A curated list of adversarial attacks and defenses papers on graph-structured data.
Papers are sorted by their uploaded dates in descending order.
If you want to add new entries, please make PRs with the same format.
This list serves as a complement to the survey below.
Adversarial Attack and Defense on Graph Data: A Survey (Updated in Oct 2022. More than 110 papers reviewed).
- Arxiv Version (Latest)
@article{sun2018adversarial,
title={Adversarial Attack and Defense on Graph Data: A Survey},
author={Sun, Lichao and Dou, Yingtong and Yang, Carl and Kai Zhang and Wang, Ji and Yixin Liu and Yu, Philip S. and He, Lifang and Li, Bo},
journal={arXiv preprint arXiv:1812.10528},
year={2018}
}- TKDE Version
@article{sun2022adversarial,
title={Adversarial attack and defense on graph data: A survey},
author={Sun, Lichao and Dou, Yingtong and Yang, Carl and Zhang, Kai and Wang, Ji and Philip, S Yu and He, Lifang and Li, Bo},
journal={IEEE Transactions on Knowledge and Data Engineering},
year={2022},
publisher={IEEE}
}If you feel this repo is helpful, please cite the survey above.
Search keywords like conference name (e.g., NeurIPS), task name (e.g., Link Prediction), model name (e.g., DeepWalk), or method name (e.g., Robust) over the webpage to quickly locate related papers.
Attack papers sorted by year: | 2023 | 2022 | 2021 | 2020 | 2019 | 2018 | 2017 |
Defense papers sorted by year: | 2023 | 2022 | 2021 | 2020 | 2019 | 2018 |
Attack Papers 2023 [Back to Top]
| Year | Title | Type | Target Task | Target Model | Venue | Paper | Code |
|---|---|---|---|---|---|---|---|
| 2023 | Revisiting Robustness in Graph Machine Learning | Attack | Node Classification | GCN, SGC, APPNP, GAT, GATv2, GraphSAGE, LP | ICLR'23 | Link | Link |
| 2023 | Unnoticeable Backdoor Attacks on Graph Neural Networks | Attack | Node classification, Graph classification | GCN, GraphSage, and GAT | ArXiv | Link | Link |
| 2023 | Attacking Fake News Detectors via Manipulating News Social Engagement | Attack | Fake News Detection | GAT, GCN, and GraphSAGE) | WWW'23 | Link | Link |
| 2023 | HyperAttack: Multi-Gradient-Guided White-box Adversarial Structure Attack of Hypergraph Neural Networks | Attack | Node Classification | HGNNs | ArXiv | Link | |
| 2023 | Turning Strengths into Weaknesses: A Certified Robustness Inspired Attack Framework against Graph Neural Networks | Attack | Node Classification | GCN | CVPR'23 | Link | |
| 2023 | Adversary for Social Good: Leveraging Attribute-Obfuscating Attack to Protect User Privacy on Social Networks | Attack | Attribute Protection On Social Networks | GNNs | SecureComm 2022 | Link | |
| 2023 | Node Injection for Class-specific Network Poisoning | Attack | Node Classification | GCN | arXiv | Link | Link |
| 2023 | GUAP: Graph Universal Attack Through Adversarial Patching | Attack | Node Classification | GCN | arXiv | Link | Link |
Attack Papers 2022 [Back to Top]
| Year | Title | Type | Target Task | Target Model | Venue | Paper | Code |
|---|---|---|---|---|---|---|---|
| 2022 | GANI: Global Attacks on Graph Neural Networks via Imperceptible Node Injections | Attack | Node Classification | GCN/SGC/Jaccard/SimPGCN | Arxiv | Link | |
| 2022 | Motif-Backdoor: Rethinking the Backdoor Attack on Graph Neural Networks via Motifs | Attack | Graph Classification | GCN/SAGPool/GIN/ | Arxiv | Link | |
| 2022 | Towards Reasonable Budget Allocation in Untargeted Graph Structure Attacks via Gradient Debias | Attack | Node Classification | GCN/GAT/GraphSAGE | NeurIPS 2022 | Link | Link |
| 2022 | Imperceptible Adversarial Attacks on Discrete-Time Dynamic Graph Models | Attack | Dynamic Link Prediction/Node Classification | GC-LSTM/EVOLVEGCN/DYSAT | NeurIPS 2022 Workshop TGL | Link | |
| 2022 | A2S2-GNN: Rigging GNN-Based Social Status by Adversarial Attacks in Signed Social Networks | Attack | Classification in unsigned or undirected graphs | GNNs | IEEE Transactions on Information Forensics and Security | Link | |
| 2022 | Let Graph be the Go Board: Gradient-free Node Injection Attack for Graph Neural Networks via Reinforcement Learning | Attack | Node Classification | GCN/SGC/GAT/APPNP | AAAI23 | Link | Link |
| 2022 | QuerySnout: Automating the Discovery of Attribute Inference Attacks against Query-Based Systems | Attack | Query-based systems attribute inference | Diffix/TableBuilder/SimpleQBS | CCS 2022 | Link | Link |
| 2022 | Are Defenses for Graph Neural Networks Robust? | Attack | Node Classification | GNN, GCN, Jaccard GCN, SVD GCN, GNNGuard, RGCN, ProGNN, GRAND, Soft Median GDC | NeurIPS 2022 | Link | Link |
| 2022 | Poisoning GNN-based Recommender Systems with Generative Surrogate-based Attacks | Attack | Promotion/Recommendation/Re-producing | GNN | ACM TIS | Link | |
| 2022 | Dealing with the unevenness: deeper insights in graph-based attack and defense | Attack | Set-Cover problem | GCN, RGCN, GCN-Jaccard, Pro-GNN | Machine Learning | Link | |
| 2022 | Membership Inference Attacks Against Robust Graph Neural Network | Attack | Membership Inference | GCN | CSS 2022 | Link | |
| 2022 | Sparse Vicious Attacks on Graph Neural Networks | Attack | Link prediction | GNN | arXiv | Link | Link |
| 2022 | Model Inversion Attacks against Graph Neural Networks | Attack | Node Classification | GCN, GAT and GraphSAGE | TKDE | Link | Link |
| 2022 | Exploratory Adversarial Attacks on Graph Neural Networks for Semi-Supervised Node Classification | Attack | Semi-Supervised Node Classification | GNN | Pattern Recognition | Link | |
| 2022 | Adversarial Inter-Group Link Injection Degrades the Fairness of Graph Neural Networks | Attack | node classification | GNN | IEEE ICDM 2022 | Link | Link |
| 2022 | Resisting Graph Adversarial Attack via Cooperative Homophilous Augmentation | Attack | semi-Supervised Node Classification | GNN | ECML PKDD 2022 | Link | |
| 2022 | What Does the Gradient Tell When Attacking the Graph Structure | Attack | Node Classification | GCN, GraphSage and H2GCN | arXiv | Link | |
| 2022 | Robust Node Classification on Graphs: Jointly from Bayesian Label Transition and Topology-based Label Propagation | Attack | Node Classification | GNNs | CIKM 2022 | Link | Link |
| 2022 | Revisiting Item Promotion in GNN-based Collaborative Filtering: A Masked Targeted Topological Attack Perspective | Attack | Collaborative filtering | LightGCN | arXiv | Link | |
| 2022 | Link-Backdoor: Backdoor Attack on Link Prediction via Node Injection | Attack | Link Prediction | GAE, VGAE, GIC, ARGA, ARVGA | arXiv | Link | Link |
