{"id":13842579,"url":"https://github.com/ChandlerBang/awesome-graph-attack-papers","last_synced_at":"2025-07-11T15:32:09.597Z","repository":{"id":107603201,"uuid":"201849410","full_name":"ChandlerBang/awesome-graph-attack-papers","owner":"ChandlerBang","description":"Adversarial attacks and defenses on Graph Neural Networks.","archived":false,"fork":false,"pushed_at":"2024-02-22T02:19:50.000Z","size":93,"stargazers_count":381,"open_issues_count":3,"forks_count":32,"subscribers_count":20,"default_branch":"master","last_synced_at":"2025-06-20T22:05:17.442Z","etag":null,"topics":["adversarial-attacks","adversarial-examples","awesome","awesome-list","deep-learning","defense","graph","graph-neural-networks","literature-review","machine-learning","robustness"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"cc0-1.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ChandlerBang.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2019-08-12T03:14:25.000Z","updated_at":"2025-06-15T02:11:06.000Z","dependencies_parsed_at":"2024-01-12T10:26:20.635Z","dependency_job_id":"7af2ad91-d728-4af5-9385-25dee572eeee","html_url":"https://github.com/ChandlerBang/awesome-graph-attack-papers","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/ChandlerBang/awesome-graph-attack-papers","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ChandlerBang%2Fawesome-graph-attack-papers","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ChandlerBang%2Fawesome-graph-attack-papers/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ChandlerBang%2Fawesome-graph-attack-papers/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ChandlerBang%2Fawesome-graph-attack-papers/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ChandlerBang","download_url":"https://codeload.github.com/ChandlerBang/awesome-graph-attack-papers/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ChandlerBang%2Fawesome-graph-attack-papers/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264841056,"owners_count":23671812,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["adversarial-attacks","adversarial-examples","awesome","awesome-list","deep-learning","defense","graph","graph-neural-networks","literature-review","machine-learning","robustness"],"created_at":"2024-08-04T17:01:40.235Z","updated_at":"2025-07-11T15:32:09.505Z","avatar_url":"https://github.com/ChandlerBang.png","language":null,"funding_links":[],"categories":["Others (1002)","图对抗攻击","Other Lists","2016","Others"],"sub_categories":["网络服务_其他","TeX Lists"],"readme":"# Awesome Graph Attack and Defense Papers\n[![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome)\n[![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg?style=flat-square)](http://makeapullrequest.com)\n\nThis repository aims to provide links to works about adversarial attacks and defenses on graph data or GNN (Graph Neural Networks).\n\u003cdiv align=center\u003e\u003cimg src=\"https://github.com/DSE-MSU/DeepRobust/blob/master/adversary_examples/graph_attack_example.png\" width=\"500\" /\u003e\u003c/div\u003e\n\nIf you find this repo helpful, we would really appreciate it if you could cite our survey.