A curated list of adversarial attacks and defenses papers on graph-structured data.
Papers are sorted by their uploaded dates in descending order.
This bi-weekly-updated list serves as a complement of the survey below.
Adversarial Attack and Defense on Graph Data: A Survey (Updated in July 2020. More than 110 papers reviewed).
@article{sun2018adversarial,
title={Adversarial Attack and Defense on Graph Data: A Survey},
author={Sun, Lichao and Dou, Yingtong and Yang, Carl and Wang, Ji and Yu, Philip S. and He, Lifang and Li, Bo},
journal={arXiv preprint arXiv:1812.10528},
year={2018}
}If you feel this repo is helpful, please cite the survey above.
Search keywords like conference name (e.g., NeurIPS), task name (e.g., Link Prediction), model name (e.g., DeepWalk), or method name (e.g., Robust) over the webpage to quickly locate related papers.
Attack papers sorted by year: | 2021 | 2020 | 2019 | 2018 | 2017 |
Defense papers sorted by year: | 2021 | 2020 | 2019 | 2018 |
| Year | Title | Type | Target Task | Target Model | Venue | Paper | Code |
|---|---|---|---|---|---|---|---|
| 2021 | Structack: Structure-based Adversarial Attacks on Graph Neural Networks | Attack | Node Classification | GCN | ACM Hypertext | Link | Link |
| 2021 | Optimal Edge Weight Perturbations to Attack Shortest Paths | Attack | Shortest Path | Shortest Path Algs | Arxiv | Link | |
| 2021 | Graph Robustness Benchmark: Rethinking and Benchmarking Adversarial Robustness of Graph Neural Networks | Attack | Node Classification | GNNs | NeurIPS Openreview | Link | Link |
| 2021 | Adversarial Attack on Graph Neural Networks as An Influence Maximization Problem | Attack | Node Classification | GNNs | Arxiv | Link | |
| 2021 | BinarizedAttack: Structural Poisoning Attacks to Graph-based Anomaly Detection | Attack | Anomaly Detection | Graph Anomaly Detection Algs | Arxiv | Link | |
| 2021 | TDGIA: Effective Injection Attacks on Graph Neural Networks | Attack | Node Classification | GNNs | KDD 2021 | Link | |
| 2021 | Graph Adversarial Attack via Rewiring | Attack | Node Classification | GCN | KDD 2021 | Link | |
| 2021 | Evaluating Graph Vulnerability and Robustness using TIGER | Attack | Robustness Measure | Robustness Measure | Arxiv | Link | Link |
| 2021 | Adversarial Attack Framework on Graph Embedding Models with Limited Knowledge | Attack | Node Classification | Graph Embedding Models | Arxiv | Link | |
| 2021 | Attacking Graph Neural Networks at Scale | Attack | Node Classification | GCN | AAAI 2021 Workshop | Link | |
| 2021 | Black-box Gradient Attack on Graph Neural Networks: Deeper Insights in Graph-based Attack and Defense | Attack | Node Classification | GNNs | Arxiv | Link | |
| 2021 | Enhancing Robustness and Resilience of Multiplex Networks Against Node-Community Cascading Failures | Attack | Complex Networks Robustness | Complex Networks | IEEE TSMC | Link | |
| 2021 | PATHATTACK: Attacking Shortest Paths in Complex Networks | Attack | Shortest Path | Shortest Path | Arxiv | Link | |
| 2021 | Universal Spectral Adversarial Attacks for Deformable Shapes | Attack | Shape Classification | ChebyNet, PointNet | CVPR 2021 | Link | |
| 2021 | Preserve, Promote, or Attack? GNN Explanation via Topology Perturbation | Attack | Object Detection | GNNs | Arxiv | Link | |
| 2021 | Towards Revealing Parallel Adversarial Attack on Politician Socialnet of Graph Structure | Attack | Node Classification | GCN | Security and Communication Networks | Link | |
| 2021 | Network Embedding Attack: An Euclidean Distance Based Method | Attack | Node Classification, Community Detection | Network Embedding Methods | MDATA | Link | |
| 2021 | Adversarial Attack on Network Embeddings via Supervised Network Poisoning | Attack | Node Classification, Link Prediction | DeepWalk, Node2vec, LINE, GCN | PAKDD 2021 | Link | Link |