| 2022 | Graph Structural Attack by Perturbing Spectral Distance | Attack | node classification | two-layer GCN | KDD 2022 | Link | |
| 2022 | Are Gradients on Graph Structure Reliable in Gray-box Attacks? | Attack | node classification tasks | GraphSage | CIKM 2022 | Link | |
| 2022 | Adversarial Camouflage for Node Injection Attack on Graphs | Attack | semi-supervised information retrieval task | GNNs | arXiv | Link | |
| 2022 | CLUSTER ATTACK: Query-based Adversarial Attacks on Graphs with Graph-Dependent Priors | Attack | node classification | GNNs | IJCAI 2022 | Link | |
| 2022 | IoT-based Android Malware Detection Using Graph Neural Network With Adversarial Defense | Attack | Malware Detection | GNN | IEEE Internet of Things | Link | |
| 2022 | Private Graph Extraction via Feature Explanations | Attack | node classification | 2-layer GCN | arXiv | Link | |
| 2022 | Towards Secrecy-Aware Attacks Against Trust Prediction in Signed Graphs | Attack | trust prediction in signed graphs | SGCN, SNEA | arXiv | Link | |
| 2022 | Camouflaged Poisoning Attack on Graph Neural Networks | Attack | node classification | GCN | ICMR 2022 | Link | |
| 2022 | LOKI: A Practical Data Poisoning Attack Framework against Next Item Recommendations | Attack | Next Item Recommendations | BPRMF, FPMC, GRU4REC, TransRec | TKDE 2022 | Link | |
| 2022 | Poisoning GNN-based Recommender Systems with Generative Surrogate-based Attacks | Attack | Promotion/Recommendation/Re-producing | GNNs | ACM Transactions on Information Systems 2022 | Link | |
| 2022 | Transferable Graph Backdoor Attack | Attack | Graph Classification | GNNs | RAID 2022 | Link | |
| 2022 | Cluster Attack: Query-based Adversarial Attacks on Graphs with Graph-Dependent Priors | Attack | Node Classification | GNNs | IJCAI 2022 | Link | Link |
| 2022 | Adversarial Robustness of Graph-based Anomaly Detection | Attack | Anomaly Detection | GNNs | Arxiv | Link | |
| 2022 | Adversarial Attack Framework on Graph Embedding Models with Limited Knowledge | Attack | Node Classification | GNNs | Preprint | Link | |
| 2022 | Label specificity attack: Change your label as I want | Attack | Node Classification | GNNs | IJIS | Link | |
| 2022 | Bandits for Structure Perturbation-based Black-box Attacks to Graph Neural Networks with Theoretical Guarantees | Attack | Node Classification | GNNs | CVPR 2022 | Link | Link |
| 2022 | AdverSparse: An Adversarial Attack Framework for Deep Spatial-Temporal Graph Neural Networks | Attack | Spatial-Temporal Graph Embedding | Deep Spatial-Temporal GNNs | ICASSP 2022 | Link | |
| 2022 | Projective Ranking-based GNN Evasion Attacks | Attack | Graph Classification | GNNs | Arxiv | Link | |
| 2022 | Attacking Community Detectors: Mislead Detectors via Manipulating the Graph Structure | Attack | Community Detection | Community Detection Algs, GNNs | MobiCASE 2021 | Link | |
| 2022 | A Targeted Universal Attack on Graph Convolutional Network by Using Fake Nodes | Attack | Node Classification | GCN | Neural Processing Letters | Link | Link |
| 2022 | Surrogate Representation Learning with Isometric Mapping for Gray-box Graph Adversarial Attacks | Attack | Node Classification | GNNs | WSDM 2022 | Link | |
| 2022 | Black-box Node Injection Attack for Graph Neural Networks | Attack | Node Classification | GCN | Arxiv | Link | Link |
| 2022 | Understanding and Improving Graph Injection Attack by Promoting Unnoticeability | Attack | Node Classification | GNNs | ICLR 2022 | Link | Link |
| 2022 | Unsupervised Graph Poisoning Attack via Contrastive Loss Back-propagation | Attack | Node Classification, Link Prediction | GCN | WWW 2022 | Link | Link |
| 2022 | Neighboring Backdoor Attacks on Graph Convolutional Network | Attack | Node Classification | GCN | Arxiv | Link | |
| 2022 | Interpretable and Effective Reinforcement Learning for Attacking against Graph-based Rumor Detection | Attack | Rumor Detection | RGCN | Arxiv | Link |
Attack Papers 2021 [Back to Top]
| Year | Title | Type | Target Task | Target Model | Venue | Paper | Code |
|---|---|---|---|---|---|---|---|
| 2021 | Task and Model Agnostic Adversarial Attack on Graph Neural Networks | Attack | Node Classification | GNNs | Arxiv | Link | |
| 2021 | Model Stealing Attacks Against Inductive Graph Neural Networks | Attack | Node Classification, Model Stealing | GNNs | IEEE S&P 2022 | Link | Link |
| 2021 | How Members of Covert Networks Conceal the Identities of Their Leaders | Attack | Covert Network Leader Detection | Centrality Measures | ACM TIST 2021 | Link | |
| 2021 | Adapting Membership Inference Attacks to GNN for Graph Classification: Approaches and Implications | Attack | Graph Classification | GNNs | ICDM 2021 | Link | Link |
| 2021 | Graph Structural Attack by Spectral Distance | Attack | Node Classification | GCN | Arxiv | Link | |
| 2021 | Structural Attack against Graph Based Android Malware Detection | Attack | Malware Detection | Graph Based Android Malware Detector | CCS 2021 | Link | |
| 2021 | Adversarial Attacks on Knowledge Graph Embeddings via Instance Attribution Methods | Attack | Knowledge Graph Embeddings | Knowledge Graph Embedding Models | EMNLP 2021 | Link | Link |
| 2021 | Adversarial Attack against Cross-lingual Knowledge Graph Alignment | Attack | Knowledge Graph Alignment | Knowledge Graph Embedding Models | EMNLP 2021 | Link | |
| 2021 | Graph Robustness Benchmark: Benchmarking the Adversarial Robustness of Graph Machine Learning | Attack | Node Classification | GNNs | NeurIPS 2021 | Link | Link |
| 2021 | Adversarial Attacks on Graph Classification via Bayesian Optimisation | Attack | Graph Classification | GNNs | NeurIPS 2021 | Link | Link |
| 2021 | Robustness of Graph Neural Networks at Scale | Attack | Node Classification | GNNs | NeurIPS 2021 | Link | Link |
| 2021 | Large-Scale Adversarial Attacks on Graph Neural Networks via Graph Coarsening | Attack | Node Classification | GNNs | ICLR 2022 OpenReview | Link | |
| 2021 | Mind Your Solver! On Adversarial Attack and Defense for Combinatorial Optimization | Attack | Combinatorial Optimization | Combinatorial Optimization Solvers | ICLR 2022 OpenReview | Link | |
| 2021 | Bandits for Black-box Attacks to Graph Neural Networks with Structure Perturbation | Attack | Node Classification | GNNs | ICLR 2022 OpenReview | Link | |