\n```\n@article{10.1145/3447556.3447566,\nauthor = {Jin, Wei and Li, Yaxing and Xu, Han and Wang, Yiqi and Ji, Shuiwang and Aggarwal, Charu and Tang, Jiliang},\ntitle = {Adversarial Attacks and Defenses on Graphs},\nyear = {2021},\npublisher = {Association for Computing Machinery},\njournal = {SIGKDD Explor. Newsl.},\npages = {19–34},\nnumpages = {16}\n}\n\n```\n\n\n### Contents\n\n* [1. Survey Papers](#1-survey-papers)\n* [2. Attack Papers](#2-attack-papers) (classified according to attack goal)\n\t* [2.1 Targeted Attack](#21-targeted-attack)\n\t* [2.2 Untargeted Attack](#22-untargeted-attack) \n\t* [2.3 Attacks on Combinatorial Problems](#23-attacks-on-combinatorial-problems)\n* [3. Defense Papers](#3-defense-papers)\n* [4. Certified Robustness Papers](#4-certified-robustness-papers)\n\n## 0. Toolbox\nGithub Repository: **DeepRobust** ([https://github.com/DSE-MSU/DeepRobust](https://github.com/DSE-MSU/DeepRobust))\n\nCorresponding paper: **DeepRobust: A PyTorch Library for Adversarial Attacks and Defenses.** [[paper]](https://arxiv.org/abs/2005.06149)[[documentation]](https://deeprobust.readthedocs.io/en/latest/)\n\n## 1. Survey Papers\n1. **Adversarial Attacks and Defenses on Graphs: A Review and Empirical Study.**\n   *Wei Jin, Yaxin Li, Han Xu, Yiqi Wang, Shuiwang Ji, Charu C Aggarwal, Jiliang Tang.*  SIGKDD Explorations 2020. [[paper]](https://arxiv.org/abs/2003.00653) [[code]](https://github.com/DSE-MSU/DeepRobust/)\n1. **A Survey of Adversarial Learning on Graphs.**\n*Liang Chen, Jintang Li, Jiaying Peng, Tao Xie, Zengxu Cao, Kun Xu, Xiangnan He, Zibin Zheng.* arxiv, 2020. [[paper]](https://arxiv.org/abs/2003.05730)\n1. **Adversarial Attacks and Defenses in Images, Graphs and Text: A Review.**\n   *Han Xu, Yao Ma, Haochen Liu, Debayan Deb, Hui Liu, Jiliang Tang, Anil K. Jain.* arxiv, 2019. [[paper]](https://arxiv.org/pdf/1909.08072.pdf)\n1. **Adversarial Attack and Defense on Graph Data: A Survey.**\n*Lichao Sun, Ji Wang, Philip S. Yu, Bo Li.* arviv 2018. [[paper]](https://arxiv.org/pdf/1812.10528.pdf) \n\n## 2. Attack Papers\n### 2.1 Targeted Attack\n1. **Are Defenses for Graph Neural Networks Robust?** NeurIPS 2022. [[paper]](https://www.cs.cit.tum.de/daml/are-gnn-defenses-robust/) [[code]](http://github.com/LoadingByte/are-gnn-defenses-robust)\n1. **Transferable Graph Backdoor Attack.**  RAID 2022. [[paper]](https://arxiv.org/abs/2207.00425)\n1. **Robustness of Graph Neural Networks at Scale.** NeurIPS 2021. [[paper]](https://www.in.tum.de/daml/robustness-of-gnns-at-scale/) [[code]](https://github.com/sigeisler/robustness_of_gnns_at_scale)\n1. **Learning to Deceive Knowledge Graph Augmented Models via Targeted Perturbation.** ICLR 2021. [[paper]](https://arxiv.org/abs/2010.12872)[[code]](https://github.com/INK-USC/deceive-KG-models)\n1. **Adversarial Attacks on Deep Graph Matching.** NeurIPS 2020. [[paper]](https://papers.nips.cc/paper/2020/file/ef126722e64e98d1c33933783e52eafc-Paper.pdf)\n1. **Adversarial Attack on Large Scale Graph.** arxiv 2020. [[paper]](https://arxiv.org/pdf/2009.03488.pdf)\n1. **Efficient Evasion Attacks to Graph Neural Networks via Influence Function.