{"id":19979279,"url":"https://github.com/edisonleeeee/graph-adversarial-learning","last_synced_at":"2025-05-04T04:32:46.264Z","repository":{"id":37457170,"uuid":"198984224","full_name":"EdisonLeeeee/Graph-Adversarial-Learning","owner":"EdisonLeeeee","description":"A curated collection of adversarial attack and defense on graph data.","archived":false,"fork":false,"pushed_at":"2023-11-07T14:38:25.000Z","size":4172,"stargazers_count":537,"open_issues_count":0,"forks_count":80,"subscribers_count":24,"default_branch":"master","last_synced_at":"2024-08-15T16:10:25.161Z","etag":null,"topics":["adversarial-attack","awesome","defense","graph-adversarial-learning","graph-data","machine-learning","resources","semi-supervised-learning","survey"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/EdisonLeeeee.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2019-07-26T09:03:36.000Z","updated_at":"2024-08-13T07:21:30.000Z","dependencies_parsed_at":"2023-11-07T15:47:32.198Z","dependency_job_id":null,"html_url":"https://github.com/EdisonLeeeee/Graph-Adversarial-Learning","commit_stats":null,"previous_names":["gitgiter/graph-adversarial-learning"],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EdisonLeeeee%2FGraph-Adversarial-Learning","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EdisonLeeeee%2FGraph-Adversarial-Learning/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EdisonLeeeee%2FGraph-Adversarial-Learning/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EdisonLeeeee%2FGraph-Adversarial-Learning/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/EdisonLeeeee","download_url":"https://codeload.github.com/EdisonLeeeee/Graph-Adversarial-Learning/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":224385196,"owners_count":17302442,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["adversarial-attack","awesome","defense","graph-adversarial-learning","graph-data","machine-learning","resources","semi-supervised-learning","survey"],"created_at":"2024-11-13T03:37:23.955Z","updated_at":"2024-11-13T03:37:24.686Z","avatar_url":"https://github.com/EdisonLeeeee.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ⚔🛡 Awesome Graph Adversarial Learning\r\n\u003cimg src=\"https://img.shields.io/badge/Contributions-Welcome-278ea5\" alt=\"Contrib\"/\u003e \u003cimg src=\"https://img.shields.io/badge/Number%20of%20Papers-416-FF6F00\" alt=\"PaperNum\"/\u003e\r\n\r\n\u003ca class=\"toc\" id=\"table-of-contents\"\u003e\u003c/a\u003e\r\n- [⚔🛡 Awesome Graph Adversarial Learning](#-awesome-graph-adversarial-learning)\r\n- [👀Quick Look](#quick-look)\r\n- [⚔Attack](#attack)\r\n  - [2023](#2023)\r\n  - [2022](#2022)\r\n  - [2021](#2021)\r\n  - [2020](#2020)\r\n  - [2019](#2019)\r\n  - [2018](#2018)\r\n  - [2017](#2017)\r\n- [🛡Defense](#defense)\r\n  - [2023](#2023-1)\r\n  - [2022](#2022-1)\r\n  - [2021](#2021-1)\r\n  - [2020](#2020-1)\r\n  - [2019](#2019-1)\r\n  - [2018](#2018-1)\r\n  - [2017](#2017-1)\r\n- [🔐Certification](#certification)\r\n- [⚖Stability](#stability)\r\n- [🚀Others](#others)\r\n- [📃Survey](#survey)\r\n- [⚙Toolbox](#toolbox)\r\n- [🔗Resource](#resource)\r\n\r\n\u003cimg width =500 height =300 src=\"imgs/wordcloud.png\" \u003e\r\n\r\nThis repository contains Attack-related papers, Defense-related papers, Robustness Certification papers, etc., ranging from 2017 to 2021. \r\nIf you find this repo useful, please cite:\r\n*A Survey of Adversarial Learning on Graph, arXiv'20*, [Link](https://arxiv.org/abs/2003.05730)\r\n\r\n```bibtex\r\n@article{chen2020survey,\r\n  title={A Survey of Adversarial Learning on Graph},\r\n  author={Chen, Liang and Li, Jintang and Peng, Jiaying and Xie, \r\n        Tao and Cao, Zengxu and Xu, Kun and He, \r\n        Xiangnan and Zheng, Zibin and Wu, Bingzhe},\r\n  journal={arXiv preprint arXiv:2003.05730},\r\n  year={2020}\r\n}\r\n```\r\n\r\n# 👀Quick Look\r\n\r\nThe papers in this repo are categorized or sorted:\r\n\r\n| [By Alphabet](Categorized/alphabet.md) | [By Year](Categorized/year.md) | [By Venue](Categorized/venue.md) | [Papers with Code](Categorized/papers_with_code.md) |\r\n\r\nIf you want to get a quick look at the recently updated papers in the repository (in 30 days), you can refer to [📍this](Categorized/recent.md).\r\n\r\n\r\n# ⚔Attack\r\n\r\n## 2023\r\n[💨 Back to Top](#table-of-contents)\r\n+ **Revisiting Graph Adversarial Attack and Defense From a Data Distribution Perspective**, *[📝ICLR](https://openreview.net/forum?id=dSYoPjM5J_W)*, *[:octocat:Code](https://github.com/likuanppd/STRG)*\r\n+ **Let Graph be the Go Board: Gradient-free Node Injection Attack for Graph Neural Networks via Reinforcement Learning**, *[📝AAAI](https://arxiv.org/abs/2211.10782)*, *[:octocat:Code](https://github.com/jumxglhf/G2A2C)*\r\n+ **GUAP: Graph Universal Attack Through Adversarial Patching**, *[📝arXiv](https://arxiv.org/abs/2301.01731)*, *[:octocat:Code](https://anonymous.4open.science/r/ffd4fad9-367f-4a2a-bc65-1a7fe23d9d7f/)*\r\n+ **Node Injection for Class-specific Network Poisoning**, *[📝arXiv](https://arxiv.org/abs/2301.12277)*, *[:octocat:Code](https://github.com/rahulk207/nicki)*\r\n+ **Unnoticeable Backdoor Attacks on Graph Neural Networks**, *[📝WWW](https://arxiv.org/abs/2303.01263)*, *[:octocat:Code](https://github.com/ventr1c/UGBA)*\r\n+ **A semantic backdoor attack against Graph Convolutional Networks**, *[📝arXiv](https://arxiv.org/abs/2302.14353)*\r\n\r\n## 2022\r\n[💨 Back to Top](#table-of-contents)\r\n\r\n+ **Adversarial Attack on Graph Neural Networks as An Influence Maximization Problem**, *[📝WSDM](https://arxiv.org/abs/2106.10785)*, *[:octocat:Code](https://github.com/TheaperDeng/GNN-Attack-InfMax)*\r\n+ **Inference Attacks Against Graph Neural Networks**, *[📝USENIX Security](https://arxiv.org/abs/2110.02631)*, *[:octocat:Code](https://github.com/Zhangzhk0819/GNN-Embedding-Leaks)*\r\n+ **Model Stealing Attacks Against Inductive Graph Neural Networks**, *[📝IEEE Symposium on Security and Privacy](https://arxiv.org/abs/2112.08331)*, *[:octocat:Code](https://github.com/xinleihe/GNNStealing)*\r\n+ **Unsupervised Graph Poisoning Attack via Contrastive Loss Back-propagation**, *[📝WWW](https://arxiv.org/abs/2201.07986)*, *[:octocat:Code](https://github.com/RinneSz/CLGA)*\r\n+ **Neighboring Backdoor Attacks on Graph Convolutional Network**, *[📝arXiv](https://arxiv.org/abs/2201.06202)*, *[:octocat:Code](https://github.com/EdisonLeeeee/GraphWar)*\r\n+ **Understanding and Improving Graph Injection Attack by Promoting Unnoticeability**, *[📝ICLR](https://openreview.net/forum?id=wkMG8cdvh7-)*, *[:octocat:Code](https://github.com/LFhase/GIA-HAO)*\r\n+ **Blindfolded Attackers Still Threatening: Strict Black-Box Adversarial Attacks on Graphs**, *[📝AAAI](https://arxiv.org/abs/2012.06757)*, *[:octocat:Code](https://github.com/galina0217/stack)*\r\n+ **More is Better (Mostly): On the Backdoor Attacks in Federated Graph Neural Networks**, *[📝arXiv](https://arxiv.org/abs/2202.03195)*\r\n+ **Black-box Node Injection Attack for Graph Neural Networks**, *[📝arXiv](https://arxiv.org/abs/2202.09389)*, *[:octocat:Code](https://github.com/jumxglhf/GA2C)*\r\n+ **Interpretable and Effective Reinforcement Learning for Attacking against Graph-based Rumor Detection**, *[📝arXiv](https://arxiv.org/abs/2201.05819)*\r\n+ **Projective Ranking-based GNN Evasion Attacks**, *[📝arXiv](https://arxiv.org/abs/2202.12993)*\r\n+ **GAP: Differentially Private Graph Neural Networks with Aggregation Perturbation**, *[📝arXiv](https://arxiv.org/abs/2203.00949)*\r\n+ **Model Extraction Attacks on Graph Neural Networks: Taxonomy and Realization**, *[📝Asia CCS](https://arxiv.org/abs/2010.12751)*, *[:octocat:Code](https://github.com/TrustworthyGNN/MEA-GNN)*\r\n+ **Bandits for Structure Perturbation-based Black-box Attacks to Graph Neural Networks with Theoretical Guarantees**, *[📝CVPR](https://arxiv.org/abs/2205.03546)*, *[:octocat:Code](https://github.com/Metaoblivion/Bandit_GNN_Attack)*\r\n+ **Transferable Graph Backdoor Attack**, *[📝RAID](https://arxiv.org/abs/2207.00425)*, *[:octocat:Code](https://github.com/Metaoblivion/Bandit_GNN_Attack)*\r\n+ **Adversarial Robustness of Graph-based Anomaly Detection**, *[📝arXiv](https://arxiv.org/abs/2206.08260)*\r\n+ **Label specificity attack: Change your label as I want**, *[📝IJIS](https://onlinelibrary.wiley.com/doi/full/10.1002/int.22902)*\r\n+ **AdverSparse: An Adversarial Attack Framework for Deep Spatial-Temporal Graph Neural Networks**, *[📝ICASSP](https://ieeexplore.ieee.org/abstract/document/9747850)*\r\n+ **Surrogate Representation Learning with Isometric Mapping for Gray-box Graph Adversarial Attacks**, *[📝WSDM](https://dl.acm.org/doi/10.1145/3488560.3498481)*\r\n+ **Cluster Attack: Query-based Adversarial Attacks on Graphs with Graph-Dependent Priors**, *[📝IJCAI](https://arxiv.org/abs/2109.13069)*, *[:octocat:Code](https://github.com/thuwzy/Cluster-Attack)*\r\n+ **Label-Only Membership Inference Attack against Node-Level Graph Neural NetworksCluster Attack: Query-based Adversarial Attacks on Graphs with Graph-Dependent Priors**, *[📝arXiv](https://arxiv.org/abs/2207.13766)*\r\n+ **Adversarial Camouflage for Node Injection Attack on Graphs**, *[📝arXiv](https://arxiv.org/abs/2208.01819)*\r\n+ **Are Gradients on Graph Structure Reliable in Gray-box Attacks?