| 2021 | Poisoning Attacks against Knowledge Graph-based Recommendation Systems Using Deep Reinforcement Learning | Attack | Knowledge Graph-based Recommender Systems | GNNs | Neural Computing and Applications | Link | |
| 2021 | FHA: Fast Heuristic Attack Against Graph Convolutional Networks | Attack | Node Classification | GNNs | ICDS 2021 | Link | |
| 2021 | Inference Attacks Against Graph Neural Networks | Attack | Graph/Property Inference | GNNs | USENIX Security 2022 | Link | Link |
| 2021 | Graph-Fraudster: Adversarial Attacks on Graph Neural Network Based Vertical Federated Learning | Attack | Node Classification, Federated Learning | GNNs | Arxiv | Link | |
| 2021 | Query-based Adversarial Attacks on Graph with Fake Nodes | Attack | Node Classification | GCN | Arxiv | Link | |
| 2021 | Single Node Injection Attack against Graph Neural Networks | Attack | Node Classification | GNNs | CIKM 2021 | Link | Link |
| 2021 | Projective Ranking: A Transferable Evasion Attack Method on Graph Neural Networks | Attack | Graph Classification | GCN | CIKM 2021 | Link | |
| 2021 | Spatially Focused Attack against Spatiotemporal Graph Neural Networks | Attack | Spatiotemporal Forecasting | GNNs | Arxiv | Link | |
| 2021 | Derivative-free optimization adversarial attacks for graph convolutional networks | Attack | Node Classification | GCN | PeerJ Computer Science | Link | |
| 2021 | A Hard Label Black-box Adversarial Attack Against Graph Neural Networks | Attack | Graph Classification | GNNs | CCS 2021 | Link | |
| 2021 | Single-Node Attack for Fooling Graph Neural Networks | Attack | Node Classification | GNNs | KDD 2021 Workshop | Link | Link |
| 2021 | Jointly Attacking Graph Neural Network and its Explanations | Attack | GNN Explanation | GNNEXPLAINER, PGExplainer | Arxiv | Link | |
| 2021 | The Robustness of Graph k-shell Structure under Adversarial Attacks | Attack | K-shell Value | K-shell Decomposition | Arxiv | Link | |
| 2021 | Poisoning Knowledge Graph Embeddings via Relation Inference Patterns | Attack | Knowledge Graph Embedding | Knowledge Graph Embedding Models | ACL 2021 | Link | Link |
| 2021 | Structack: Structure-based Adversarial Attacks on Graph Neural Networks | Attack | Node Classification | GCN | ACM Hypertext | Link | Link |
| 2021 | Optimal Edge Weight Perturbations to Attack Shortest Paths | Attack | Shortest Path | Shortest Path Algs | Arxiv | Link | |
| 2021 | Adversarial Attack on Graph Neural Networks as An Influence Maximization Problem | Attack | Node Classification | GNNs | Arxiv | Link | |
| 2021 | BinarizedAttack: Structural Poisoning Attacks to Graph-based Anomaly Detection | Attack | Anomaly Detection | Graph Anomaly Detection Algs | Arxiv | Link | |
| 2021 | TDGIA: Effective Injection Attacks on Graph Neural Networks | Attack | Node Classification | GNNs | KDD 2021 | Link | |
| 2021 | Graph Adversarial Attack via Rewiring | Attack | Node Classification | GCN | KDD 2021 | Link | |
| 2021 | Evaluating Graph Vulnerability and Robustness using TIGER | Attack | Robustness Measure | Robustness Measure | Arxiv | Link | Link |
| 2021 | Adversarial Attack Framework on Graph Embedding Models with Limited Knowledge | Attack | Node Classification | Graph Embedding Models | Arxiv | Link | |
| 2021 | Attacking Graph Neural Networks at Scale | Attack | Node Classification | GCN | AAAI 2021 Workshop | Link | |
| 2021 | Black-box Gradient Attack on Graph Neural Networks: Deeper Insights in Graph-based Attack and Defense | Attack | Node Classification | GNNs | Arxiv | Link | |
| 2021 | Enhancing Robustness and Resilience of Multiplex Networks Against Node-Community Cascading Failures | Attack | Complex Networks Robustness | Complex Networks | IEEE TSMC | Link | |
| 2021 | PATHATTACK: Attacking Shortest Paths in Complex Networks | Attack | Shortest Path | Shortest Path | Arxiv | Link | |
| 2021 | Universal Spectral Adversarial Attacks for Deformable Shapes | Attack | Shape Classification | ChebyNet, PointNet | CVPR 2021 | Link | |
| 2021 | Preserve, Promote, or Attack? GNN Explanation via Topology Perturbation | Attack | Object Detection | GNNs | Arxiv | Link | |
| 2021 | Towards Revealing Parallel Adversarial Attack on Politician Socialnet of Graph Structure | Attack | Node Classification | GCN | Security and Communication Networks | Link | |
| 2021 | Network Embedding Attack: An Euclidean Distance Based Method | Attack | Node Classification, Community Detection | Network Embedding Methods | MDATA | Link | |
| 2021 | Adversarial Attack on Network Embeddings via Supervised Network Poisoning | Attack | Node Classification, Link Prediction | DeepWalk, Node2vec, LINE, GCN | PAKDD 2021 | Link | Link |
| 2021 | GraphAttacker: A General Multi-Task Graph Attack Framework | Attack | Node Classification, Graph Classification, Link Prediction | GNNs | Arxiv | Link | |
| 2021 | Membership Inference Attack on Graph Neural Networks | Attack | Membership Inference | GNNs | Arxiv | Link |
Attack Papers 2020 [Back to Top]
| Year | Title | Type | Target Task | Target Model | Venue | Paper | Code |
|---|---|---|---|---|---|---|---|
| 2020 | Adversarial Label-Flipping Attack and Defense for Graph Neural Networks | Attack | Node Classification | GNNs | ICDM 2020 | Link | Link |
| 2020 | Exploratory Adversarial Attacks on Graph Neural Networks | Attack | Node Classification | GCN | ICDM 2020 | Link | Link |
| 2020 | A Targeted Universal Attack on Graph Convolutional Network | Attack | Node Classification | GCN | Arxiv | Link | Link |
| 2020 | Attacking Graph-Based Classification without Changing Existing Connections | Attack | Node Classification | Collective Classification Models | ACSAC 2020 | Link | |
| 2020 | Learning to Deceive Knowledge Graph Augmented Models via Targeted Perturbation | Attack | Commonsense Reasoning Recommender System | Knowledge Graph | ICLR 2021 | Link | Link |
| 2020 | One Vertex Attack on Graph Neural Networks-based Spatiotemporal Forecasting | Attack | Spatiotemporal Forecasting | GNNs | ICLR 2021 OpenReview | Link | |
| 2020 | Single-Node Attack for Fooling Graph Neural Networks | Attack | Node Classification | GNNs | ICLR 2021 OpenReview | Link | |
| 2020 | Black-Box Adversarial Attacks on Graph Neural Networks as An Influence Maximization Problem | Attack | Node Classification | GNNs | ICLR 2021 OpenReview | Link | |
| 2020 | Adversarial Attacks on Deep Graph Matching | Attack | Graph Matching | Deep Graph Matching Models | NeurIPS 2020 | Link | |
| 2020 | Towards More Practical Adversarial Attacks on Graph Neural Networks | Attack | Node Classification | GNNs | NeurIPS 2020 | Link | Link |