** arxiv 2020. [[paper]](https://arxiv.org/abs/2009.00203)\n1. **Graph Backdoor.**\n  *Zhaohan Xi, Ren Pang, Shouling Ji, Ting Wang.* arxiv 2020. [[paper]](https://arxiv.org/abs/2006.11890)\n1. **Attacking Black-box Recommendations via Copying Cross-domain User Profiles.** \n   *Wenqi Fan, Tyler Derr, Xiangyu Zhao, Yao Ma, Hui Liu, Jianping Wang, Jiliang Tang, Qing Li.* arxiv 2020. [[paper]](https://arxiv.org/abs/2005.08147)\n1. **Scalable Attack on Graph Data by Injecting Vicious Nodes.** \n*Jihong Wang, Minnan Luo, Fnu Suya, Jundong Li, Zijiang Yang, Qinghua Zheng.* arxiv 2020. [[paper]](https://arxiv.org/pdf/2004.14734.pdf)\n1. **Adversarial Attacks to Scale-Free Networks: Testing the Robustness of Physical Criteria.**\n*Jason Gaitonde, Jon Kleinberg, Eva Tardos.* arxiv 2020. [[paper]](https://arxiv.org/pdf/2002.01249.pdf)\n1. **MGA: Momentum Gradient Attack on Network.**\n*Jinyin Chen, Yixian Chen, Haibin Zheng, Shijing Shen, Shanqing Yu, Dan Zhang, Qi Xuan.* arxiv 2020. [[paper]](https://arxiv.org/pdf/2002.11320.pdf)\n1. **Graph Universal Adversarial Attacks: A Few Bad Actors Ruin Graph Learning Models.** \n   *Xiao Zang, Yi Xie, Jie Chen, Bo Yuan.* arxiv, 2020. [[paper]](https://arxiv.org/abs/2002.04784)\n1. **Time-aware Gradient Attack on Dynamic Network Link Prediction.** \n   *Jinyin Chen, Jian Zhang, Zhi Chen, Min Du, Feifei Li, Qi Xuan.* arxiv 2019. [[paper]](https://arxiv.org/pdf/1911.10561.pdf)\n1. **Multiscale Evolutionary Perturbation Attack on Community Detection.** \n   *Jinyin Chen, Yixian Chen, Lihong Chen, Minghao Zhao, and Qi Xuan.* arxiv 2019. [[paper]](https://arxiv.org/pdf/1910.09741.pdf)\n1. **Adversarial Examples on Graph Data: Deep Insights into Attack and Defense.**\n   *Huijun Wu, Chen Wang, Yuriy Tyshetskiy, Andrew Docherty, Kai Lu, Liming Zhu.* IJCAI 2019. [[paper]](https://arxiv.org/pdf/1903.01610.pdf) [[code]](https://github.com/DSE-MSU/DeepRobust)\n1. **Data Poisoning Attack against Knowledge Graph Embedding.**\n*Hengtong Zhang, Tianhang Zheng, Jing Gao, Chenglin Miao, Lu Su, Yaliang Li, Kui Ren.* IJCAI 2019. [[paper]](https://arxiv.org/pdf/1904.12052.pdf)\n1. **Attacking Graph-based Classification via Manipulating the Graph Structure.**\n*Binghui Wang, Neil Zhenqiang Gong.* CCS 2019. [[paper]](https://arxiv.org/pdf/1903.00553.pdf)\n1. **A Restricted Black-box Adversarial Framework Towards Attacking Graph Embedding Models.** \n   *Heng Chang, Yu Rong, Tingyang Xu, Wenbing Huang, Honglei Zhang, Peng Cui, Wenwu Zhu, Junzhou Huang.* AAAI 2020. [[paper]](https://arxiv.org/pdf/1908.01297.pdf) [[code]](https://github.com/SwiftieH/GFAttack)\n1. **Adversarial Attacks on Node Embeddings via Graph Poisoning.** \n   *Aleksandar Bojchevski, Stephan Günnemann.* ICML 2019. [[paper]](https://arxiv.org/pdf/1809.01093.pdf) [[code]](https://github.com/abojchevski/node_embedding_attack)\n1. **Adversarial Attack on Graph Structured Data.**\n   *Hanjun Dai, Hui Li, Tian Tian, Xin Huang, Lin Wang, Jun Zhu, Le Song.* ICML 2018. [[paper]](https://arxiv.org/pdf/1806.02371.pdf) [[code]](https://github.com/Hanjun-Dai/graph_adversarial_attack)\n1. **Fast Gradient Attack on Network Embedding.