| 2021 | GraphAttacker: A General Multi-Task Graph Attack Framework | Attack | Node Classification, Graph Classification, Link Prediction | GNNs | Arxiv | Link | |
| 2021 | Membership Inference Attack on Graph Neural Networks | Attack | Membership Inference | GNNs | Arxiv | Link |
Attack Papers 2020 [Back to Top]
| Year | Title | Type | Target Task | Target Model | Venue | Paper | Code |
|---|---|---|---|---|---|---|---|
| 2020 | Adversarial Label-Flipping Attack and Defense for Graph Neural Networks | Attack | Node Classification | GNNs | ICDM 2020 | Link | Link |
| 2020 | Exploratory Adversarial Attacks on Graph Neural Networks | Attack | Node Classification | GCN | ICDM 2020 | Link | Link |
| 2020 | A Targeted Universal Attack on Graph Convolutional Network | Attack | Node Classification | GCN | Arxiv | Link | Link |
| 2020 | Attacking Graph-Based Classification without Changing Existing Connections | Attack | Node Classification | Collective Classification Models | ACSAC 2020 | Link | |
| 2020 | Learning to Deceive Knowledge Graph Augmented Models via Targeted Perturbation | Attack | Commonsense Reasoning Recommender System | Knowledge Graph | ICLR 2021 | Link | Link |
| 2020 | One Vertex Attack on Graph Neural Networks-based Spatiotemporal Forecasting | Attack | Spatiotemporal Forecasting | GNNs | ICLR 2021 OpenReview | Link | |
| 2020 | Single-Node Attack for Fooling Graph Neural Networks | Attack | Node Classification | GNNs | ICLR 2021 OpenReview | Link | |
| 2020 | Black-Box Adversarial Attacks on Graph Neural Networks as An Influence Maximization Problem | Attack | Node Classification | GNNs | ICLR 2021 OpenReview | Link | |
| 2020 | Adversarial Attacks on Deep Graph Matching | Attack | Graph Matching | Deep Graph Matching Models | NeurIPS 2020 | Link | |
| 2020 | Towards More Practical Adversarial Attacks on Graph Neural Networks | Attack | Node Classification | GNNs | NeurIPS 2020 | Link | Link |
| 2020 | A Graph Matching Attack on Privacy-Preserving Record Linkage | Attack | Record Linkage | Rrivacy-preserving Record Linkage Methods | CIKM 2020 | Link | |
| 2020 | Adaptive Adversarial Attack on Graph Embedding via GAN | Attack | Node Classification | GCN, DeepWalk, LINE | SocialSec | Link | |
| 2020 | Scalable Adversarial Attack on Graph Neural Networks with Alternating Direction Method of Multipliers | Attack | Node Classification | GNNs | Arxiv | Link | |
| 2020 | Semantic-preserving Reinforcement Learning Attack Against Graph Neural Networks for Malware Detection | Attack | Malware Detection | GCN | Arxiv | Link | |
| 2020 | Adversarial Attack on Large Scale Graph | Attack | Node Classification | GNN | Arxiv | Link | |
| 2020 | Efficient Evasion Attacks to Graph Neural Networks via Influence Function | Attack | Node Classification | GNN | Arxiv | Link | |
| 2020 | Reinforcement Learning-based Black-Box Evasion Attacks to Link Prediction in Dynamic Graphs | Attack | Link Prediction | DyGCN | Arxiv | Link | |
| 2020 | Adversarial attack on BC classification for scale-free networks | Attack | Broido and Clauset classification | scale-free network | AIP Chaos | Link | |
| 2020 | Adversarial Attacks on Link Prediction Algorithms Based on Graph Neural Networks | Attack | Link Prediction | GNN | Asia CCS 2020 | Link | |
| 2020 | Practical Adversarial Attacks on Graph Neural Networks | Attack | Node Classification | GNN | ICML 2020 Workshop | Link | |
| 2020 | Link Prediction Adversarial Attack Via Iterative Gradient Attack | Attack | Link Prediction | GAE | IEEE TCSS | Link | |
| 2020 | An Efficient Adversarial Attack on Graph Structured Data | Attack | Node Classification | GCN | IJCAI 2020 Workshop | Link | |
| 2020 | Graph Backdoor | Attack | Node Classification Graph Classification | GNNs | USENIX Security 2021 | Link | |