| 2020 | A Graph Matching Attack on Privacy-Preserving Record Linkage | Attack | Record Linkage | Rrivacy-preserving Record Linkage Methods | CIKM 2020 | Link | |
| 2020 | Adaptive Adversarial Attack on Graph Embedding via GAN | Attack | Node Classification | GCN, DeepWalk, LINE | SocialSec | Link | |
| 2020 | Scalable Adversarial Attack on Graph Neural Networks with Alternating Direction Method of Multipliers | Attack | Node Classification | GNNs | Arxiv | Link | |
| 2020 | Semantic-preserving Reinforcement Learning Attack Against Graph Neural Networks for Malware Detection | Attack | Malware Detection | GCN | Arxiv | Link | |
| 2020 | Adversarial Attack on Large Scale Graph | Attack | Node Classification | GNN | Arxiv | Link | |
| 2020 | Efficient Evasion Attacks to Graph Neural Networks via Influence Function | Attack | Node Classification | GNN | Arxiv | Link | |
| 2020 | Reinforcement Learning-based Black-Box Evasion Attacks to Link Prediction in Dynamic Graphs | Attack | Link Prediction | DyGCN | Arxiv | Link | |
| 2020 | Adversarial attack on BC classification for scale-free networks | Attack | Broido and Clauset classification | scale-free network | AIP Chaos | Link | |
| 2020 | Adversarial Attacks on Link Prediction Algorithms Based on Graph Neural Networks | Attack | Link Prediction | GNN | Asia CCS 2020 | Link | |
| 2020 | Practical Adversarial Attacks on Graph Neural Networks | Attack | Node Classification | GNN | ICML 2020 Workshop | Link | |
| 2020 | Link Prediction Adversarial Attack Via Iterative Gradient Attack | Attack | Link Prediction | GAE | IEEE TCSS | Link | |
| 2020 | An Efficient Adversarial Attack on Graph Structured Data | Attack | Node Classification | GCN | IJCAI 2020 Workshop | Link | |
| 2020 | Graph Backdoor | Attack | Node Classification Graph Classification | GNNs | USENIX Security 2021 | Link | |
| 2020 | Backdoor Attacks to Graph Neural Networks | Attack | Graph Classification | GNNs | Arxiv | Link | |
| 2020 | Robust Spammer Detection by Nash Reinforcement Learning | Attack | Fraud Detection | Graph-based Fraud Detector | KDD 2020 | Link | Link |
| 2020 | Adversarial Attacks on Graph Neural Networks: Perturbations and their Patterns | Attack | Node Classification | GNN | TKDD | Link | |
| 2020 | Adversarial Attack on Hierarchical Graph Pooling Neural Networks | Attack | Graph Classification | GNN | Arxiv | Link | |
| 2020 | Stealing Links from Graph Neural Networks | Attack | Inferring Link | GNNs | USENIX Security 2021 | Link | |
| 2020 | Scalable Attack on Graph Data by Injecting Vicious Nodes | Attack | Node Classification | GCN | ECML-PKDD 2020 | Link | |
| 2020 | Network disruption: maximizing disagreement and polarization in social networks | Attack | Manipulating Opinion | Graph Model, Social Network | Arxiv | Link | |
| 2020 | Adversarial Perturbations of Opinion Dynamics in Networks | Attack | Manipulating Opinion | Graph Model | Arxiv | Link | |
| 2020 | Non-target-specific Node Injection Attacks on Graph Neural Networks: A Hierarchical Reinforcement Learning Approach | Attack | Node Classification | GCN | WWW 2020 | Link | |
| 2020 | MGA: Momentum Gradient Attack on Network | Attack | Node Classification, Community Detection | GCN, DeepWalk, node2vec | Arxiv | Link | |
| 2020 | Indirect Adversarial Attacks via Poisoning Neighbors for Graph Convolutional Networks | Attack | Node Classification | GCN | BigData 2019 | Link | |
| 2020 | Graph Universal Adversarial Attacks: A Few Bad Actors Ruin Graph Learning Models | Attack | Node Classification | GCN | Arxiv | Link | Link |
| 2020 | Adversarial Attacks to Scale-Free Networks: Testing the Robustness of Physical Criteria | Attack | Network Structure | Physical Criteria | Arxiv | Link | |
| 2020 | Adversarial Attack on Community Detection by Hiding Individuals | Attack | Community Detection | GCN | WWW 2020 | Link | Link |
Attack Papers 2019 [Back to Top]
| Year | Title | Type | Target Task | Target Model | Venue | Paper | Code |
|---|---|---|---|---|---|---|---|
| 2019 | How Robust Are Graph Neural Networks to Structural Noise? | Attack | Node Structural Identity Prediction | GIN | Arxiv | Link | |
| 2019 | Time-aware Gradient Attack on Dynamic Network Link Prediction | Attack | Link Prediction | Dynamic Network Embedding Algs | Arxiv | Link | |
| 2019 | All You Need is Low (Rank): Defending Against Adversarial Attacks on Graphs | Attack | Node Classification | GCN, Tensor Embedding | WSDM 2020 | Link | Link |
| 2019 | αCyber: Enhancing Robustness of Android Malware Detection System against Adversarial Attacks on Heterogeneous Graph based Model | Attack | Malware Detection | HIN | CIKM 2019 | Link | |
| 2019 | A Unified Framework for Data Poisoning Attack to Graph-based Semi-supervised Learning | Attack | Semi-supervised Learning | Label Propagation | NeurIPS 2019 | Link | |
| 2019 | Manipulating Node Similarity Measures in Networks | Attack | Node Similarity | Node Similarity Measures | AAMAS 2020 | Link | |
| 2019 | Multiscale Evolutionary Perturbation Attack on Community Detection | Attack | Community Detection | Community Metrics | Arxiv | Link | |
| 2019 | Attacking Graph Convolutional Networks via Rewiring | Attack | Node Classification | GCN | Openreview | Link | |
| 2019 | Node Injection Attacks on Graphs via Reinforcement Learning | Attack | Node Classification | GCN | Arxiv | Link | |
| 2019 | A Restricted Black-box Adversarial Framework Towards Attacking Graph Embedding Models | Attack | Node Classification | GCN, SGC | AAAI 2020 | Link | Link |
| 2019 | Topology Attack and Defense for Graph Neural Networks: An Optimization Perspective | Attack | Node Classification | GNN | IJCAI 2019 | Link | Link |
| 2019 | Unsupervised Euclidean Distance Attack on Network Embedding | Attack | Node Embedding | GCN | Arxiv | Link | |
| 2019 | Generalizable Adversarial Attacks Using Generative Models | Attack | Node Classification | GCN | Arxiv | Link | |
| 2019 | Vertex Nomination, Consistent Estimation, and Adversarial Modification | Attack | Vertex Nomination | VN Scheme | Arxiv | Link | |
| 2019 | Data Poisoning Attack against Knowledge Graph Embedding | Attack | Fact Plausibility Prediction | TransE, TransR | IJCAI 2019 | Link | |
| 2019 | Adversarial Examples on Graph Data: Deep Insights into Attack and Defense | Attack | Node Classification | GCN | IJCAI 2019 | Link | Link |
