Defense Type Objective Based Target Task Node Classification
Target Model GCN Baseline ManiReg, SemiEmb, LP, DeepWalk, ICA, Planetoid, GCN
Metric Accuracy, Robustness Merit, Attack Deterioration Dataset CiteSeer, Cora, Pubmed
All You Need Is Low (Rank): Defending Against Adversarial Attacks on Graphs 📝WSDM :octocat:Code
Model GCN-SVD Algorithm SVD
Defense Type Preprocessing Target Task Node Classification
Target Model GCN Baseline GCN
Metric Accuracy, Classification Margin Dataset CiteSeer, Cora-ML, PolBlogs
How Robust Are Graph Neural Networks to Structural Noise? 📝DLGMA
Model Algorithm Adversarial Training
Defense Type Adversarial Training Target Task Node Classification
Target Model GIN Baseline GIN
Metric F1 score Dataset Constructed graph
Improving the Robustness of Wasserstein Embedding by Adversarial PAC-Bayesian Learning 📝AAAI
Model RAWEN Algorithm Adversarial PAC-Bayesian learning
Defense Type Objective Based Target Task Node Embedding
Target Model Wasserstein embedding Baseline GF, LINE, Node2vec, SDNE ...
Metric Presion, Recall, AUC, F1 Dataset Wiki-Vote, Epinions, Google, Email,Wiki
Robust Detection of Adaptive Spammers by Nash Reinforcement Learning 📝KDD :octocat:Code
Model Nash-Detect Algorithm A minimax game
Defense Type Detection Based Target Task Spam Detection
Target Model Baseline Spam Detector
Metric Practical Effect, Accuracy Dataset YelpChi, YelpNYC, YelpZip
Graph Structure Learning for Robust Graph Neural Networks 📝KDD :octocat:Code
Model Pro-GNN Algorithm Learns the graph structure and the GNN parameters simultaneously
Defense Type Hybrid Target Task Node Classification
Target Model GCN Baseline GAT, GCN-Jaccard, GCN-SVD
Metric Accuracy Dataset Cora, CiteSeer, Polblogs, Pubmed
Robust Graph Representation Learning via Neural Sparsification 📝ICML
Model NeuralSparse Algorithm Subgraphs Sampling
Defense Type Preprocessing-based Target Task Node Classification
Target Model GCN, GraphSAGE, GAT, GIN Baseline SS/RD, DropEdge, LDS
Metric Micro-F1,AUC, Accuracy Dataset Reddit, PPI, Transaction, Cora, CiteSeer
On The Stability of Polynomial Spectral Graph Filters 📝ICASSP :octocat:Code
Model Algorithm Polynomial graph filters
Defense Type Structure Based Target Task Graph signal processing
Target Model GNN Baseline
Metric Laplacian distance Dataset Barabási-Albert, Sensor network
Transferring Robustness for Graph Neural Network Against Poisoning Attacks 📝WSDM :octocat:Code
Model PA-GNN Algorithm Penalized Aggregation, Meta Learning
Defense Type Structure Based Target Task Node Classification
Target Model GNN Baseline GCN, GAT, GCN-Jaccard, RGCN, VPN
Metric Accuracy Dataset Pubmed, Reddit, Yelp
On the Robustness of Cascade Diffusion under Node Attacks 📝WWW :octocat:Code
Model Algorithm SEMR
Defense Type Target Task Cascade Diffusion
Target Model IC Model Baseline NetShield
Metric EMR, RNI, RIM Dataset Blogs, Minnesota, VK, Advogato, DBLP, BrightKite, ...
Friend or Faux: Graph-Based Early Detection of Fake Accounts on Social Networks 📝WWW
Model Algorithm SybilEdge
Defense Type Preprocessing-based Target Task Fake Detection
Target Model Graph-based models Baseline SybilRank, SybilBelief, SybilSCAR
Metric AUC, RejectRate, SybilEdgeTR Dataset Facebook network
Towards an Efficient and General Framework of Robust Training for Graph Neural Networks 📝ICASSP
Model GTA, ZO-GTA Algorithm Greedy search, Zeroth-order
Defense Type Adversarial-based Target Task Node Classification
Target Model GNN Baseline DICE, CE-PGD, CW-PGD
Metric Misclassification rate Dataset Cora, CiteSeer, PubMed
Robust Graph Learning From Noisy Data 📝IEEE Trans
Model RGC Algorithm Graph regularization
Defense Type Prepocessing-based Target Task Clustering, Semisupervised Classification
Target Model RPCA Baseline SC, RKKM, RSC, SSR, CAN, TLSC
Metric Accuracy, NMI, Purity Dataset YALE, JAFFE, ORL, TR41, TR45, ...
Robust Training of Graph Convolutional Networks via Latent Perturbation 📝ECML-PKDD :octocat:Code
Model LAT-GCN Algorithm Perturbing latent representations
Defense Type Structure Based Target Task Node Classification, Link prediction, Recommendation
Target Model GCN Baseline GCN, ADV-GCN, MIN-MAX GCN, ...
Metric CPU time, Accuracy, AUC, AP Dataset CiteSeer, Cora, PubMed, MovieLens 100k