| 2020 | Backdoor Attacks to Graph Neural Networks | Attack | Graph Classification | GNNs | Arxiv | Link | |
| 2020 | Robust Spammer Detection by Nash Reinforcement Learning | Attack | Fraud Detection | Graph-based Fraud Detector | KDD 2020 | Link | Link |
| 2020 | Adversarial Attacks on Graph Neural Networks: Perturbations and their Patterns | Attack | Node Classification | GNN | TKDD | Link | |
| 2020 | Adversarial Attack on Hierarchical Graph Pooling Neural Networks | Attack | Graph Classification | GNN | Arxiv | Link | |
| 2020 | Stealing Links from Graph Neural Networks | Attack | Inferring Link | GNNs | USENIX Security 2021 | Link | |
| 2020 | Scalable Attack on Graph Data by Injecting Vicious Nodes | Attack | Node Classification | GCN | ECML-PKDD 2020 | Link | |
| 2020 | Network disruption: maximizing disagreement and polarization in social networks | Attack | Manipulating Opinion | Graph Model, Social Network | Arxiv | Link | |
| 2020 | Adversarial Perturbations of Opinion Dynamics in Networks | Attack | Manipulating Opinion | Graph Model | Arxiv | Link | |
| 2020 | Non-target-specific Node Injection Attacks on Graph Neural Networks: A Hierarchical Reinforcement Learning Approach | Attack | Node Classification | GCN | WWW 2020 | Link | |
| 2020 | MGA: Momentum Gradient Attack on Network | Attack | Node Classification, Community Detection | GCN, DeepWalk, node2vec | Arxiv | Link | |
| 2020 | Indirect Adversarial Attacks via Poisoning Neighbors for Graph Convolutional Networks | Attack | Node Classification | GCN | BigData 2019 | Link | |
| 2020 | Graph Universal Adversarial Attacks: A Few Bad Actors Ruin Graph Learning Models | Attack | Node Classification | GCN | Arxiv | Link | Link |
| 2020 | Adversarial Attacks to Scale-Free Networks: Testing the Robustness of Physical Criteria | Attack | Network Structure | Physical Criteria | Arxiv | Link | |
| 2020 | Adversarial Attack on Community Detection by Hiding Individuals | Attack | Community Detection | GCN | WWW 2020 | Link | Link |
Attack Papers 2019 [Back to Top]
| Year | Title | Type | Target Task | Target Model | Venue | Paper | Code |
|---|---|---|---|---|---|---|---|
| 2019 | How Robust Are Graph Neural Networks to Structural Noise? | Attack | Node Structural Identity Prediction | GIN | Arxiv | Link | |
| 2019 | Time-aware Gradient Attack on Dynamic Network Link Prediction | Attack | Link Prediction | Dynamic Network Embedding Algs | Arxiv | Link | |
| 2019 | All You Need is Low (Rank): Defending Against Adversarial Attacks on Graphs | Attack | Node Classification | GCN, Tensor Embedding | WSDM 2020 | Link | Link |
| 2019 | αCyber: Enhancing Robustness of Android Malware Detection System against Adversarial Attacks on Heterogeneous Graph based Model | Attack | Malware Detection | HIN | CIKM 2019 | Link | |
| 2019 | A Unified Framework for Data Poisoning Attack to Graph-based Semi-supervised Learning | Attack | Semi-supervised Learning | Label Propagation | NeurIPS 2019 | Link | |
| 2019 | Manipulating Node Similarity Measures in Networks | Attack | Node Similarity | Node Similarity Measures | AAMAS 2020 | Link | |
| 2019 | Multiscale Evolutionary Perturbation Attack on Community Detection | Attack | Community Detection | Community Metrics | Arxiv | Link | |
| 2019 | Attacking Graph Convolutional Networks via Rewiring | Attack | Node Classification | GCN | Openreview | Link | |
| 2019 | Node Injection Attacks on Graphs via Reinforcement Learning | Attack | Node Classification | GCN | Arxiv | Link | |
| 2019 | A Restricted Black-box Adversarial Framework Towards Attacking Graph Embedding Models | Attack | Node Classification | GCN, SGC | AAAI 2020 | Link | Link |
| 2019 | Topology Attack and Defense for Graph Neural Networks: An Optimization Perspective | Attack | Node Classification | GNN | IJCAI 2019 | Link | Link |