| 2019 | Adversarial Attacks on Node Embeddings via Graph Poisoning | Attack | Node Classification, Community Detection | node2vec, DeepWalk, GCN, Spectral Embedding, Label Propagation | ICML 2019 | Link | Link |
| 2019 | Attacking Graph-based Classification via Manipulating the Graph Structure | Attack | Node Classification | Belief Propagation, GCN | CCS 2019 | Link | |
| 2019 | Adversarial Attacks on Graph Neural Networks via Meta Learning | Attack | Node Classification | GCN, CLN, DeepWalk | ICLR 2019 | Link | Link |
Attack Papers 2018 [Back to Top]
| Year | Title | Type | Target Task | Target Model | Venue | Paper | Code |
|---|---|---|---|---|---|---|---|
| 2018 | Poisoning Attacks to Graph-Based Recommender Systems | Attack | Recommender System | Graph-based Recommendation Algs | ACSAC 2018 | Link | |
| 2018 | GA Based Q-Attack on Community Detection | Attack | Community Detection | Modularity, Community Detection Alg | IEEE TCSS | Link | |
| 2018 | Data Poisoning Attack against Unsupervised Node Embedding Methods | Attack | Link Prediction | LINE, DeepWalk | Arxiv | Link | |
| 2018 | Attack Graph Convolutional Networks by Adding Fake Nodes | Attack | Node Classification | GCN | Arxiv | Link | |
| 2018 | Link Prediction Adversarial Attack | Attack | Link Prediction | GAE, GCN | Arxiv | Link | |
| 2018 | Attack Tolerance of Link Prediction Algorithms: How to Hide Your Relations in a Social Network | Attack | Link Prediction | Traditional Link Prediction Algs | Scientific Reports | Link | |
| 2018 | Attacking Similarity-Based Link Prediction in Social Networks | Attack | Link Prediction | local&global similarity metrics | AAMAS 2019 | Link | |
| 2018 | Fast Gradient Attack on Network Embedding | Attack | Node Classification | GCN | Arxiv | Link | |
| 2018 | Adversarial Attack on Graph Structured Data | Attack | Node Classification, Graph Classification | GNN, GCN | ICML 2018 | Link | Link |
| 2018 | Adversarial Attacks on Neural Networks for Graph Data | Attack | Node Classification | GCN | KDD 2018 | Link | Link |
| 2018 | Hiding individuals and communities in a social network | Attack | Community Detection | Community Detection Algs | Nature Human Behavior | Link | Link |
Attack Papers 2017 [Back to Top]
| Year | Title | Type | Target Task | Target Model | Venue | Paper | Code |
|---|---|---|---|---|---|---|---|
| 2017 | Practical Attacks Against Graph-based Clustering | Attack | Graph Clustering | SVD, node2vec, Community Detection Alg | CCS 2017 | Link | |
| 2017 | Adversarial Sets for Regularising Neural Link Predictors | Attack | Link Prediction | Knowledge Graph Embeddings | UAI 2017 | Link | Link |
Defense Papers 2023 [Back to Top]
| Year | Title | Type | Target Task | Target Model | Venue | Paper | Code |
|---|---|---|---|---|---|---|---|
| 2023 | Revisiting Robustness in Graph Machine Learning | Defense | Node Classification | GCN, SGC, APPNP, GAT, GATv2, GraphSAGE, LP | ICLR'23 | Link | Link |
| 2023 | Empowering Graph Representation Learning with Test-Time Graph Transformation | Defense | Node Classification | GCN | ICLR | Link | Link |
| 2023 | Adversarial Danger Identification on Temporally Dynamic Graph | Defense | Temporally Dynamic Graphs | Hybrid GNN-based time series classifier | IEEE Transactions on Neural Networks and Learning Systems | Link |
Defense Papers 2022 [Back to Top]
| Year | Title | Type | Target Task | Target Model | Venue | Paper | Code |
|---|---|---|---|---|---|---|---|
| 2022 | Privacy Protection for Marginal-Sensitive Community Individuals Against Adversarial Community Detection Attacks | Defense | Community Detection | DICE, Random Target Attack (RTA) | IEEE Transactions on Computational Social Systems | Link | |
| 2022 | DeepInsight: Topology Changes Assisting Detection of Adversarial Samples on Graphs | Defense | Node Classification | Two-layer GCNs | IEEE Transactions on Computational Social Systems | Link | |
| 2022 | ERGCN: Data enhancement-based robust graph convolutional network against adversarial attacks | Defense | Information Sciences | Node Classification | GCN/GCN-Jaccard/RGGCN/Pro-GNN/SimP-GCN/EGCN | Link | Link |
| 2022 | On the Vulnerability of Graph Learning based Collaborative Filtering | Defense | Graph Learning based Collaborative Filtering | NGCF/LightGCN | ACM Transactions on Information Systems | Link | |
| 2022 | FocusedCleaner: Sanitizing Poisoned Graphs for Robust GNN-based Node Classification | Defense | Node Classification | GNN-Jaccard/ProGNN/RGCN/MedianGNN/SimPGCN/GNNGUARD/ElasticGNN/AirGNNGASOLINE/maskGVAE | Arxiv | Link | |
| 2022 | Robust cross-network node classification via constrained graph mutual information | Defense | cross-network node classification | GNNs | Knowledge-Based Systems | Link | |
| 2022 | On the Robustness of Graph Neural Diffusion to Topology Perturbations | Defense | Node Classification | GAT, GraphSAGE, GIN, APPNP | arXiv preprint | Link | Link |
| 2022 | Defending Against Backdoor Attack on Graph Nerual Network by Explainability | Defense | graph classification task | GraphConv, GIN | arXiv | Link | |
| 2022 | Adversarial for Social Privacy: A Poisoning Strategy to Degrade User Identity Linkage | Defense | user identity linkage | GCNs | arXiv | Link | |
| 2022 | Towards an Optimal Asymmetric Graph Structure for Robust Semi-supervised Node Classification | Defense | semi-supervised node classification | GCN | KDD 2022 | Link | |
| 2022 | Reliable Representations Make A Stronger Defender: Unsupervised Structure Refinement for Robust GNN | Defense | Node Classification | GNNs | KDD 2022 | Link | |
| 2022 | Robust Graph Representation Learning for Local Corruption Recovery | Defense | Node Attribute Recovery | GNNs | ICML 2022 Workshop | Link | |
| 2022 | Appearance and Structure Aware Robust Deep Visual Graph Matching: Attack, Defense and Beyond | Defense | Graph Matching | Graph Matching Algs | CVPR 2022 | Link | Link |
| 2022 | Large-Scale Privacy-Preserving Network Embedding against Private Link Inference Attacks | Defense | Privacy Protection | Network Embedding Algs | Arxiv | Link | |
| 2022 | Detecting Topology Attacks against Graph Neural Networks | Defense | Node Classification | GNNs | Arxiv | Link | |
| 2022 | GUARD: Graph Universal Adversarial Defense | Defense | Node Classification | GNNs | Arxiv | Link | Link |
| 2022 | Robust Graph Neural Networks via Ensemble Learning | Defense | Node Classification | GNNs | Mathematics | Link | |
| 2022 | AN-GCN: An Anonymous Graph Convolutional Network Against Edge-Perturbing Attacks | Defense | Node Classification | GNNs | IEEE TNNLS | Link | |
