A curated list of adversarial attacks and defenses papers on graph-structured data.
Papers are sorted by their uploaded dates in descending order.
If you feel this repo is helpful, please cite the survey below.
Adversarial Attack and Defense on Graph Data: A Survey
@article{sun2018adversarial,
title={Adversarial Attack and Defense on Graph Data: A Survey},
author={Sun, Lichao and Wang, Ji and Yu, Philip S and Li, Bo},
journal={arXiv preprint arXiv:1812.10528},
year={2018}
}
| Year | Title | Type | Target Task | Target Model | Venue | Link | Code |
|---|---|---|---|---|---|---|---|
| 2020 | Adversarial Perturbations of Opinion Dynamics in Networks | Attack | Manipulting Opinion | Graph Model | Arxiv | Link | |
| 2020 | Non-target-specific Node Injection Attacks on Graph Neural Networks: A Hierarchical Reinforcement Learning Approach | Attack | Node Classification | GCN | WWW 2020 | Link | |
| 2020 | MGA: Momentum Gradient Attack on Network | Attack | Node Classification, Community Detection | GCN, DeepWalk, node2vec | Arxiv | Link | |
| 2020 | Indirect Adversarial Attacks via Poisoning Neighbors for Graph Convolutional Networks | Attack | Node Classification | GCN | BigData 2019 | Link | |
| 2020 | Graph Universal Adversarial Attacks: A Few Bad Actors Ruin Graph Learning Models | Attack | Node Classification | GCN | Arxiv | Link | Link |
| 2020 | Adversarial Attacks to Scale-Free Networks: Testing the Robustness of Physical Criteria | Attack | Network Structure | Physical Criteria | Arxiv | Link | |
| 2020 | Adversarial Attack on Community Detection by Hiding Individuals | Attack | Community Detection | GCN | WWW 2020 | Link | |
| 2019 | Time-aware Gradient Attack on Dynamic Network Link Prediction | Attack | Link Prediction | Dynamic Network Embedding Algs | Arxiv | Link | |
| 2019 | Manipulating Node Similarity Measures in Networks | Attack | Node Similarity | Node Similarity Measures | AAMAS 2020 | Link | |
| 2019 | Multiscale Evolutionary Perturbation Attack on Community Detection | Attack | Community Detection | Community Metrics | Arxiv | Link | |
| 2019 | Attacking Graph Convolutional Networks via Rewiring | Attack | Node Classification | GCN | Openreview | Link | |
| 2019 | Node Injection Attacks on Graphs via Reinforcement Learning | Attack | Node Classification | GCN | Arxiv | Link | |
| 2019 | A Restricted Black-box Adversarial Framework Towards Attacking Graph Embedding Models | Attack | Node Classification | GCN, SGC | AAAI 2020 | Link | Link |
| 2019 | Topology Attack and Defense for Graph Neural Networks: An Optimization Perspective | Attack | Node Classification | GNN | IJCAI 2019 | Link | Link |
| 2019 | Unsupervised Euclidean Distance Attack on Network Embedding | Attack | Node Embedding | GCN | Arxiv | Link | |
| 2019 | Generalizable Adversarial Attacks Using Generative Models | Attack | Node Classification | GCN | Arxiv | Link | |
| 2019 | Vertex Nomination, Consistent Estimation, and Adversarial Modification | Attack | Vertex Nomination | VN Scheme | Arxiv | Link | |
| 2019 | Data Poisoning Attack against Knowledge Graph Embedding | Attack | Fact Plausibility Prediction | TransE, TransR | IJCAI 2019 | Link | |
| 2018 | Adversarial Attacks on Node Embeddings via Graph Poisoning | Attack | Node Classification, Community Detection | node2vec, DeepWalk, GCN, Spectral Embedding, Label Propagation | ICML 2019 | Link | Link |
| 2019 | Attacking Graph-based Classification via Manipulating the Graph Structure | Attack | Node Classification | Belief Propagation, GCN | CCS 2019 | Link | |
| 2019 | Adversarial Attacks on Graph Neural Networks via Meta Learning | Attack | Node Classification | GCN, CLN, DeepWalk | ICLR 2019 | Link | Link |
| 2018 | GA Based Q-Attack on Community Detection | Attack | Community Detection | Modularity, Community Detection Alg | IEEE TCSS | Link | |
| 2018 | Data Poisoning Attack against Unsupervised Node Embedding Methods | Attack | Link Prediction | LINE, DeepWalk | Arxiv | Link | |
| 2018 | Attack Graph Convolutional Networks by Adding Fake Nodes | Attack | Node Classification | GCN | Arxiv | Link | |
| 2018 | Link Prediction Adversarial Attack | Attack | Link Prediction | GAE, GCN | Arxiv | Link | |
| 2018 | Attack Tolerance of Link Prediction Algorithms: How to Hide Your Relations in a Social Network | Attack | Link Prediction | Traditional Link Prediction Algs | Scientific Reports | Link | |
| 2018 | Attacking Similarity-Based Link Prediction in Social Networks | Attack | Link Prediction | local&global similarity metrics | AAMAS 2019 | Link | |
| 2018 | Fast Gradient Attack on Network Embedding | Attack | Node Classification | GCN | Arxiv | Link | |
| 2018 | Adversarial Attack on Graph Structured Data | Attack | Node/Graph Classification | GNN, GCN | ICML 2018 | Link | Link |