**, *[📝CIKM](https://arxiv.org/abs/2208.05514)*, *[:octocat:Code](https://github.com/Zihan-Liu-00/AtkSE)*\r\n+ **Adversarial Camouflage for Node Injection Attack on Graphs**, *[📝arXiv](https://arxiv.org/abs/2208.01819)*\r\n+ **Graph Structural Attack by Perturbing Spectral Distance**, *[📝KDD](https://dl.acm.org/doi/abs/10.1145/3534678.3539435)*\r\n+ **What Does the Gradient Tell When Attacking the Graph Structure**, *[📝arXiv](https://arxiv.org/abs/2208.12815)*\r\n+ **BinarizedAttack: Structural Poisoning Attacks to Graph-based Anomaly Detection**, *[📝ICDM](https://arxiv.org/abs/2106.09989)*, *[:octocat:Code](https://github.com/zhuyulin-tony/BinarizedAttack)*\r\n+ **Model Inversion Attacks against Graph Neural Networks**, *[📝TKDE](https://arxiv.org/abs/2209.07807)*\r\n+ **Sparse Vicious Attacks on Graph Neural Networks**, *[📝arXiv](https://arxiv.org/abs/2209.09688)*, *[:octocat:Code](https://github.com/GiovanniTRA/SAVAGE)*\r\n+ **Poisoning GNN-based Recommender Systems with Generative Surrogate-based Attacks**, *[📝ACM TIS](https://dl.acm.org/doi/abs/10.1145/3567420)*\r\n+ **Dealing with the unevenness: deeper insights in graph-based attack and defense**, *[📝Machine Learning](https://link.springer.com/article/10.1007/s10994-022-06234-4)*\r\n+ **Membership Inference Attacks Against Robust Graph Neural Network**, *[📝CSS](https://link.springer.com/chapter/10.1007/978-3-031-18067-5_19)*\r\n+ **Adversarial Inter-Group Link Injection Degrades the Fairness of Graph Neural Networks**, *[📝ICDM](https://arxiv.org/abs/2209.05957)*, *[:octocat:Code](https://github.com/mengcao327/attack-gnn-fairness)*\r\n+ **Revisiting Item Promotion in GNN-based Collaborative Filtering: A Masked Targeted Topological Attack Perspective**, *[📝arXiv](https://arxiv.org/abs/2208.09979)*\r\n+ **Link-Backdoor: Backdoor Attack on Link Prediction via Node Injection**, *[📝arXiv](https://arxiv.org/abs/2208.06776)*, *[:octocat:Code](https://github.com/Seaocn/Link-Backdoor)*\r\n+ **Private Graph Extraction via Feature Explanations**, *[📝arXiv](https://arxiv.org/abs/2206.14724)*\r\n+ **Towards Secrecy-Aware Attacks Against Trust Prediction in Signed Graphs**, *[📝arXiv](https://arxiv.org/abs/2206.13104)*\r\n+ **Camouflaged Poisoning Attack on Graph Neural Networks**, *[📝ICDM](https://dl.acm.org/doi/abs/10.1145/3512527.3531373)*\r\n+ **LOKI: A Practical Data Poisoning Attack Framework against Next Item Recommendations**, *[📝TKDE](https://ieeexplore.ieee.org/abstract/document/9806383)*\r\n+ **Adversarial for Social Privacy: A Poisoning Strategy to Degrade User Identity Linkage**, *[📝arXiv](https://arxiv.org/abs/2209.00269)*\r\n+ **Exploratory Adversarial Attacks on Graph Neural Networks for Semi-Supervised Node Classification**, *[📝Pattern Recognition](https://www.sciencedirect.com/science/article/pii/S0031320322005222)*\r\n+ **GANI: Global Attacks on Graph Neural Networks via Imperceptible Node Injections**, *[📝arXiv](https://arxiv.org/abs/2210.12598)*, *[:octocat:Code](https://github.com/alexfanjn/GANI)*\r\n+ **Motif-Backdoor: Rethinking the Backdoor Attack on Graph Neural Networks via Motifs**, *[📝arXiv](https://arxiv.org/abs/2210.13710)*\r\n+ **Are Defenses for Graph Neural Networks Robust?