| 2022 | Exploring High-Order Structure for Robust Graph Structure Learning | Defense | Node Classification | GNNs | Arxiv | Link | |
| 2022 | Defending Graph Convolutional Networks against Dynamic Graph Perturbations via Bayesian Self-supervision | Defense | Node Classification | GNNs | AAAI 2022 | Link | Link |
| 2022 | Graph alternate learning for robust graph neural networks in node classification | Defense | Node Classification | GNNs | Neural Computing and Applications | Link | |
| 2022 | Robust Heterogeneous Graph Neural Networks against Adversarial Attacks | Defense | Node Classification | Heterogeneous GNNs | AAAI 2022 | Link | |
| 2022 | How Does Bayesian Noisy Self-Supervision Defend Graph Convolutional Networks? | Defense | Node Classification | GNNs | Neural Processing Letters | Link | |
| 2022 | GARNET: Reduced-Rank Topology Learning for Robust and Scalable Graph Neural Networks | Defense | Node Classification | GNNs | Arxiv | Link | |
| 2022 | Mind Your Solver! On Adversarial Attack and Defense for Combinatorial Optimization | Defense | Combinatorial Optimization | Combinatorial Optimization Methods | Arxiv | Link | |
| 2022 | Unsupervised Adversarially Robust Representation Learning on Graphs | Defense | Node Classification, Link Prediction, Community Detection | GNNs | AAAI 2022 | Link |
Defense Papers 2021 [Back to Top]
| Year | Title | Type | Target Task | Target Model | Venue | Paper | Code |
|---|---|---|---|---|---|---|---|
| 2021 | Mind Your Solver! On Adversarial Attack and Defense for Combinatorial Optimization | Defense | Combinatorial Optimization | Combinatorial Optimization Methods | Arxiv | Link | |
| 2021 | Robust Graph Neural Networks via Probabilistic Lipschitz Constraints | Defense | Decentralized Control | GNNs | Arxiv | Link | |
| 2021 | Graph-based Adversarial Online Kernel Learning with Adaptive Embedding | Defense | Node Classification | Kernel Learning Models | ICDM 2021 | ||
| 2021 | Not All Low-Pass Filters are Robust in Graph Convolutional Networks | Defense | Node Classification | GCN | NeurIPS 2021 | Link | |
| 2021 | Graph Neural Networks with Adaptive Residual | Defense | Node Classification, Abnormal Features | GNNs | NeurIPS 2021 | Link | |
| 2021 | Generalization of Neural Combinatorial Solvers Through the Lens of Adversarial Robustness | Defense | Combinatorial Optimization | Combinatorial Solvers | NeurIPS 2021 | Link | |
| 2021 | Defending Graph Neural Networks via Tensor-Based Robust Graph Aggregation | Defense | Node Classification | GNNs | ICLR 2022 OpenReview | Link | |
| 2021 | Robust Graph Data Learning with Latent Graph Convolutional Representation | Defense | Node Classification, Node Clustering | GNNs | ICLR 2022 OpenReview | Link | |
| 2021 | Edge Rewiring Goes Neural: Boosting Network Resilience via Policy Gradient | Defense | Graph Resilience | GNNs | ICLR 2022 OpenReview | Link | |
| 2021 | On the Relationship between Heterophily and Robustness of Graph Neural Networks | Defense | Node Classification | GNNs | ICLR 2022 OpenReview | Link | |
| 2021 | A General Unified Graph Neural Network Framework Against Adversarial Attacks | Defense | Node Classification | GNNs | ICLR 2022 OpenReview | Link | |
| 2021 | Node Copying: A Random Graph Model for Effective Graph Sampling | Defense | Node Classification | GNNs | Signal Processing | Link | |
| 2021 | Node Feature Kernels Increase Graph Convolutional Robustness | Defense | Node Classification | GNNs | Arxiv | Link | Link |
| 2021 | Speedup Robust Graph Structure Learning with Low-Rank Information | Defense | Node Classification | GNNs | CIKM 2021 | Link | |
| 2021 | A Lightweight Metric Defence Strategy for Graph Neural Networks Against Poisoning Attacks | Defense | Node Classification | GNNs | ICICS 2021 | Link | Link |
| 2021 | CoG: a Two-View Co-training Framework for Defending Adversarial Attacks on Graph | Defense | Node Classification | GCN | Arxiv | Link | |
| 2021 | Robust Counterfactual Explanations on Graph Neural Networks | Defense | Link Prediction | Probabilistic Network Embedding Models | Arxiv | Link | |
| 2021 | Elastic Graph Neural Networks | Defense | Node classification | GNNs | ICML 2021 | Link | Link |
| 2021 | Expressive 1-Lipschitz Neural Networks for Robust Multiple Graph Learning against Adversarial Attacks | Defense | Graph Classification, Graph Matching | GNNs | ICML 2021 | Link | |
| 2021 | Integrated Defense for Resilient Graph Matching | Defense | Graph Matching | Graph Matching Algs | ICML 2021 | Link | |
| 2021 | NetFense: Adversarial Defenses against Privacy Attacks on Neural Networks for Graph Data | Defense | Privacy Protection | GNNs | TKDE | Link | |
| 2021 | Stability of graph convolutional neural networks to stochastic perturbations | Defense | Robustness Certification | GNNs | Signal Processing | Link | |
| 2021 | DeepInsight: Interpretability Assisting Detection of Adversarial Samples on Graphs | Defense | Node Classification | GNNs | Arxiv | Link | |
| 2021 | Improving Robustness of Graph Neural Networks with Heterophily-Inspired Designs | Defense | Node Classification | GNNs | Arxiv | Link | |
| 2021 | Understanding Structural Vulnerability in Graph Convolutional Networks | Defense | Node Classification | GNNs | IJCAI 2021 | Link | Link |
| 2021 | Certified Robustness of Graph Neural Networks against Adversarial Structural Perturbation | Defense | Robustness Certification | GNNs | KDD 2021 | Link | |
| 2021 | Unveiling Anomalous Nodes Via Random Sampling and Consensus on Graphs | Defense | Anomaly Detection | Anomaly Detection Algs | ICASSP 2021 | Link | |
| 2021 | Graph Sanitation with Application to Node Classification | Defense | Node Classification | GNNs | Arxiv | Link | |
| 2021 | Robust Network Alignment via Attack Signal Scaling and Adversarial Perturbation Elimination | Defense | Network Alignment | Network Alignment Algorithms | WWW 2021 | Link | |
| 2021 | Information Obfuscation of Graph Neural Networks | Defense | Recommender System, Knowledge Graph, Quantum Chemistry | GNNs | ICML 2021 | Link | Link |
| 2021 | Graph Embedding for Recommendation against Attribute Inference Attacks | Defense | Recommender System | GCN | WWW 2021 | Link | |
| 2021 | Spatio-Temporal Sparsification for General Robust Graph Convolution Networks | Defense | Node Classification | GCN | Arxiv | Link | |