**\n*Jinyin Chen, Yangyang Wu, Xuanheng Xu, Yixian Chen, Haibin Zheng, Qi Xuan.* arxiv 2018. [[paper]](https://arxiv.org/pdf/1809.02797.pdf) [[code]](https://github.com/DSE-MSU/DeepRobust)\n1. **Adversarial Attacks on Neural Networks for Graph Data.**\n   *Daniel Zügner, Amir Akbarnejad, Stephan Günnemann.*  KDD 2018. [[paper]](https://arxiv.org/pdf/1805.07984.pdf) [[code]](https://github.com/danielzuegner/nettack)\n\n### 2.2 Untargeted Attack\n1. **Are Defenses for Graph Neural Networks Robust?** NeurIPS 2022. [[paper]](https://www.cs.cit.tum.de/daml/are-gnn-defenses-robust/) [[code]](http://github.com/LoadingByte/are-gnn-defenses-robust)\n1. **Robustness of Graph Neural Networks at Scale.** NeurIPS 2021. [[paper]](https://www.in.tum.de/daml/robustness-of-gnns-at-scale/) [[code]](https://github.com/sigeisler/robustness_of_gnns_at_scale)\n1. **Attacking Graph Neural Networks at Scale.** \n   *Simon Geisler, Daniel Zügner, Aleksandar Bojchevski, Stephan Günnemann.* AAAI workshop 2021. [[paper]](https://www.dropbox.com/s/ddrwoswpz3wwx40/Robust_GNNs_at_Scale__AAAI_Workshop_2020_CameraReady.pdf?dl=0)\n1. **Towards More Practical Adversarial Attacks on Graph Neural Networks.**\n   *Jiaqi Ma, Shuangrui Ding, Qiaozhu Mei.*  NeurIPS 2020. [[paper]](https://arxiv.org/abs/2006.05057) [[code]](https://github.com/Mark12Ding/GNN-Practical-Attack)\n1. **Backdoor Attacks to Graph Neural Networks.**\n  *Zaixi Zhang, Jinyuan Jia, Binghui Wang, Neil Zhenqiang Gong.* arxiv 2020. [paper](https://arxiv.org/abs/2006.11165)\n1. **Adversarial Attack on Hierarchical Graph Pooling Neural Networks.** \n   *Haoteng Tang, Guixiang Ma, Yurong Chen, Lei Guo, Wei Wang, Bo Zeng, Liang Zhan.* arxiv 2020. [[paper]](https://arxiv.org/abs/2005.11560)\n1. **Non-target-specific Node Injection Attacks on Graph Neural Networks: A Hierarchical Reinforcement Learning Approach.** \n   *Yiwei Sun, Suhang Wang, Xianfeng Tang, Tsung-Yu Hsieh, Vasant Honavar.* WWW 2020. [[paper]](https://arxiv.org/pdf/1909.06543.pdf)\n1. **A Unified Framework for Data Poisoning Attack to Graph-based Semi-supervised Learning.** \n   *Xuanqing Liu, Si Si, Xiaojin(Jerry) Zhu, Yang Li, Cho-Jui Hsieh.* NeurIPS 2019. [[paper]](https://arxiv.org/pdf/1910.14147.pdf)\n1. **Adversarial Examples on Graph Data: Deep Insights into Attack and Defense.**\n   *Huijun Wu, Chen Wang, Yuriy Tyshetskiy, Andrew Docherty, Kai Lu, Liming Zhu.* IJCAI 2019. [[paper]](https://arxiv.org/pdf/1903.01610.pdf) [[code]](https://github.com/DSE-MSU/DeepRobust)\n1. **Topology Attack and Defense for Graph Neural Networks: An Optimization Perspective.** \n   *Kaidi Xu, Hongge Chen, Sijia Liu, Pin-Yu Chen, Tsui-Wei Weng, Mingyi Hong, Xue Lin.* IJCAI 2019. [[paper]](https://arxiv.org/pdf/1906.04214.pdf) [[code]](https://github.com/KaidiXu/GCN_ADV_Train)\n1. **Adversarial Attacks on Node Embeddings via Graph Poisoning.** \n   *Aleksandar Bojchevski, Stephan Günnemann.* ICML 2019. [[paper]](https://arxiv.org/pdf/1809.01093.pdf) [[code]](https://github.com/abojchevski/node_embedding_attack)\n1. **Adversarial Attacks on Graph Neural Networks via Meta Learning.**\n   *Daniel Zugner, Stephan Gunnemann.