Self-supervised Adversarial Purification for Graph Neural Networks

Download PDF

Woohyun Lee, Hogun Park

Published: 01 May 2025, Last Modified: 18 Jun 2025ICML 2025 posterEveryoneRevisionsBibTeXCC BY 4.0
Abstract: Defending Graph Neural Networks (GNNs) against adversarial attacks requires balancing accuracy and robustness, a trade-off often mishandled by traditional methods like adversarial training that intertwine these conflicting objectives within a single classifier. To overcome this limitation, we propose a self-supervised adversarial purification framework. We separate robustness from the classifier by introducing a dedicated purifier, which cleanses the input data before classification. In contrast to prior adversarial purification methods, we propose GPR-GAE, a novel graph auto-encoder (GAE), as a specialized purifier trained with a self-supervised strategy, adapting to diverse graph structures in a data-driven manner. Utilizing multiple Generalized PageRank (GPR) filters, GPR-GAE captures diverse structural representations for robust and effective purification. Our multi-step purification process further facilitates GPR-GAE to achieve precise graph recovery and robust defense against structural perturbations. Experiments across diverse datasets and attack scenarios demonstrate the state-of-the-art robustness of GPR-GAE, showcasing it as an independent plug-and-play purifier for GNN classifiers. Our code can be found in https://github.com/woodavid31/GPR-GAE.
Lay Summary: Graphs represent structures such as social networks or transportation systems. Graph Neural Networks (GNNs) are computational models that analyze these types of data. However, GNNs can easily be fooled by minor changes in a graph, even those unnoticeable to humans. Our work introduces a method called GPR-GAE, which corrects these changes before the model makes decisions. It employs a separate "cleaning" step that learns to restore the graph by examining data from multiple perspectives, capturing both local details and broader patterns without needing additional labels or human supervision. The graph is iteratively improved, providing the model with clearer, more reliable data. Our method performs well across various graph types and integrates easily with existing systems, contributing to the development of more trustworthy artificial intelligence.
Link To Code: https://github.com/woodavid31/GPR-GAE
Primary Area: Deep Learning->Robustness
Keywords: Self-supervised Learning, Adversarial Robustness, Graph Neural Networks, Adversarial Purification, Graph Auto Encoders
Submission Number: 4392