| 2021 | Detection and Defense of Topological Adversarial Attacks on Graphs | Defense | Node Classification | GCN | AISTATS 2021 | Link | |
| 2021 | Robust graph convolutional networks with directional graph adversarial training | Defense | Node Classification | GCN | Applied Intelligence | Link | |
| 2021 | Interpretable Stability Bounds for Spectral Graph Filters | Defense | Robustness Certification | Spectral Graph Filter | Arxiv | Link | |
| 2021 | Personalized privacy protection in social networks through adversarial modeling | Defense | Privacy Protection | GCN | AAAI 2021 | Link | |
| 2021 | Node Similarity Preserving Graph Convolutional Networks | Defense | Node Classification | GNNs | WSDM 2021 | Link | Link |
Defense Papers 2020 [Back to Top]
| Year | Title | Type | Target Task | Target Model | Venue | Paper | Code |
|---|---|---|---|---|---|---|---|
| 2020 | Graph Stochastic Neural Networks for Semi-supervised Learning | Defense | Node Classification | GNNs | NeurIPS 2020 | Link | Link |
| 2020 | Smoothing Adversarial Training for GNN | Defense | Node Classification, Community Detection | GCN | IEEE TCSS | Link | |
| 2020 | Unsupervised Adversarially-Robust Representation Learning on Graphs | Defense | Node Classification | GNNs | Arxiv | Link | |
| 2020 | AANE: Anomaly Aware Network Embedding For Anomalous Link Detection | Defense | Node Classification | GNNs | ICDM 2020 | Link | |
| 2020 | Provably Robust Node Classification via Low-Pass Message Passing | Defense | Anomaly Detection | GNNs | ICDM 2020 | Link | |
| 2020 | Learning to Drop: Robust Graph Neural Network via Topological Denoising | Defense | Node Classification | GNNs | WSDM 2021 | Link | Link |
| 2020 | Robust Android Malware Detection Based on Attributed Heterogenous Graph Embedding | Defense | Malware Detection | Heterogeneous Information Network Embedding | FCS 2020 | Link | |
| 2020 | Adversarial Detection on Graph Structured Data | Defense | Graph Classification | GNNs | PPMLP 2020 | Link | |
| 2020 | On the Stability of Graph Convolutional Neural Networks under Edge Rewiring | Defense | Robustness Certification | GNNs | Arxiv | Link | |
| 2020 | Collective Robustness Certificates | Defense | Robustness Certification | GNNs | ICLR 2021 | Link | |
| 2020 | Towards Robust Graph Neural Networks against Label Noise | Defense | Node Classification | GNNs | ICLR 2021 OpenReview | Link | |
| 2020 | Certifying Robustness of Graph Laplacian Based Semi-Supervised Learning | Defense | Robustness Certification | GNNs | ICLR 2021 OpenReview | Link | |
| 2020 | Graph Adversarial Networks: Protecting Information against Adversarial Attacks | Defense | Node Attribute Inference | GNNs | ICLR 2021 OpenReview | Link | |
| 2020 | Ricci-GNN: Defending Against Structural Attacks Through a Geometric Approach | Defense | Node Classification | GNNs | ICLR 2021 OpenReview | Link | |
| 2020 | Graph Contrastive Learning with Augmentations | Defense | Node Classification | GNNs | NeurIPS 2020 | Link | Link |
| 2020 | Graph Information Bottleneck | Defense | Node Classification | GNNs | NeurIPS 2020 | Link | Link |
| 2020 | Certified Robustness of Graph Convolution Networks for Graph Classification under Topological Attacks | Defense | Graph Classification | GCN | NeurIPS 2020 | Link | Link |
| 2020 | Reliable Graph Neural Networks via Robust Aggregation | Defense | Node Classification | GNNs | NeurIPS 2020 | Link | Link |
| 2020 | Graph Random Neural Networks for Semi-Supervised Learning on Graphs | Defense | Node Classification | GCN | NeurIPS 2020 | Link | Link |
| 2020 | Variational Inference for Graph Convolutional Networks in the Absence of Graph Data and Adversarial Settings | Defense | Node Classification | GCN | NeurIPS 2020 | Link | Link |
| 2020 | GNNGuard: Defending Graph Neural Networks against Adversarial Attacks | Defense | Node Classification | GNNs | NeurIPS 2020 | Link | Link |
| 2020 | A Feature-Importance-Aware and Robust Aggregator for GCN | Defense | Node Classification Graph Classification | GNNs | CIKM 2020 | Link | Link |
| 2020 | Uncertainty-Matching Graph Neural Networks to Defend Against Poisoning Attacks | Defense | Node Classification | GNNs | AAAI 2021 | Link | |
| 2020 | Cross Entropy Attack on Deep Graph Infomax | Defense | Node Classification | DGI | IEEE ISCAS | Link | |
| 2020 | RoGAT: a robust GNN combined revised GAT with adjusted graphs | Defense | Node Classification | GNNs | Arxiv | Link | |
| 2020 | A Novel Defending Scheme for Graph-Based Classification Against Graph Structure Manipulating Attack | Defense | Node Classification | MRF | SocialSec | Link | |
| 2020 | Uncertainty-aware Attention Graph Neural Network for Defending Adversarial Attacks | Defense | Node Classification | GNNs | AAAI 2021 | Link | |
| 2020 | Certified Robustness of Graph Classification against Topology Attack with Randomized Smoothing | Defense | Graph Classification | GCB | IEEE GLOBECOM 2020 | Link | |
| 2020 | Adversarial Immunization for Improving Certifiable Robustness on Graphs | Defense | Node Classification | GNNs | WSDM 2021 | Link | |
| 2020 | Robust Collective Classification against Structural Attacks | Defense | Node Classification | Associative Markov Networks | UAI 2020 | Link | |
| 2020 | Enhancing Robustness of Graph Convolutional Networks via Dropping Graph Connections | Defense | Node Classification | GCN | Preprint | Link | |
| 2020 | Robust Training of Graph Convolutional Networks via Latent Perturbation | Defense | Node Classification | GCN | ECML-PKDD 2020 | Link | |
| 2020 | Backdoor Attacks to Graph Neural Networks | Defense | Graph Classification | GNNs | Arxiv | Link | |
| 2020 | DefenseVGAE: Defending against Adversarial Attacks on Graph Data via a Variational Graph Autoencoder | Defense | Node Classification | GNNs | Arxiv | Link | Link |
| 2020 | Robust Spammer Detection by Nash Reinforcement Learning | Defense | Fraud Detection | Graph-based Fraud Detector | KDD 2020 | Link | Link |
| 2020 | Certifiable Robustness of Graph Convolutional Networks under Structure Perturbations | Defense | Robustness Certification | GCN | KDD 2020 | Link | Link |
| 2020 | Efficient Robustness Certificates for Discrete Data: Sparsity-Aware Randomized Smoothing for Graphs, Images and More | Defense | Robustness Certification | GNN | ICML 2020 | Link | Link |
| 2020 | Robust Graph Representation Learning via Neural Sparsification | Defense | Node Classification | GNN | ICML 2020 | Link | |