**, *[📝NeurIPS](https://publications.cispa.saarland/3812/1/are_defenses_for_graph_neural_networks_robust.pdf)*, *[:octocat:Code](https://www.cs.cit.tum.de/daml/are-gnn-defenses-robust/)*\r\n+ **Adversarial Label Poisoning Attack on Graph Neural Networks via Label Propagation**, *[📝ECCV](https://www.ecva.net/papers/eccv_2022/papers_ECCV/papers/136650223.pdf)*\r\n+ **Imperceptible Adversarial Attacks on Discrete-Time Dynamic Graph Models**, *[📝NeurIPS](https://openreview.net/forum?id=YMrdoXP3x_A)*\r\n+ **Towards Reasonable Budget Allocation in Untargeted Graph Structure Attacks via Gradient Debias**, *[📝NeurIPS](https://openreview.net/forum?id=vkGk2HI8oOP)*, *[:octocat:Code](https://github.com/Zihan-Liu-00/GraD--NeurIPS22)*\r\n+ **Adversary for Social Good: Leveraging Attribute-Obfuscating Attack to Protect User Privacy on Social Networks**, *[📝SecureComm](https://link.springer.com/chapter/10.1007/978-3-031-25538-0_37)*\r\n\r\n## 2021\r\n[💨 Back to Top](#table-of-contents)\r\n\r\n+ **Stealing Links from Graph Neural Networks**, *[📝USENIX Security](https://www.usenix.org/system/files/sec21summer_he.pdf)*\r\n+ **PATHATTACK: Attacking Shortest Paths in Complex Networks**, *[📝arXiv](https://arxiv.org/abs/2104.03761)*\r\n+ **Structack: Structure-based Adversarial Attacks on Graph Neural Networks**, *[📝ACM Hypertext](https://arxiv.org/abs/2107.11327)*, *[:octocat:Code](https://github.com/sqrhussain/structack)*\r\n+ **Optimal Edge Weight Perturbations to Attack Shortest Paths**, *[📝arXiv](https://arxiv.org/abs/2107.03347)*\r\n+ **GReady for Emerging Threats to Recommender Systems? A Graph Convolution-based Generative Shilling Attack**, *[📝Information Sciences](https://arxiv.org/abs/2107.10457)*\r\n+ **Graph Adversarial Attack via Rewiring**, *[📝KDD](https://dl.acm.org/doi/abs/10.1145/3447548.3467416)*, *[:octocat:Code](https://github.com/alge24/ReWatt)*\r\n+ **Membership Inference Attack on Graph Neural Networks**, *[📝arXiv](https://arxiv.org/abs/2101.06570)*\r\n+ **Graph Backdoor**, *[📝USENIX Security](https://arxiv.org/abs/2006.11890)*\r\n+ **TDGIA: Effective Injection Attacks on Graph Neural Networks**, *[📝KDD](https://dl.acm.org/doi/abs/10.1145/3447548.3467314)*, *[:octocat:Code](https://github.com/THUDM/tdgia)*\r\n+ **Adversarial Attack Framework on Graph Embedding Models with Limited Knowledge**, *[📝arXiv](https://arxiv.org/abs/2105.12419)*\r\n+ **Adversarial Attack on Large Scale Graph**, *[📝TKDE](https://arxiv.org/abs/2009.03488)*, *[:octocat:Code](https://github.com/EdisonLeeeee/SGAttack)*\r\n+ **Black-box Gradient Attack on Graph Neural Networks: Deeper Insights in Graph-based Attack and