Robust Graph Neural Networks Against Adversarial Attacks via Jointly Adversarial Training

Graph neural networks (GNNs) are powerful tools for analyzing graph-structured data. However, recent studies have shown that GNNs are vulnerable to small but intentional perturbations of input features and graph structures in the node classification task. Existing researches focus on enhancing the robustness of GNNs for a single type of perturbation such as graph structure perturbation or node feature perturbation. An ideal graph neural networks model should be able to resist the two kinds of perturbations. For this purpose, we propose a new adversarial training method for graph-structured data named Graph Jointly Adversarial Training (GJAT) which incorporates Graph Structure Adversarial Training (GSAT) and Graph Feature Adversarial Training (GFAT) two components and can resist perturbations from the topological structure and node attribute. Extensive experimental results demonstrate that our proposed method combining two kinds of adversarial training strategies can effectively improve the robustness of graph convolutional networks (GCNs) which is an important subset of GNNs. Copyright (C) 2020 The Authors.