* ICLR 2019. [[paper]](https://openreview.net/pdf?id=Bylnx209YX) [[code]](https://github.com/danielzuegner/gnn-meta-attack)\n1. **Attacking Graph Convolutional Networks via Rewiring.**\n   *Yao Ma, Suhang Wang, Lingfei Wu, Jiliang Tang.*  arxiv 2019. [[paper]](https://arxiv.org/pdf/1906.03750.pdf)\n\n### 2.3 Attacks on Combinatorial Problems\n1. **Generalization of Neural Combinatorial Solvers Through the Lens of Adversarial Robustness.** arXiv 2021. [[paper]](https://arxiv.org/abs/2110.10942)\n\n## 3. Defense Papers\n1. **Empowering Graph Representation Learning with Test-Time Graph Transformation.** ICLR 2023 [[paper]](https://openreview.net/forum?id=Lnxl5pr018) [[code]](https://github.com/ChandlerBang/GTrans)\n1. **GARNET: Reduced-Rank Topology Learning for Robust and Scalable Graph Neural Networks.** LoG 2022 [[paper]](https://openreview.net/forum?id=kvwWjYQtmw) [[code]](https://github.com/cornell-zhang/GARNET)\n1. **Robustness of Graph Neural Networks at Scale.** NeurIPS 2021. [[paper]](https://www.in.tum.de/daml/robustness-of-gnns-at-scale/) [[code]](https://github.com/sigeisler/robustness_of_gnns_at_scale)\n1. **Elastic Graph Neural Networks.** ICML 2021. [[paper]](http://proceedings.mlr.press/v139/liu21k.html) [[code]](https://github.com/lxiaorui/ElasticGNN)\n1. **Expressive 1-Lipschitz Neural Networks for Robust Multiple Graph Learning against Adversarial Attacks.** ICML 2021. [[paper]](http://proceedings.mlr.press/v139/zhao21e/zhao21e.pdf)\n1. **Integrated Defense for Resilient Graph Matching.** ICML 2021. [[paper]](http://proceedings.mlr.press/v139/ren21c/ren21c.pdf) \n3. **Node Similarity Preserving Graph Convolutional Networks.** WSDM 2021. [[paper]](https://arxiv.org/abs/2011.09643) [[code]](https://github.com/ChandlerBang/SimP-GCN)\n4. **GNNGuard: Defending Graph Neural Networks against Adversarial Attacks.** NeurIPS 2020. [[paper]](https://arxiv.org/abs/2006.08149)\n5. **Graph Contrastive Learning with Augmentations.** NeurIPS 2020. [[paper]](https://arxiv.org/abs/2010.13902) [[code]](https://github.com/Shen-Lab/GraphCL)\n6. **Graph Information Bottleneck.** NeurIPS 2020. [[paper]](https://arxiv.org/abs/2010.12811) [[code]](https://github.com/snap-stanford/GIB)\n7. **Variational Inference for Graph Convolutional Networks in the Absence of Graph Data and Adversarial Settings.** NeurIPS 2020. [[paper]](https://arxiv.org/abs/1906.01852) [[code]](https://github.com/ebonilla/VGCN)\n8. **Reliable Graph Neural Networks via Robust Aggregation.** NeurIPS 2020. [[paper]](https://arxiv.org/abs/2010.15651) [[code]](https://github.com/sigeisler/reliable_gnn_via_robust_aggregation)\n9. **Graph Structure Learning for Robust Graph Neural Networks.**\n*Wei Jin, Yao Ma, Xiaorui Liu, Xianfeng Tang, Suhang Wang, Jiliang Tang*. KDD 2020. [[paper]](https://arxiv.org/abs/2005.10203) [[code]](https://github.com/ChandlerBang/Pro-GNN)\n1. **Robust Detection of Adaptive Spammers by Nash Reinforcement Learning.** KDD 2020. [[paper]](https://arxiv.org/abs/2006.06069) [[code]](https://github.com/YingtongDou/Nash-Detect)\n1. **Robust Graph Representation Learning via Neural Sparsification.