| 2019 | Unsupervised Euclidean Distance Attack on Network Embedding | Attack | Node Embedding | GCN | Arxiv | Link | |
| 2019 | Generalizable Adversarial Attacks Using Generative Models | Attack | Node Classification | GCN | Arxiv | Link | |
| 2019 | Vertex Nomination, Consistent Estimation, and Adversarial Modification | Attack | Vertex Nomination | VN Scheme | Arxiv | Link | |
| 2019 | Data Poisoning Attack against Knowledge Graph Embedding | Attack | Fact Plausibility Prediction | TransE, TransR | IJCAI 2019 | Link | |
| 2019 | Adversarial Examples on Graph Data: Deep Insights into Attack and Defense | Attack | Node Classification | GCN | IJCAI 2019 | Link | Link |
| 2019 | Adversarial Attacks on Node Embeddings via Graph Poisoning | Attack | Node Classification, Community Detection | node2vec, DeepWalk, GCN, Spectral Embedding, Label Propagation | ICML 2019 | Link | Link |
| 2019 | Attacking Graph-based Classification via Manipulating the Graph Structure | Attack | Node Classification | Belief Propagation, GCN | CCS 2019 | Link | |
| 2019 | Adversarial Attacks on Graph Neural Networks via Meta Learning | Attack | Node Classification | GCN, CLN, DeepWalk | ICLR 2019 | Link | Link |
Attack Papers 2018 [Back to Top]
| Year | Title | Type | Target Task | Target Model | Venue | Paper | Code |
|---|---|---|---|---|---|---|---|
| 2018 | Poisoning Attacks to Graph-Based Recommender Systems | Attack | Recommender System | Graph-based Recommendation Algs | ACSAC 2018 | Link | |
| 2018 | GA Based Q-Attack on Community Detection | Attack | Community Detection | Modularity, Community Detection Alg | IEEE TCSS | Link | |
| 2018 | Data Poisoning Attack against Unsupervised Node Embedding Methods | Attack | Link Prediction | LINE, DeepWalk | Arxiv | Link | |
| 2018 | Attack Graph Convolutional Networks by Adding Fake Nodes | Attack | Node Classification | GCN | Arxiv | Link | |
| 2018 | Link Prediction Adversarial Attack | Attack | Link Prediction | GAE, GCN | Arxiv | Link | |
| 2018 | Attack Tolerance of Link Prediction Algorithms: How to Hide Your Relations in a Social Network | Attack | Link Prediction | Traditional Link Prediction Algs | Scientific Reports | Link | |
| 2018 | Attacking Similarity-Based Link Prediction in Social Networks | Attack | Link Prediction | local&global similarity metrics | AAMAS 2019 | Link | |
| 2018 | Fast Gradient Attack on Network Embedding | Attack | Node Classification | GCN | Arxiv | Link | |
| 2018 | Adversarial Attack on Graph Structured Data | Attack | Node Classification, Graph Classification | GNN, GCN | ICML 2018 | Link | Link |
| 2018 | Adversarial Attacks on Neural Networks for Graph Data | Attack | Node Classification | GCN | KDD 2018 | Link | Link |
| 2018 | Hiding individuals and communities in a social network | Attack | Community Detection | Community Detection Algs | Nature Human Behavior | Link | Link |
Attack Papers 2017 [Back to Top]
| Year | Title | Type | Target Task | Target Model | Venue | Paper | Code |
|---|---|---|---|---|---|---|---|
| 2017 | Practical Attacks Against Graph-based Clustering | Attack | Graph Clustering | SVD, node2vec, Community Detection Alg | CCS 2017 | Link | |
| 2017 | Adversarial Sets for Regularising Neural Link Predictors | Attack | Link Prediction | Knowledge Graph Embeddings | UAI 2017 | Link | Link |
Defense Papers 2021 [Back to Top]
| Year | Title | Type | Target Task | Target Model | Venue | Paper | Code |
|---|---|---|---|---|---|---|---|
| 2021 | Robust Counterfactual Explanations on Graph Neural Networks | Defense | GNN Explaination | GNN Explaination Algs | Arxiv | Link | |
| 2021 | Robust Counterfactual Explanations on Graph Neural Networks | Defense | Link Prediction | Probabilistic Network Embedding Models | Arxiv | Link | |
| 2021 | Elastic Graph Neural Networks | Defense | Node classification | GNNs | ICML 2021 | Link | Link |
