计算机工程与科学2025,Vol.47Issue(3):434-447,14.DOI:10.3969/j.issn.1007-130X.2025.03.006
RCGNN:图注入攻击下的图神经网络鲁棒性认证方法
RCGNN:Robustness certification for graph neural networks under graph injection attacks
摘要
Abstract
In recent years,graph neural network(GNN)has been widely applied in fields such as anomaly detection,recommendation systems,and biomedicine.Despite their excellent performance in specific tasks,many studies have shown that GNN is susceptible to adversarial perturbations.To miti-gate the vulnerability of GNN to adversarial examples,some researchers have proposed robustness certi-fication defense techniques against graph modification attacks,aiming to enhance the ability of GNN models to resist malicious perturbations in this scenario.However,the robustness analysis of node clas-sification models in the context of graph injection attack(GIA)has not been widely explored.Facing this challenge,we extend the sparse-aware randomized smoothing mechanism and design a robustness certification method,RCGNN,based on randomized smoothing for the GIA scenario.To align the noise perturbation space with GIA attack behaviors,we pre-inject malicious nodes and restrict perturbations near these nodes,and improve the noise perturbation function to increase the certification ratio and ex-pand the maximum certification radius.Comparative experiments on real datasets demonstrate that RCGNN can achieve robustness certification for node classification tasks in the GIA scenario,and it out-performs the sparse-aware randomized smoothing mechanism in terms of certification ratio and maxi-mum certification radius.关键词
图神经网络/节点分类/随机平滑/图注入攻击/鲁棒性认证Key words
graph neural network(GNN)/node classification/randomized smoothing/graph injection attack(GIA)/robustness certification分类
计算机与自动化引用本文复制引用
王煜恒,刘强,伍晓洁..RCGNN:图注入攻击下的图神经网络鲁棒性认证方法[J].计算机工程与科学,2025,47(3):434-447,14.基金项目
国家重点研发计划项目"科技创新2030"(2022ZD0209105) (2022ZD0209105)