** ICML 2020. [[paper]](https://proceedings.icml.cc/static/paper_files/icml/2020/2611-Paper.pdf)\n1. **Robust Collective Classification against Structural Attacks.**\n   *Kai Zhou, Yevgeniy Vorobeychik.* UAI 2020. [[paper]](http://www.auai.org/uai2020/proceedings/119_main_paper.pdf)\n1. **EDoG: Adversarial Edge Detection For Graph Neural Networks.** [[paper]](https://www.osti.gov/servlets/purl/1631086)\n1. **A Robust Hierarchical Graph Convolutional Network Model for Collaborative Filtering.**\n*Shaowen Peng, Tsunenori Mine.* arxiv 2020. [[paper]](https://arxiv.org/pdf/2004.14734.pdf)\n1. **Tensor Graph Convolutional Networks for Multi-relational and Robust Learning.**\n*Vassilis N. Ioannidis, Antonio G. Marques, Georgios B. Giannakis.* arxiv 2020. [[paper]](https://arxiv.org/pdf/2003.07729.pdf)\n1. **Topological Effects on Attacks Against Vertex Classification.**\n*Benjamin A. Miller, Mustafa Çamurcu, Alexander J. Gomez, Kevin Chan, Tina Eliassi-Rad.* arxiv 2020. [[paper]](https://arxiv.org/pdf/2003.05822.pdf)\n1. **Towards an Efficient and General Framework of Robust Training for Graph Neural Networks.**\n*Kaidi Xu, Sijia Liu, Pin-Yu Chen, Mengshu Sun, Caiwen Ding, Bhavya Kailkhura, Xue Lin.* arxiv 2020. [[paper]](https://arxiv.org/pdf/2002.10947.pdf)\n1. **How Robust Are Graph Neural Networks to Structural Noise?**\n*James Fox, Sivasankaran Rajamanickam.* arxiv 2020. [[paper]](https://arxiv.org/pdf/1912.10206.pdf)\n1. **GraphDefense: Towards Robust Graph Convolutional Networks.**\n   *Xiaoyun Wang, Xuanqing Liu, Cho-Jui Hsieh.*  arxiv 2019. [[paper]](https://arxiv.org/pdf/1911.04429v1.pdf)\n1. **All You Need is Low (Rank): Defending Against Adversarial Attacks on Graphs.**\n   *Negin Entezari, Saba Al-Sayouri, Amirali Darvishzadeh, and Evangelos E. Papalexakis.*  WSDM 2020. [[paper]](https://dl.acm.org/doi/pdf/10.1145/3336191.3371789?download=true) [[code]](https://github.com/DSE-MSU/DeepRobust/)\n1. **Graph Adversarial Training: Dynamically Regularizing Based on Graph Structure**\n   *Fuli Feng, Xiangnan He, Jie Tang, Tat-Seng Chua.*  TKDE 2019. [[paper]](https://arxiv.org/pdf/1902.08226.pdf)\n1. **Edge Dithering for Robust Adaptive Graph Convolutional Networks.**\n   *Vassilis N. Ioannidis, Georgios B. Giannakis.*  arxiv 2019. [[paper]](https://arxiv.org/pdf/1910.09590.pdf)   \n1. **GraphSAC: Detecting anomalies in large-scale graphs.**\n   *Vassilis N. Ioannidis, Dimitris Berberidis, Georgios B. Giannakis.* arxiv 2019. [[paper]](https://arxiv.org/pdf/1910.09589.pdf)\n1. **Robust Graph Neural Network Against Poisoning Attacks via Transfer Learning.**\n   *Xianfeng Tang, Yandong Li, Yiwei Sun, Huaxiu Yao, Prasenjit Mitra, Suhang Wang.*  WSDM 2020. [[paper]](https://arxiv.org/pdf/1908.07558.pdf)\n1. **Robust Graph Convolutional Networks Against Adversarial Attacks.**\n   *Dingyuan Zhu, Ziwei Zhang, Peng Cui, Wenwu Zhu.*  KDD 2019. [[paper]](http://pengcui.thumedialab.com/papers/RGCN.pdf) \n1. **Adversarial Examples on Graph Data: Deep Insights into Attack and Defense.**\n   *Huijun Wu, Chen Wang, Yuriy Tyshetskiy, Andrew Docherty, Kai Lu, Liming Zhu.*   IJCAI 2019. [[paper]](https://arxiv.org/pdf/1903.01610.pdf) [[code]](https://github.com/DSE-MSU/DeepRobust)\n1. **Topology Attack and Defense for Graph Neural Networks: An Optimization Perspective.