| 2021 | Expressive 1-Lipschitz Neural Networks for Robust Multiple Graph Learning against Adversarial Attacks | Defense | Graph Classification, Graph Matching | GNNs | ICML 2021 | Link | |
| 2021 | Integrated Defense for Resilient Graph Matching | Defense | Graph Matching | Graph Matching Algs | ICML 2021 | Link | |
| 2021 | NetFense: Adversarial Defenses against Privacy Attacks on Neural Networks for Graph Data | Defense | Privacy Protection | GNNs | TKDE | Link | |
| 2021 | Stability of graph convolutional neural networks to stochastic perturbations | Defense | Robustness Certification | GNNs | Signal Processing | Link | |
| 2021 | DeepInsight: Interpretability Assisting Detection of Adversarial Samples on Graphs | Defense | Node Classification | GNNs | Arxiv | Link | |
| 2021 | Improving Robustness of Graph Neural Networks with Heterophily-Inspired Designs | Defense | Node Classification | GNNs | Arxiv | Link | |
| 2021 | Understanding Structural Vulnerability in Graph Convolutional Networks | Defense | Node Classification | GNNs | IJCAI 2021 | Link | Link |
| 2021 | Certified Robustness of Graph Neural Networks against Adversarial Structural Perturbation | Defense | Robustness Certification | GNNs | KDD 2021 | Link | |
| 2021 | Unveiling Anomalous Nodes Via Random Sampling and Consensus on Graphs | Defense | Anomaly Detection | Anomaly Detection Algs | ICASSP 2021 | Link | |
| 2021 | Graph Sanitation with Application to Node Classification | Defense | Node Classification | GNNs | Arxiv | Link | |
| 2021 | Robust Network Alignment via Attack Signal Scaling and Adversarial Perturbation Elimination | Defense | Network Alignment | Network Alignment Algorithms | WWW 2021 | Link | |
| 2021 | Information Obfuscation of Graph Neural Networks | Defense | Recommender System, Knowledge Graph, Quantum Chemistry | GNNs | ICML 2021 | Link | Link |
| 2021 | Graph Embedding for Recommendation against Attribute Inference Attacks | Defense | Recommender System | GCN | WWW 2021 | Link | |
| 2021 | Spatio-Temporal Sparsification for General Robust Graph Convolution Networks | Defense | Node Classification | GCN | Arxiv | Link | |
| 2021 | Detection and Defense of Topological Adversarial Attacks on Graphs | Defense | Node Classification | GCN | AISTATS 2021 | Link | |
| 2021 | Robust graph convolutional networks with directional graph adversarial training | Defense | Node Classification | GCN | Applied Intelligence | Link | |
| 2021 | Interpretable Stability Bounds for Spectral Graph Filters | Defense | Robustness Certification | Spectral Graph Filter | Arxiv | Link | |
| 2021 | Personalized privacy protection in social networks through adversarial modeling | Defense | Privacy Protection | GCN | AAAI 2021 | Link | |
| 2021 | Node Similarity Preserving Graph Convolutional Networks | Defense | Node Classification | GNNs | WSDM 2021 | Link | Link |
Defense Papers 2020 [Back to Top]
| Year | Title | Type | Target Task | Target Model | Venue | Paper | Code |
|---|---|---|---|---|---|---|---|
| 2020 | Graph Stochastic Neural Networks for Semi-supervised Learning | Defense | Node Classification | GNNs | NeurIPS 2020 | Link | Link |
| 2020 | Smoothing Adversarial Training for GNN | Defense | Node Classification, Community Detection | GCN | IEEE TCSS | Link | |
| 2020 | Unsupervised Adversarially-Robust Representation Learning on Graphs | Defense | Node Classification | GNNs | Arxiv | Link | |
| 2020 | AANE: Anomaly Aware Network Embedding For Anomalous Link Detection | Defense | Node Classification | GNNs | ICDM 2020 | Link | |
| 2020 | Provably Robust Node Classification via Low-Pass Message Passing | Defense | Anomaly Detection | GNNs | ICDM 2020 | Link | |
| 2020 | Learning to Drop: Robust Graph Neural Network via Topological Denoising | Defense | Node Classification | GNNs | WSDM 2021 | Link | Link |
