Fixed-point graph convolutional networks against adversarial attacks

Adversarial attacks present a significant risk to the integrity and performance of graph neural networks, particularly in tasks where graph structure and node features are vulnerable to manipulation. In this paper, we present a novel model, called fixed-point iterative graph convolutional network (Fix-GCN), which achieves robustness against adversarial perturbations by effectively capturing higher-order node neighborhood information in the graph without additional memory or computational complexity. Specifically, we introduce a versatile spectral modulation filter and derive the feature propagation rule of our model using fixed-point iteration. Unlike traditional defense mechanisms that rely on additional design elements to counteract attacks, the proposed graph filter provides a flexible-pass filtering approach, allowing it to selectively attenuate high-frequency components while preserving low-frequency structural information in the graph signal. By iteratively updating node representations, our model offers a flexible and efficient framework for preserving essential graph information while mitigating the impact of adversarial manipulation. We demonstrate the effectiveness of the proposed model through extensive experiments on various benchmark graph datasets, showcasing its resilience against adversarial attacks.

Key Contributions

• A spectral modulation filter that selectively attenuates high-frequency adversarial perturbations while preserving low-frequency graph structural information
• A fixed-point iterative aggregation mechanism that captures higher-order neighborhood information without additional memory or computational complexity
• Empirical demonstration of robustness against diverse adversarial attacks (Nettack, Mettack) across benchmark graph datasets, outperforming competitive baselines

🛡️ Threat Analysis

Details

Similar Papers