Enhancing Graph Neural Network-based Fraud Detectors against Camouflaged Fraudsters 📝CIKM :octocat:Code
Model CARE-GNN Algorithm Reinforcement Learning
Defense Type Hybrid Target Task
Target Model GCN, GAT, RGCN, GraphSAGE Baseline GeniePath, Player2Vec, SemiGNN, GraphConsis
Metric AUC, Recall Dataset Yelp, Amazon
Provably Robust Node Classification via Low-Pass Message Passing 📝ICDM
Dynamic Knowledge Graph-based Dialogue Generation with Improved Adversarial Meta-Learning 📝Arxiv
Model KDAD Algorithm Adversarial Meta-learning
Defense Type Objective-based Target Task Dialogue Generation
Target Model Qadpt Baseline TAware, Qadpt
Metric BLEU, PPL, DISTINCT, ... Dataset HGZHZ
Robust Collective Classification against Structural Attacks 📝Preprint
Model R-AMN Algorithm Bound Analysis
Defense Type Objective-based Target Task Node Classification
Target Model AMN Baseline Struct-RSAD
Metric Accuracy Dataset Reuters, WebKB, Cora, CiteSeer
Tensor Graph Convolutional Networks for Multi-relational and Robust Learning 📝Arxiv
Model TGCN Algorithm Edge-dithering
Defense Type Processing-based Target Task Node Classification, Protein Prediction
Target Model GCN Baseline GCN
Metric Accuracy, Macro F1 Dataset Cora, CiteSeer, Pubmed, Polblogs, ...
Topological Effects on Attacks Against Vertex Classification 📝Arxiv
Model StratDegree, GreedyCover Algorithm GreedyCover
Defense Type Processing-based Target Task Node Classification
Target Model GCN Baseline Random Selection
Metric Required budget, Median margin Dataset Cora, CiteSeer, Pubmed, Polblogs
Evaluating Graph Vulnerability and Robustness using TIGER 📝Arxiv
Model TIGER Algorithm
Defense Type Hybrid Target Task Node Classification
Target Model Baseline
Metric Average vertex betweenness, Spectral scaling, Effective resistance Dataset US power grid, Water Distribution Network
Adversarial Perturbations of Opinion Dynamics in Networks 📝Arxiv
Model Algorithm
Defense Type Target Task Network Disruption
Target Model Opinion dynamics models Baseline
Metric Polarization-disagreement index Dataset
DefenseVGAE: Defending against Adversarial Attacks on Graph Data via a Variational Graph Autoencoder 📝Arxiv :octocat:Code
Model DefenceVGAE Algorithm VGAE
Defense Type Processing-based Target Task Node Classification
Target Model GCN Baseline GCN-Jaccard, GCN-SVD, RGCN
Metric Accuracy Dataset Cora, CiteSeer, PolBlogs
GNNGuard: Defending Graph Neural Networks against Adversarial Attacks 📝NeurIPS
Model GNNGuard Algorithm Network theory of homophily
Defense Type Structure-based Target Task Node Classification
Target Model GCN, GAT, GIN, ... Baseline GNN-Jaccard, RobustGCN, GNN-SVD
Metric Accuracy Dataset Cora, CiteSeer, ogbn-arxiv, DP
Adversarial Privacy Preserving Graph Embedding against Inference Attack 📝Arxiv :octocat:Code
Model APDGE Algorithm Adversarial Privacy-Purged
Defense Type Structure-based Target Task Privacy Protection
Target Model GAE Baseline GAE RM, CDSPIA
Metric Macro F1 Dataset Yale, Rochester
RoGAT: a robust GNN combined revised GAT with adjusted graphs 📝Arxiv
Uncertainty-Matching Graph Neural Networks to Defend Against Poisoning Attacks 📝Arxiv
ResGCN: Attention-based Deep Residual Modeling for Anomaly Detection on Attributed Networks 📝Arxiv
A Novel Defending Scheme for Graph-Based Classification Against Graph Structure Manipulating Attack 📝SocialSec
Uncertainty-aware Attention Graph Neural Network for Defending Adversarial Attacks 📝Arxiv
Iterative Deep Graph Learning for Graph Neural Networks: Better and Robust Node Embeddings 📝NeurIPS :octocat:Code
Towards Robust Graph Neural Networks against Label Noise 📝ICLR OpenReview
Graph Adversarial Networks: Protecting Information against Adversarial Attacks 📝ICLR OpenReview :octocat:Code
Ricci-GNN: Defending Against Structural Attacks Through a Geometric Approach 📝ICLR OpenReview
Reliable Graph Neural Networks via Robust Location Estimation 📝NeurIPS
Graph Random Neural Networks for Semi-Supervised Learning on Graphs 📝NeurIPS :octocat:Code
Variational Inference for Graph Convolutional Networks in the Absence of Graph Data and Adversarial Settings 📝NeurIPS
Provable Overlapping Community Detection in Weighted Graphs 📝NeurIPS
Community detection in sparse time-evolving graphs with a dynamical Bethe-Hessian 📝NeurIPS
Node Copying for Protection Against Graph Neural Network Topology Attacks 📝Arxiv