| 2020 | Robust Android Malware Detection Based on Attributed Heterogenous Graph Embedding | Defense | Malware Detection | Heterogeneous Information Network Embedding | FCS 2020 | Link | |
| 2020 | Adversarial Detection on Graph Structured Data | Defense | Graph Classification | GNNs | PPMLP 2020 | Link | |
| 2020 | On the Stability of Graph Convolutional Neural Networks under Edge Rewiring | Defense | Robustness Certification | GNNs | Arxiv | Link | |
| 2020 | Collective Robustness Certificates | Defense | Robustness Certification | GNNs | ICLR 2021 | Link | |
| 2020 | Towards Robust Graph Neural Networks against Label Noise | Defense | Node Classification | GNNs | ICLR 2021 OpenReview | Link | |
| 2020 | Certifying Robustness of Graph Laplacian Based Semi-Supervised Learning | Defense | Robustness Certification | GNNs | ICLR 2021 OpenReview | Link | |
| 2020 | Graph Adversarial Networks: Protecting Information against Adversarial Attacks | Defense | Node Attribute Inference | GNNs | ICLR 2021 OpenReview | Link | |
| 2020 | Ricci-GNN: Defending Against Structural Attacks Through a Geometric Approach | Defense | Node Classification | GNNs | ICLR 2021 OpenReview | Link | |
| 2020 | Graph Contrastive Learning with Augmentations | Defense | Node Classification | GNNs | NeurIPS 2020 | Link | Link |
| 2020 | Graph Information Bottleneck | Defense | Node Classification | GNNs | NeurIPS 2020 | Link | Link |
| 2020 | Certified Robustness of Graph Convolution Networks for Graph Classification under Topological Attacks | Defense | Graph Classification | GCN | NeurIPS 2020 | Link | Link |
| 2020 | Reliable Graph Neural Networks via Robust Aggregation | Defense | Node Classification | GNNs | NeurIPS 2020 | Link | Link |
| 2020 | Graph Random Neural Networks for Semi-Supervised Learning on Graphs | Defense | Node Classification | GCN | NeurIPS 2020 | Link | Link |
| 2020 | Variational Inference for Graph Convolutional Networks in the Absence of Graph Data and Adversarial Settings | Defense | Node Classification | GCN | NeurIPS 2020 | Link | Link |
| 2020 | GNNGuard: Defending Graph Neural Networks against Adversarial Attacks | Defense | Node Classification | GNNs | NeurIPS 2020 | Link | Link |
| 2020 | A Feature-Importance-Aware and Robust Aggregator for GCN | Defense | Node Classification Graph Classification | GNNs | CIKM 2020 | Link | Link |
| 2020 | Uncertainty-Matching Graph Neural Networks to Defend Against Poisoning Attacks | Defense | Node Classification | GNNs | AAAI 2021 | Link | |
| 2020 | Cross Entropy Attack on Deep Graph Infomax | Defense | Node Classification | DGI | IEEE ISCAS | Link | |
| 2020 | RoGAT: a robust GNN combined revised GAT with adjusted graphs | Defense | Node Classification | GNNs | Arxiv | Link | |
| 2020 | A Novel Defending Scheme for Graph-Based Classification Against Graph Structure Manipulating Attack | Defense | Node Classification | MRF | SocialSec | Link | |
| 2020 | Uncertainty-aware Attention Graph Neural Network for Defending Adversarial Attacks | Defense | Node Classification | GNNs | AAAI 2021 | Link | |
| 2020 | Certified Robustness of Graph Classification against Topology Attack with Randomized Smoothing | Defense | Graph Classification | GCB | IEEE GLOBECOM 2020 | Link | |
| 2020 | Adversarial Immunization for Improving Certifiable Robustness on Graphs | Defense | Node Classification | GNNs | WSDM 2021 | Link | |
| 2020 | Robust Collective Classification against Structural Attacks | Defense | Node Classification | Associative Markov Networks | UAI 2020 | Link | |
| 2020 | Enhancing Robustness of Graph Convolutional Networks via Dropping Graph Connections | Defense | Node Classification | GCN | Preprint | Link | |