| 2018 | Adversarial Attacks on Neural Networks for Graph Data | Attack | Node Classification | GCN | KDD 2018 | Link | Link |
| 2017 | Practical Attacks Against Graph-based Clustering | Attack | Graph Clustering | SVD, node2vec, Community Detection Alg | CCS 2017 | Link | |
| 2017 | Adversarial Sets for Regularising Neural Link Predictors | Attack | Link Prediction | Knowledge Graph Embeddings | UAI 2017 | Link | Link |
| Year | Title | Type | Target Task | Target Model | Venue | Link | Code |
|---|---|---|---|---|---|---|---|
| 2020 | Tensor Graph Convolutional Networks for Multi-relational and Robust Learning | Defense | Node Classification | GCN | Arxiv | Link | |
| 2020 | Topological Effects on Attacks Against Vertex Classification | Defense | Node Classification | GCN | Arxiv | Link | |
| 2020 | Certified Robustness of Community Detection against Adversarial Structural Perturbation via Randomized Smoothing | Defense | Community Detection | Community Detection Algs | WWW 2020 | Link | |
| 2019 | How Robust Are Graph Neural Networks to Structural Noise? | Defense | Node Structural Identity Prediction | GIN | Arxiv | Link | |
| 2019 | GraphDefense: Towards Robust Graph Convolutional Networks | Defense | Node Classification | GCN | Arxiv | Link | |
| 2019 | All You Need is Low (Rank): Defending Against Adversarial Attacks on Graphs | Defense | Node Classification | GCN, Tensor Embedding | WSDM 2020 | Link | Link |
| 2019 | αCyber: Enhancing Robustness of Android Malware Detection System against Adversarial Attacks on Heterogeneous Graph based Model | Defense | Malware Detection | HIN | CIKM 2019 | Link | |
| 2019 | Edge Dithering for Robust Adaptive Graph Convolutional Networks | Defense | Node Classification | GCN | Arxiv | Link | |
| 2019 | GraphSAC: Detecting anomalies in large-scale graphs | Defense | Anomaly Detection | Anomaly Detection Algs | Arxiv | Link | |
| 2019 | Certifiable Robustness to Graph Perturbations | Defense | Node Classification | GNN | NeurIPS 2019 | Link | Link |
| 2019 | Power up! Robust Graph Convolutional Network based on Graph Powering | Defense | Node Classification | GCN | Openreview | Link | Link |
| 2019 | Adversarial Robustness of Similarity-Based Link Prediction | Defense | Link Prediction | Local Similarity Metrics | ICDM 2019 | Link | |
| 2019 | Adversarial Training Methods for Network Embedding | Defense | Node Classification | DeepWalk | WWW | Link | Link |
| 2019 | Transferring Robustness for Graph Neural Network Against Poisoning Attacks | Defense | Node Classification | GNN | WSDM 2020 | Link | Link |
| 2019 | Improving Robustness to Attacks Against Vertex Classification | Defense | Node Classification | GCN | KDD Workshop 2019 | Link | |
| 2019 | Latent Adversarial Training of Graph Convolution Networks | Defense | Node Classification | GCN | LRGSD@ICML | Link | |
| 2019 | Certifiable Robustness and Robust Training for Graph Convolutional Networks | Defense | Node Classification | GCN | KDD 2019 | Link | Link |
| 2019 | Topology Attack and Defense for Graph Neural Networks: An Optimization Perspective | Defense | Node Classification | GNN | IJCAI 2019 | Link | Link |
| 2019 | Adversarial Examples on Graph Data: Deep Insights into Attack and Defense | Defense | Node Classification | GCN | IJCAI 2019 | Link | Link |
| 2019 | Adversarial Defense Framework for Graph Neural Network | Defense | Node Classification | GCN, GraphSAGE | Arxiv | Link | |
| 2019 | Investigating Robustness and Interpretability of Link Prediction via Adversarial Modifications | Defense | Link Prediction | Knowledge Graph Embedding | NAACL 2019 | Link | |
| 2019 | Robust Graph Convolutional Networks Against Adversarial Attacks | Defense | Node Classification | GCN | KDD 2019 | Link | Link |
| 2019 | Can Adversarial Network Attack be Defended? | Defense | Node Classification | GNN | Arxiv | Link | |
| 2019 | Virtual Adversarial Training on Graph Convolutional Networks in Node Classification | Defense | Node Classification | GCN | PRCV 2019 | Link | |
| 2019 | Batch Virtual Adversarial Training for Graph Convolutional Networks | Defense | Node Classification | GCN | LRGSD@ICML | Link | |
| 2019 | Comparing and Detecting Adversarial Attacks for Graph Deep Learning | Defense | Node Classification | GCN, GAT, Nettack | RLGM@ICLR 2019 | Link | |
| 2019 | Graph Adversarial Training: Dynamically Regularizing Based on Graph Structure | Defense | Node Classification | GCN | TKDE | Link | Link |
| 2018 | Characterizing Malicious Edges targeting on Graph Neural Networks | Defense | Detected Added Edges | GNN, GCN | OpenReview | Link | |
| 2017 | Adversarial Sets for Regularising Neural Link Predictors | Attack | Link Prediction | Knowledge Graph Embeddings | UAI 2017 | Link | Link |