2019

📝23 papers in total

Topology Attack and Defense for Graph Neural Networks: An Optimization Perspective 📝IJCAI :octocat:Code
Model Algorithm Adversarial Training
Defense Type Adversarial Training Target Task Node Classification
Target Model GCN Baseline GCN
Metric Misclassification Rate, Accuracy Dataset Cora, CiteSeer
Adversarial Examples on Graph Data: Deep Insights into Attack and Defense 📝IJCAI :octocat:Code
Model GCN-Jaccard Algorithm Drop Edges
Defense Type Preprocessing Target Task Node Classification
Target Model GCN Baseline GCN
Metric Classification Margin, Accuracy Dataset Cora-ML, CiteSeer, PolBlogs
Investigating Robustness and Interpretability of Link Prediction via Adversarial Modifications 📝NAACL :octocat:Code
Model CRIAGE Algorithm Adversarial Modification
Defense Type Robustness Evaluation Target Task Link Prediction
Target Model Knowledge Graph Embedding Baseline
Metric Hits@K, MRR Dataset Nations, Kinship, WN18, YAGO3-10
Robust Graph Convolutional Networks Against Adversarial Attacks 📝KDD :octocat:Code
Model RGCN Algorithm Gaussian-based Graph Convolution and Attention Mechanism
Defense Type Structure Based Target Task Node Classification
Target Model GCN Baseline GCN, GAT
Metric Accuracy Dataset Cora, CiteSeer, Pubmed
Virtual Adversarial Training on Graph Convolutional Networks in Node Classification 📝PRCV
Model SVAT, DVAT Algorithm Virtual Adversarial Training
Defense Type Adversarial Training Target Task Node Classification
Target Model GCN Baseline GCN
Metric Accuracy Dataset Cora, CiteSeer, Pubmed
Comparing and Detecting Adversarial Attacks for Graph Deep Learning 📝RLGM@ICLR
Model Algorithm KL Divergence
Defense Type Detection Based Target Task Node Classification
Target Model GCN, GAT Baseline
Metric Classification Margin, Accuracy, ROC, AUC Dataset Cora, CiteSeer, PolBlogs
Characterizing Malicious Edges targeting on Graph Neural Networks 📝ICLR OpenReview :octocat:Code
Model SL, OD, GGD, LP+GGD, ENS Algorithm Link Prediction, Subsampling, Neighbour Analysis
Defense Type Hybrid Target Task Node Classification
Target Model GNN, GCN Baseline LP
Metric AUC Dataset Cora, CiteSeer
Latent Adversarial Training of Graph Convolution Networks 📝LRGSD@ICML
Batch Virtual Adversarial Training for Graph Convolutional Networks 📝ICML :octocat:Code
Model S-BVAT, O-BVAT Algorithm atch Virtual Adversarial Training
Defense Type Adversarial Training Target Task Node Classification
Target Model GCN Baseline LP, DeepWalk, GAT, GPNN, GCN, VAT, ...
Metric Accuracy Dataset Cora, CiteSeer, Pubmed, Nell
αCyber: Enhancing Robustness of Android Malware Detection System against Adversarial Attacks on Heterogeneous Graph based Model 📝CIKM
Model Rad-HGC Algorithm HG-Defense
Defense Type Detection Based Target Task Malware Detection
Target Model Malware Detection System Baseline FakeBank, CryptoMiner, AppCracked, MalFlayer, GameTrojan, BlackBaby, ...
Metric Detection Rate Dataset Tencent Security Lab Dataset