| 2020 | Robust Training of Graph Convolutional Networks via Latent Perturbation | Defense | Node Classification | GCN | ECML-PKDD 2020 | Link | |
| 2020 | Backdoor Attacks to Graph Neural Networks | Defense | Graph Classification | GNNs | Arxiv | Link | |
| 2020 | DefenseVGAE: Defending against Adversarial Attacks on Graph Data via a Variational Graph Autoencoder | Defense | Node Classification | GNNs | Arxiv | Link | Link |
| 2020 | Robust Spammer Detection by Nash Reinforcement Learning | Defense | Fraud Detection | Graph-based Fraud Detector | KDD 2020 | Link | Link |
| 2020 | Certifiable Robustness of Graph Convolutional Networks under Structure Perturbations | Defense | Robustness Certification | GCN | KDD 2020 | Link | Link |
| 2020 | Efficient Robustness Certificates for Discrete Data: Sparsity-Aware Randomized Smoothing for Graphs, Images and More | Defense | Robustness Certification | GNN | ICML 2020 | Link | Link |
| 2020 | Robust Graph Representation Learning via Neural Sparsification | Defense | Node Classification | GNN | ICML 2020 | Link | |
| 2020 | EDoG: Adversarial Edge Detection For Graph Neural Networks | Defense | Edge Detection | GCN | Preprint | Link | |
| 2020 | Graph Structure Learning for Robust Graph Neural Networks | Defense | Node Classification | GCN | KDD 2020 | Link | Link |
| 2020 | GCN-Based User Representation Learning for Unifying Robust Recommendation and Fraudster Detection | Defense | Recommender System | GCN | SIGIR 2020 | Link | |
| 2020 | Anonymized GCN: A Novel Robust Graph Embedding Method via Hiding Node Position in Noise | Defense | Node Classification | GCN | Arxiv | Link | |
| 2020 | A Robust Hierarchical Graph Convolutional Network Model for Collaborative Filtering | Defense | Recommender System | GCN | Arxiv | Link | |
| 2020 | On The Stability of Polynomial Spectral Graph Filters | Defense | Graph Property | Spectral Graph Filter | ICASSP 2020 | Link | Link |
| 2020 | On the Robustness of Cascade Diffusion under Node Attacks | Defense | Influence Maximization | IC Model | WWW 2020 Workshop | Link | Link |
| 2020 | Friend or Faux: Graph-Based Early Detection of Fake Accounts on Social Networks | Defense | Fraud Detection | Graph-based Fraud Detectors | WWW 2020 | Link | |
| 2020 | Tensor Graph Convolutional Networks for Multi-relational and Robust Learning | Defense | Node Classification | GCN | Arxiv | Link | |
| 2020 | Adversary for Social Good: Protecting Familial Privacy through Joint Adversarial Attacks | Defense | Node Classification | Privacy Protection | AAAI 2020 | Link | |
| 2020 | Improving the Robustness of Wasserstein Embedding by Adversarial PAC-Bayesian Learning | Defense | Robustness Certification | Wasserstein Embedding | AAAI 2020 | Link | |
| 2020 | Adversarial Perturbations of Opinion Dynamics in Networks | Defense | Manipulating Opinion | Graph Model | Arxiv | Link | |
| 2020 | Topological Effects on Attacks Against Vertex Classification | Defense | Node Classification | GCN | Arxiv | Link | |
| 2020 | Towards an Efficient and General Framework of Robust Training for Graph Neural Networks | Defense | Node Classification | GCN | ICASSP 2020 | Link | |
| 2020 | Certified Robustness of Community Detection against Adversarial Structural Perturbation via Randomized Smoothing | Defense | Community Detection | Community Detection Algs | WWW 2020 | Link | |
| 2020 | Data Poisoning Attacks on Graph Convolutional Matrix Completion | Defense | Recommender System | GCMC | ICA3PP 2019 | Link |
Defense Papers 2019 [Back to Top]
| Year | Title | Type | Target Task | Target Model | Venue | Paper | Code |
|---|---|---|---|---|---|---|---|
| 2019 | How Robust Are Graph Neural Networks to Structural Noise? | Defense | Node Structural Identity Prediction | GIN | Arxiv | Link | |
| 2019 | GraphDefense: Towards Robust Graph Convolutional Networks | Defense | Node Classification | GCN | Arxiv | Link | |