**\n   *Kaidi Xu, Hongge Chen, Sijia Liu, Pin-Yu Chen, Tsui-Wei Weng, Mingyi Hong, Xue Lin.*  IJCAI 2019. [[paper]](https://arxiv.org/pdf/1906.04214.pdf) [[code]](https://github.com/KaidiXu/GCN_ADV_Train)\n1. **Power up! Robust Graph Convolutional Network against Evasion Attacks based on Graph Powering.**\n   *Ming Jin, Heng Chang, Wenwu Zhu, Somayeh Sojoudi.*  arxiv 2019. [[paper]](https://arxiv.org/abs/1905.10029)\n1. **Latent Adversarial Training of Graph Convolution Networks.**\n   *Hongwei Jin, Xinhua Zhang.*  ICML 2019 workshop. [[paper]](https://graphreason.github.io/papers/35.pdf)\n1. **Batch Virtual Adversarial Training for Graph Convolutional Networks.**\n   *Zhijie Deng, Yinpeng Dong, Jun Zhu.*  ICML 2019 Workshop. [[paper]](https://arxiv.org/pdf/1902.09192.pdf)\n1. **Graph Adversarial Training: Dynamically Regularizing Based on Graph Structure.**\n   *Fuli Feng, Xiangnan He, Jie Tang, Tat-Seng Chua.*   arXiv, 2019. [[paper]](https://arxiv.org/pdf/1902.08226.pdf)\n\n## 4. Certified Robustness Papers\n1. **Certified Robustness of Graph Convolution Networks for Graph Classification under Topological Attacks.** NeurIPS 2020. [[paper]](https://arxiv.org/abs/2009.05872) [[code]](https://github.com/RobustGraph/RoboGraph)\n1. **Adversarial Immunization for Improving Certifiable Robustness on Graphs.** Arxiv 2020. [[paper]](https://arxiv.org/abs/2007.09647)\n1. **Certified Robustness of Graph Neural Networks against Adversarial Structural Perturbation.** Arxiv 2020. [[paper]](https://arxiv.org/abs/2008.10715)\n1. **Efficient Robustness Certificates for Graph Neural Networks via Sparsity-Aware Randomized Smoothing.** ICML 2020. [[paper]](https://proceedings.icml.cc/static/paper_files/icml/2020/6890-Paper.pdf) [[code]](https://github.com/abojchevski/sparse_smoothing)\n1. **Certifiable Robustness of Graph Convolutional Networks under Structure Perturbations.** KDD 2020. [[paper]](https://dl.acm.org/doi/abs/10.1145/3394486.3403217) [[code]](https://github.com/danielzuegner/robust-gcn-structure)\n1. **Certified Robustness of Community Detection against Adversarial Structural Perturbation via Randomized Smoothing.**\n*Jinyuan Jia, Binghui Wang, Xiaoyu Cao, Neil Zhenqiang Gong.* WWW 2020. [[paper]](https://arxiv.org/pdf/2002.03421.pdf)\n1. **Certifiable Robustness to Graph Perturbations.**\n   *Aleksandar Bojchevski, Stephan Günnemann.*  NeurIPS 2019. [[paper]](https://arxiv.org/pdf/1910.14356.pdf)[[code]](https://github.com/abojchevski/graph_cert)\n1. **Certifiable Robustness and Robust Training for Graph Convolutional Networks.**\n   *Daniel Zügner Stephan Günnemann.*  KDD 2019. [[paper]](https://arxiv.org/pdf/1906.12269.pdf) [[code]](https://github.com/danielzuegner/robust-gcn)\n    \n### Relevant Workshops\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FChandlerBang%2Fawesome-graph-attack-papers","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FChandlerBang%2Fawesome-graph-attack-papers","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FChandlerBang%2Fawesome-graph-attack-papers/lists"}