计算机科学与探索 ›› 2021, Vol. 15 ›› Issue (12): 2292-2303.DOI: 10.3778/j.issn.1673-9418.2105021

• 综述·探索 • 上一篇    下一篇

图对抗防御研究进展

李鹏辉,翟正利,冯舒   

  1. 青岛理工大学 信息与控制工程学院,山东 青岛 266525
  • 出版日期:2021-12-01 发布日期:2021-12-09

Research Progress of Adversarial Defenses on Graphs

LI Penghui, ZHAI Zhengli, FENG Shu   

  1. School of Information and Control Engineering, Qingdao University of Technology, Qingdao, Shandong 266525, China
  • Online:2021-12-01 Published:2021-12-09

摘要:

图神经网络(GNN)在多个领域的复杂任务中已经得到成功的应用,但研究表明其易受到对抗攻击而导致性能严重下降,这种脆弱性影响了包含节点分类、链路预测和社团探测在内的所有应用。图对抗攻击已经可以高效地实施,这带来了严重的安全隐患和隐私问题,图对抗防御致力于提高GNN的鲁棒性和泛化能力以抵御对抗攻击。综述了图对抗防御算法研究进展,首先,介绍了图对抗防御的背景和相关概念,并对图对抗防御研究发展脉络进行梳理和分析。然后,根据防御算法的不同防御策略将算法分为四类,包括攻击检测、对抗训练、可认证鲁棒性以及免疫防御,对每类防御算法原理进行分析总结。在此基础上,分析了每种防御算法的原理和实现,并从防御策略、目标任务、优缺点和实验数据等方面对典型算法进行全面的比较。最后,通过对现有图对抗防御算法全面、系统的分析,对防御算法当前存在的问题及未来发展方向进行了总结和探讨,为图对抗防御进一步的发展提供帮助。

关键词: 图数据, 图神经网络(GNN), 图对抗防御

Abstract:

Graph neural networks (GNN) have been successfully applied in complex tasks in many fields, but recent studies show that GNN is vulnerable to graph adversarial attacks, leading to severe performance degradation. The vulnerability of GNN affects all applications including node classification, link prediction and community detection. Graph adversarial attacks can be implemented efficiently, which brings serious security risks and privacy issues. Graph adversarial defense is dedicated to improving the robustness and generalization of GNN to resist adversarial attacks. Research progress of graph adversarial defense algorithm is reviewed. First, the work background and related concepts of graph adversarial defense are introduced, and the development process of graph adversarial defense is analyzed. Then, according to different defense strategies of the defense algorithm, the algorithms are divided into four categories, including attack detection, adversarial training, robustness certification and immu-nologic defense and the strategies of each type of defense algorithm are summarized. Furthermore, the principles and implementation of defense algorithm are analyzed, and typical algorithms are compared in terms of defense strategies, target task, advantages, disadvantages and experiments. Finally, through a comprehensive and systematic analysis of the existing graph adversarial defense algorithm, the problems and developing directions of the defense algorithm are summarized to provide help for further development of graph adversarial defense.

Key words: graph data, graph neural networks (GNN), graph adversarial defense