Adversarial Robustness of Similarity-Based Link Prediction 📝ICDM
Model IDOpt, IDRank Algorithm Integer Program, Edge Ranking
Defense Type Target Task Link Prediction
Target Model Similarity-based Link Prediction Models Baseline PPN
Metric DPR Dataset PA, PLD, TVShow, Gov
mproving Robustness to Attacks Against Vertex Classification 📝MLG@KDD
Model SVM with a radial basis function kernel Algorithm Augmented Feature, Edge Selecting
Defense Type Hybrid Target Task Node Classification
Target Model SVM Baseline GCN
Metric Classification Marigin Dataset Cora, CiteSeer
Graph Adversarial Training: Dynamically Regularizing Based on Graph Structure 📝TKDE :octocat:Code
Model GCN-GATV Algorithm raph Adversarial Training, Virtual Adversarial Training
Defense Type Adversarial Training Target Task Node Classification
Target Model GCN Baseline LP, DeepWalk, SemiEmb, Planetoid, GCN, GraphSGAN
Metric Accuracy Dataset Cora, CiteSeer, NELL
Adversarial Training Methods for Network Embedding 📝WWW :octocat:Code
Model AdvT4NE Algorithm Adversarial Training
Defense Type Adversarial Training Target Task Network embedding
Target Model Deepwalk Baseline GF,DeepWalk, LINE,Node2vec, ...
Metric Accuracy Dataset Cora, CiteSeer, Wiki, CA-GrQc, CA-HepTh
GraphDefense: Towards Robust Graph Convolutional Networks 📝Arxiv
Model GraphDefense Algorithm Adversarial Training
Defense Type Adversarial Training Target Task Node Classification
Target Model GCN Baseline Drop Edges, Discrete Adversarial Training
Metric Accuracy Dataset Cora, CiteSeer, Reddit
Can Adversarial Network Attack be Defended? 📝Arxiv
Model Global-AT, Target-AT, SD, SCEL Algorithm Adversarial Training, Smooth Defense
Defense Type Hybrid Target Task Node Classification
Target Model GNN Baseline AT
Metric ADR, ACD Dataset Cora, CiteSeer, PolBlogs
Edge Dithering for Robust Adaptive Graph Convolutional Networks 📝Arxiv
Model AGCN Algorithm Adaptive GCN with Edge Dithering
Defense Type Structure Based Target Task Node Classification
Target Model GCN Baseline GCN
Metric Accuracy Dataset Cora, CiteSeer, Pubmed, PolBlogs
GraphSAC: Detecting anomalies in large-scale graphs 📝Arxiv
Model GraphSVC Algorithm Random, Consensus
Defense Type Detection Based Target Task Anomaly Detection
Target Model Anomaly Model Baseline GAE, Amen, Radar, Degree, ...
Metric AUC Dataset Cora, CiteSeer, Pubmed, PolBlogs
Adversarial Defense Framework for Graph Neural Network 📝Arxiv
Model DefNet Algorithm GAN, GER, ACL
Defense Type Hybrid Target Task Node Classification
Target Model GCN, GraphSAGE Baseline GCN, GraphSAGE
Metric Classification Margin Dataset Cora, CiteSeer, PolBlogs
Graph Interpolating Activation Improves Both Natural and Robust Accuracies in Data-Efficient Deep Learning 📝Arxiv
Adversarial Embedding: A robust and elusive Steganography and Watermarking technique 📝Arxiv
Examining Adversarial Learning against Graph-based IoT Malware Detection Systems 📝Arxiv
Target Defense Against Link-Prediction-Based Attacks via Evolutionary Perturbations 📝Arxiv