| 2019 | All You Need is Low (Rank): Defending Against Adversarial Attacks on Graphs | Defense | Node Classification | GCN, Tensor Embedding | WSDM 2020 | Link | Link |
| 2019 | αCyber: Enhancing Robustness of Android Malware Detection System against Adversarial Attacks on Heterogeneous Graph based Model | Defense | Malware Detection | HIN | CIKM 2019 | Link | |
| 2019 | Edge Dithering for Robust Adaptive Graph Convolutional Networks | Defense | Node Classification | GCN | Arxiv | Link | |
| 2019 | GraphSAC: Detecting anomalies in large-scale graphs | Defense | Anomaly Detection | Anomaly Detection Algs | Arxiv | Link | |
| 2019 | Certifiable Robustness to Graph Perturbations | Defense | Robustness Certification | GNN | NeurIPS 2019 | Link | Link |
| 2019 | Power up! Robust Graph Convolutional Network based on Graph Powering | Defense | Node Classification | GCN | Openreview | Link | Link |
| 2019 | Adversarial Robustness of Similarity-Based Link Prediction | Defense | Link Prediction | Local Similarity Metrics | ICDM 2019 | Link | |
| 2019 | Adversarial Training Methods for Network Embedding | Defense | Node Classification | DeepWalk | WWW 2019 | Link | Link |
| 2019 | Transferring Robustness for Graph Neural Network Against Poisoning Attacks | Defense | Node Classification | GNN | WSDM 2020 | Link | Link |
| 2019 | Improving Robustness to Attacks Against Vertex Classification | Defense | Node Classification | GCN | KDD Workshop 2019 | Link | |
| 2019 | Target Defense Against Link-Prediction-Based Attacks via Evolutionary Perturbations | Defense | Link Prediction | Link Prediction Algs | TKDE | Link | |
| 2019 | Latent Adversarial Training of Graph Convolution Networks | Defense | Node Classification | GCN | LRGSD@ICML | Link | |
| 2019 | Certifiable Robustness and Robust Training for Graph Convolutional Networks | Defense | Robustness Certification | GCN | KDD 2019 | Link | Link |
| 2019 | Topology Attack and Defense for Graph Neural Networks: An Optimization Perspective | Defense | Node Classification | GNN | IJCAI 2019 | Link | Link |
| 2019 | Adversarial Examples on Graph Data: Deep Insights into Attack and Defense | Defense | Node Classification | GCN | IJCAI 2019 | Link | Link |
| 2019 | Adversarial Defense Framework for Graph Neural Network | Defense | Node Classification | GCN, GraphSAGE | Arxiv | Link | |
| 2019 | Investigating Robustness and Interpretability of Link Prediction via Adversarial Modifications | Defense | Link Prediction | Knowledge Graph Embedding | NAACL 2019 | Link | |
| 2019 | Robust Graph Convolutional Networks Against Adversarial Attacks | Defense | Node Classification | GCN | KDD 2019 | Link | Link |
| 2019 | Can Adversarial Network Attack be Defended? | Defense | Node Classification | GNN | Arxiv | Link | |
| 2019 | Virtual Adversarial Training on Graph Convolutional Networks in Node Classification | Defense | Node Classification | GCN | PRCV 2019 | Link | |
| 2019 | Batch Virtual Adversarial Training for Graph Convolutional Networks | Defense | Node Classification | GCN | LRGSD@ICML | Link | |
| 2019 | Comparing and Detecting Adversarial Attacks for Graph Deep Learning | Defense | Node Classification | GCN, GAT, Nettack | RLGM@ICLR 2019 | Link | |
| 2019 | Graph Adversarial Training: Dynamically Regularizing Based on Graph Structure | Defense | Node Classification | GCN | TKDE | Link | Link |
Defense Papers 2018 [Back to Top]
| Year | Title | Type | Target Task | Target Model | Venue | Paper | Code |
|---|---|---|---|---|---|---|---|
| 2018 | Characterizing Malicious Edges targeting on Graph Neural Networks | Defense | Detected Added Edges | GNN, GCN | OpenReview | Link | |
| 2018 | PeerNets: Exploiting Peer Wisdom Against Adversarial Attacks | Defense | Image Classification | LeNet, ResNet | ICLR 2019 | Link |