Pruning Graphs by Adversarial Robustness Evaluation to Strengthen GNN Defenses

• URL: http://arxiv.org/abs/2512.22128v1
• Date: Sat, 29 Nov 2025 20:15:54 GMT
• Title: Pruning Graphs by Adversarial Robustness Evaluation to Strengthen GNN Defenses
• Authors: Yongyu Wang,
• Abstract summary: Graph Neural Networks (GNNs) have emerged as a dominant paradigm for learning on graph-structured data.<n>In this work, we introduce a pruning framework that leverages adversarial robustness evaluation to explicitly identify and remove detrimental components of the graph.<n>By using robustness scores as guidance, our method selectively prunes edges that are most likely to degrade model reliability, thereby yielding cleaner and more resilient graph representations.
• Score: 1.066048003460524
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Graph Neural Networks (GNNs) have emerged as a dominant paradigm for learning on graph-structured data, thanks to their ability to jointly exploit node features and relational information encoded in the graph topology. This joint modeling, however, also introduces a critical weakness: perturbations or noise in either the structure or the features can be amplified through message passing, making GNNs highly vulnerable to adversarial attacks and spurious connections. In this work, we introduce a pruning framework that leverages adversarial robustness evaluation to explicitly identify and remove fragile or detrimental components of the graph. By using robustness scores as guidance, our method selectively prunes edges that are most likely to degrade model reliability, thereby yielding cleaner and more resilient graph representations. We instantiate this framework on three representative GNN architectures and conduct extensive experiments on benchmarks. The experimental results show that our approach can significantly enhance the defense capability of GNNs in the high-perturbation regime.

Related papers

• Unifying Adversarial Perturbation for Graph Neural Networks [46.74046710620528]
  This paper studies the vulnerability of Graph Neural Networks (GNNs) to adversarial attacks on node features and graph structure.<n>We propose PerturbEmbedding, that integrates adversarial perturbation and training, enhancing GNNs' resilience to such attacks.<n>We demonstrate that PerturbEmbedding significantly improves both the robustness and generalization abilities of GNNs, outperforming existing methods.
  arXiv  Detail & Related papers  (2025-08-30T06:53:36Z)
• On the Relationship Between Robustness and Expressivity of Graph Neural Networks [7.161966906570077]
  Graph Neural Networks (GNNs) are vulnerable to bit-flip attacks (BFAs)<n>We introduce an analytical framework to study the influence of architectural features, graph properties, and their interaction.<n>We derive theoretical bounds for the number of bit flips required to degrade GNN expressivity on a dataset.
  arXiv  Detail & Related papers  (2025-04-18T16:38:33Z)
• HGAttack: Transferable Heterogeneous Graph Adversarial Attack [63.35560741500611]
  Heterogeneous Graph Neural Networks (HGNNs) are increasingly recognized for their performance in areas like the web and e-commerce. This paper introduces HGAttack, the first dedicated gray box evasion attack method for heterogeneous graphs.
  arXiv  Detail & Related papers  (2024-01-18T12:47:13Z)
• Sparse but Strong: Crafting Adversarially Robust Graph Lottery Tickets [3.325501850627077]
  Graph Lottery Tickets (GLTs) can significantly reduce the inference latency and compute footprint compared to their dense counterparts. Despite these benefits, their performance against adversarial structure perturbations remains to be fully explored. We present an adversarially robust graph sparsification framework that prunes the adjacency matrix and the GNN weights.
  arXiv  Detail & Related papers  (2023-12-11T17:52:46Z)
• DEGREE: Decomposition Based Explanation For Graph Neural Networks [55.38873296761104]
  We propose DEGREE to provide a faithful explanation for GNN predictions. By decomposing the information generation and aggregation mechanism of GNNs, DEGREE allows tracking the contributions of specific components of the input graph to the final prediction. We also design a subgraph level interpretation algorithm to reveal complex interactions between graph nodes that are overlooked by previous methods.
  arXiv  Detail & Related papers  (2023-05-22T10:29:52Z)
• Resisting Graph Adversarial Attack via Cooperative Homophilous Augmentation [60.50994154879244]
  Recent studies show that Graph Neural Networks are vulnerable and easily fooled by small perturbations. In this work, we focus on the emerging but critical attack, namely, Graph Injection Attack. We propose a general defense framework CHAGNN against GIA through cooperative homophilous augmentation of graph data and model.
  arXiv  Detail & Related papers  (2022-11-15T11:44:31Z)
• Reliable Representations Make A Stronger Defender: Unsupervised Structure Refinement for Robust GNN [36.045702771828736]
  Graph Neural Networks (GNNs) have been successful on flourish tasks over graph data. Recent studies have shown that attackers can catastrophically degrade the performance of GNNs by maliciously modifying the graph structure. We propose an unsupervised pipeline, named STABLE, to optimize the graph structure.
  arXiv  Detail & Related papers  (2022-06-30T10:02:32Z)
• EvenNet: Ignoring Odd-Hop Neighbors Improves Robustness of Graph Neural Networks [51.42338058718487]
  Graph Neural Networks (GNNs) have received extensive research attention for their promising performance in graph machine learning. Existing approaches, such as GCN and GPRGNN, are not robust in the face of homophily changes on test graphs. We propose EvenNet, a spectral GNN corresponding to an even-polynomial graph filter.
  arXiv  Detail & Related papers  (2022-05-27T10:48:14Z)
• Uncertainty-Matching Graph Neural Networks to Defend Against Poisoning Attacks [43.60973654460398]
  Graph Neural Networks (GNNs) are generalizations of neural networks to graph-structured data. GNNs are vulnerable to adversarial attacks, i.e., a small perturbation to the structure can lead to a non-trivial performance degradation. We propose Uncertainty Matching GNN (UM-GNN), that is aimed at improving the robustness of GNN models.
  arXiv  Detail & Related papers  (2020-09-30T05:29:42Z)
• Information Obfuscation of Graph Neural Networks [96.8421624921384]
  We study the problem of protecting sensitive attributes by information obfuscation when learning with graph structured data. We propose a framework to locally filter out pre-determined sensitive attributes via adversarial training with the total variation and the Wasserstein distance.
  arXiv  Detail & Related papers  (2020-09-28T17:55:04Z)
• Graph Backdoor [53.70971502299977]
  We present GTA, the first backdoor attack on graph neural networks (GNNs) GTA departs in significant ways: it defines triggers as specific subgraphs, including both topological structures and descriptive features. It can be instantiated for both transductive (e.g., node classification) and inductive (e.g., graph classification) tasks.
  arXiv  Detail & Related papers  (2020-06-21T19:45:30Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.