2018

📝1 papers in total

Adversarial Personalized Ranking for Recommendation 📝SIGIR :octocat:Code
Model APR, AMF Algorithm Adversarial Training based on MF-BPR
Defense Type Adversarial Training Target Task Recommendation
Target Model MF-BPR Baseline ItemPop, MF-BPR, CDAE, NeuMF, IRGAN
Metric HR, NDCG Dataset Yelp, Pinterest, Gowalla

2017

📝1 papers in total

Adversarial Sets for Regularising Neural Link Predictors 📝UAI :octocat:Code

🔐 Robustness Certification

📝12 papers in total

💨 Back to Top

Collective Robustness Certificates 📝ICLR‘21 OpenReview
Certifying Robustness of Graph Laplacian Based Semi-Supervised Learning 📝ICLR‘21 OpenReview
Certified Robustness of Graph Convolution Networks for Graph Classification under Topological Attacks 📝NeurIPS'20
Certified Robustness of Community Detection against Adversarial Structural Perturbation via Randomized Smoothing 📝WWW'20
Efficient Robustness Certificates for Discrete Data: Sparsity - Aware Randomized Smoothing for Graphs, Images and More 📝ICML'20 :octocat:Code
Abstract Interpretation based Robustness Certification for Graph Convolutional Networks 📝ECAI'20
Certifiable Robustness of Graph Convolutional Networks under Structure Perturbation 📝NeurIPS :octocat:Code
Certified Robustness of Graph Classification against Topology Attack with Randomized Smoothing 📝NeurIPS
Adversarial Immunization for Improving Certifiable Robustness on Graphs 📝Arxiv'20
Certified Robustness of Graph Neural Networks against Adversarial Structural Perturbation 📝Arxiv'20
Certifiable Robustness and Robust Training for Graph Convolutional Networks 📝KDD'19 :octocat:Code
Certifiable Robustness to Graph Perturbations 📝NeurIPS'19 :octocat:Code

🚀 Others

📝2 papers in total

💨 Back to Top

FLAG: Adversarial Data Augmentation for Graph Neural Networks 📝Arxiv'20 :octocat:Code
Dynamic Knowledge Graph-based Dialogue Generation with Improved Adversarial Meta-Learning 📝Arxiv'20

📃 Survey

📝4 papers in total

💨 Back to Top

A Survey of Adversarial Learning on Graph 📝Arxiv'20
Adversarial Attacks and Defenses on Graphs: A Review and Empirical Study 📝Arxiv'20
Adversarial Attacks and Defenses in Images, Graphs and Text: A Review 📝Arxiv'19
Adversarial Attack and Defense on Graph Data: A Survey 📝Arxiv'18

🔗 Resource

💨 Back to Top

  • Awesome Adversarial Learning on Recommender System :octocat:Link
  • Awesome Graph Attack and Defense Papers :octocat:Link
  • Graph Adversarial Learning Literature :octocat:Link
  • A Complete List of All (arXiv) Adversarial Example Papers 🌐Link
  • Adversarial Attacks and Defenses Frontiers, Advances and Practice, KDD'20 tutorial, 🌐Link

⚙ Toolbox

💨 Back to Top

  • DeepRobust :octocat:Link: A PyTorch adversarial library for attack and defense methods on images and graphs.
  • GraphAdv :octocat:Link: A TensorFlow-based library for adversarial attacks and defense methods on graph.
  • GraphGallery :octocat:Link: A PyTorch and TensorFlow library for geometric graph (adversarial) learning.

graph-adversarial-learning's People

Contributors

andreamapp avatar edisonleeeee avatar gitgiter avatar storyandwine avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.