Zhou Chenyu, Peng Yabin, Huang Wei, Miao Xinyuan, Cao Yi, Wang Xinghao, Kong Xianglong
School of Cyber Science and Engineering, Southeast University, Nanjing, China.
Purple Mountain Laboratories, Nanjing, China.
Neural Netw. 2025 Nov;191:107810. doi: 10.1016/j.neunet.2025.107810. Epub 2025 Jul 7.
Recent studies have shown that Graph Neural Networks (GNNs) are vulnerable to adversarial attacks. While various defense models have been proposed, they often fail to account for the variability in both data and attacks, limiting their effectiveness in dynamic environments. Therefore, we propose DERG, a dynamic ensemble learning model for robust GNNs, which leverages multiple graph data and dynamically changing submodels for defense. Specifically, we first propose the graph sampling strategy to purify the perturbed graph, and generate multiple subgraphs to simulate the various potential variations that may occur in the graph. Then, we propose the mutual information-based diversity enhancement strategy to increase the variability among submodels, ensuring that each submodel focuses on a distinct defense direction and avoids being deceived by the same attack. Finally, we propose the game theory-based decision strategy to dynamically assign weights to submodels, with the goal of selecting the optimal submodels for different scenarios and adapting to the changing environment. Experiments on widely used datasets demonstrate that DERG exhibits significant robustness against a wide range of attacks, including graph modification attacks, backdoor poisoning attacks, and double attacks.
最近的研究表明,图神经网络(GNNs)容易受到对抗性攻击。虽然已经提出了各种防御模型,但它们往往未能考虑数据和攻击中的变异性,限制了它们在动态环境中的有效性。因此,我们提出了DERG,一种用于健壮GNNs的动态集成学习模型,它利用多个图数据和动态变化的子模型进行防御。具体来说,我们首先提出图采样策略来净化受扰图,并生成多个子图以模拟图中可能出现的各种潜在变化。然后,我们提出基于互信息的多样性增强策略来增加子模型之间的变异性,确保每个子模型专注于不同的防御方向,并避免被相同的攻击欺骗。最后,我们提出基于博弈论的决策策略来动态地为子模型分配权重,目标是为不同场景选择最优子模型并适应不断变化的环境。在广泛使用的数据集上进行的实验表明,DERG对包括图修改攻击、后门中毒攻击和双重攻击在内的各种攻击都表现出显著的鲁棒性。