| 2020 | Graph Structure Learning for Robust Graph Neural Networks | Defense | Node Classification | GCN | KDD 2020 | Link | Link |
| 2020 | GCN-Based User Representation Learning for Unifying Robust Recommendation and Fraudster Detection | Defense | Recommender System | GCN | SIGIR 2020 | Link | |
| 2020 | Anonymized GCN: A Novel Robust Graph Embedding Method via Hiding Node Position in Noise | Defense | Node Classification | GCN | Arxiv | Link | |
| 2020 | A Robust Hierarchical Graph Convolutional Network Model for Collaborative Filtering | Defense | Recommender System | GCN | Arxiv | Link | |
| 2020 | On The Stability of Polynomial Spectral Graph Filters | Defense | Graph Property | Spectral Graph Filter | ICASSP 2020 | Link | Link |
| 2020 | On the Robustness of Cascade Diffusion under Node Attacks | Defense | Influence Maximization | IC Model | WWW 2020 Workshop | Link | Link |
| 2020 | Friend or Faux: Graph-Based Early Detection of Fake Accounts on Social Networks | Defense | Fraud Detection | Graph-based Fraud Detectors | WWW 2020 | Link | |
| 2020 | Tensor Graph Convolutional Networks for Multi-relational and Robust Learning | Defense | Node Classification | GCN | Arxiv | Link | |
| 2020 | Adversary for Social Good: Protecting Familial Privacy through Joint Adversarial Attacks | Defense | Node Classification | Privacy Protection | AAAI 2020 | Link | |
| 2020 | Improving the Robustness of Wasserstein Embedding by Adversarial PAC-Bayesian Learning | Defense | Robustness Certification | Wasserstein Embedding | AAAI 2020 | Link | |
| 2020 | Adversarial Perturbations of Opinion Dynamics in Networks | Defense | Manipulating Opinion | Graph Model | Arxiv | Link | |
| 2020 | Topological Effects on Attacks Against Vertex Classification | Defense | Node Classification | GCN | Arxiv | Link | |
| 2020 | Towards an Efficient and General Framework of Robust Training for Graph Neural Networks | Defense | Node Classification | GCN | ICASSP 2020 | Link | |
| 2020 | Certified Robustness of Community Detection against Adversarial Structural Perturbation via Randomized Smoothing | Defense | Community Detection | Community Detection Algs | WWW 2020 | Link | |
| 2020 | Data Poisoning Attacks on Graph Convolutional Matrix Completion | Defense | Recommender System | GCMC | ICA3PP 2019 | Link |
Defense Papers 2019 [Back to Top]
| Year | Title | Type | Target Task | Target Model | Venue | Paper | Code |
|---|---|---|---|---|---|---|---|
| 2019 | How Robust Are Graph Neural Networks to Structural Noise? | Defense | Node Structural Identity Prediction | GIN | Arxiv | Link | |
| 2019 | GraphDefense: Towards Robust Graph Convolutional Networks | Defense | Node Classification | GCN | Arxiv | Link | |
| 2019 | All You Need is Low (Rank): Defending Against Adversarial Attacks on Graphs | Defense | Node Classification | GCN, Tensor Embedding | WSDM 2020 | Link | Link |
| 2019 | αCyber: Enhancing Robustness of Android Malware Detection System against Adversarial Attacks on Heterogeneous Graph based Model | Defense | Malware Detection | HIN | CIKM 2019 | Link | |
| 2019 | Edge Dithering for Robust Adaptive Graph Convolutional Networks | Defense | Node Classification | GCN | Arxiv | Link | |
| 2019 | GraphSAC: Detecting anomalies in large-scale graphs | Defense | Anomaly Detection | Anomaly Detection Algs | Arxiv | Link | |
| 2019 | Certifiable Robustness to Graph Perturbations | Defense | Robustness Certification | GNN | NeurIPS 2019 | Link | Link |
| 2019 | Power up! Robust Graph Convolutional Network based on Graph Powering | Defense | Node Classification | GCN | Openreview | Link | Link |
| 2019 | Adversarial Robustness of Similarity-Based Link Prediction | Defense | Link Prediction | Local Similarity Metrics | ICDM 2019 | Link | |
| 2019 | Adversarial Training Methods for Network Embedding | Defense | Node Classification | DeepWalk | WWW 2019 | Link | Link |
| 2019 | Transferring Robustness for Graph Neural Network Against Poisoning Attacks | Defense | Node Classification | GNN | WSDM 2020 | Link | Link |
| 2019 | Improving Robustness to Attacks Against Vertex Classification | Defense | Node Classification | GCN | KDD Workshop 2019 | Link | |
| 2019 | Target Defense Against Link-Prediction-Based Attacks via Evolutionary Perturbations | Defense | Link Prediction | Link Prediction Algs | TKDE | Link | |
| 2019 | Latent Adversarial Training of Graph Convolution Networks | Defense | Node Classification | GCN | LRGSD@ICML | Link | |
| 2019 | Certifiable Robustness and Robust Training for Graph Convolutional Networks | Defense | Robustness Certification | GCN | KDD 2019 | Link | Link |
| 2019 | Topology Attack and Defense for Graph Neural Networks: An Optimization Perspective | Defense | Node Classification | GNN | IJCAI 2019 | Link | Link |
| 2019 | Adversarial Examples on Graph Data: Deep Insights into Attack and Defense | Defense | Node Classification | GCN | IJCAI 2019 | Link | Link |
| 2019 | Adversarial Defense Framework for Graph Neural Network | Defense | Node Classification | GCN, GraphSAGE | Arxiv | Link | |
| 2019 | Investigating Robustness and Interpretability of Link Prediction via Adversarial Modifications | Defense | Link Prediction | Knowledge Graph Embedding | NAACL 2019 | Link | |
| 2019 | Robust Graph Convolutional Networks Against Adversarial Attacks | Defense | Node Classification | GCN | KDD 2019 | Link | Link |
| 2019 | Can Adversarial Network Attack be Defended? | Defense | Node Classification | GNN | Arxiv | Link | |
| 2019 | Virtual Adversarial Training on Graph Convolutional Networks in Node Classification | Defense | Node Classification | GCN | PRCV 2019 | Link | |
| 2019 | Batch Virtual Adversarial Training for Graph Convolutional Networks | Defense | Node Classification | GCN | LRGSD@ICML | Link | |
| 2019 | Comparing and Detecting Adversarial Attacks for Graph Deep Learning | Defense | Node Classification | GCN, GAT, Nettack | RLGM@ICLR 2019 | Link | |
| 2019 | Graph Adversarial Training: Dynamically Regularizing Based on Graph Structure | Defense | Node Classification | GCN | TKDE | Link | Link |
Defense Papers 2018 [Back to Top]
| Year | Title | Type | Target Task | Target Model | Venue | Paper | Code |
|---|---|---|---|---|---|---|---|
| 2018 | Characterizing Malicious Edges targeting on Graph Neural Networks | Defense | Detected Added Edges | GNN, GCN | OpenReview | Link | |
| 2018 | PeerNets: Exploiting Peer Wisdom Against Adversarial Attacks | Defense | Image Classification | LeNet, ResNet | ICLR 2019 | Link |