Defense**, *[📝arXiv](https://arxiv.org/abs/2104.15061)*\r\n+ **Joint Detection and Localization of Stealth False Data Injection Attacks in Smart Grids using Graph Neural Networks**, *[📝arXiv](https://arxiv.org/abs/2104.11846)*\r\n+ **Universal Spectral Adversarial Attacks for Deformable Shapes**, *[📝CVPR](https://arxiv.org/abs/2104.03356)*\r\n+ **SAGE: Intrusion Alert-driven Attack Graph Extractor**, *[📝KDD Workshop](https://arxiv.org/abs/2107.02783)*, *[:octocat:Code](https://github.com/tudelft-cda-lab/SAGE)*\r\n+ **Adversarial Diffusion Attacks on Graph-based Traffic Prediction Models**, *[📝arXiv](https://arxiv.org/abs/2104.09369)*, *[:octocat:Code](https://github.com/LYZ98/Adversarial-Diffusion-Attacks-on-Graph-based-Traffic-Prediction-Models)*\r\n+ **VIKING: Adversarial Attack on Network Embeddings via Supervised Network Poisoning**, *[📝PAKDD](https://arxiv.org/abs/2102.07164)*, *[:octocat:Code](https://github.com/virresh/viking)*\r\n+ **Explainability-based Backdoor Attacks Against Graph Neural Networks**, *[📝WiseML@WiSec](https://arxiv.org/abs/2104.03674)*\r\n+ **GraphAttacker: A General Multi-Task GraphAttack Framework**, *[📝arXiv](https://arxiv.org/abs/2101.06855)*, *[:octocat:Code](https://github.com/honoluluuuu/GraphAttacker)*\r\n+ **Attacking Graph Neural Networks at Scale**, *[📝AAAI workshop](https://www.dropbox.com/s/ddrwoswpz3wwx40/Robust_GNNs_at_Scale__AAAI_Workshop_2020_CameraReady.pdf?dl=0)*\r\n+ **Node-Level Membership Inference Attacks Against Graph Neural Networks**, *[📝arXiv](https://arxiv.org/abs/2102.05429)*\r\n+ **Reinforcement Learning For Data Poisoning on Graph Neural Networks**, *[📝arXiv](https://arxiv.org/abs/2102.06800)*\r\n+ **DeHiB: Deep Hidden Backdoor Attack on Semi-Supervised Learning via Adversarial Perturbation**, *[📝AAAI](https://ojs.aaai.org/index.php/AAAI/article/view/17266)*\r\n+ **Graphfool: Targeted Label Adversarial Attack on Graph Embedding**, *[📝arXiv](https://arxiv.org/abs/2102.12284)*\r\n+ **Towards Revealing Parallel Adversarial Attack on Politician Socialnet of Graph Structure**, *[📝Security and Communication Networks](https://www.hindawi.com/journals/scn/2021/6631247)*\r\n+ **Network Embedding Attack: An Euclidean Distance Based Method**, *[📝MDATA](https://link.springer.com/chapter/10.1007%2F978-3-030-71590-8_8)*\r\n+ **Preserve, Promote, or Attack? GNN Explanation via Topology Perturbation**, *[📝arXiv](https://arxiv.org/abs/2103.12256)*\r\n+ **Jointly Attacking Graph Neural Network and its Explanations**, *[📝arXiv](https://arxiv.org/abs/2108.03388)*\r\n+ **Graph Stochastic Neural Networks for Semi-supervised Learning**, *[📝arXiv](https://papers.nips.cc/paper/2020/file/e586a4f55fb43a540c2e9dab45e00f53-Paper.pdf)*, *[:octocat:Code](https://github.com/GSNN/GSNN)*\r\n+ **Iterative Deep Graph Learning for Graph Neural Networks: Better and Robust Node Embeddings**, *[📝arXiv](https://arxiv.org/abs/2006.13009)*, *[:octocat:Code](https://github.com/hugochan/IDGL)*\r\n+ **Single-Node Attack for Fooling Graph Neural Networks**, *[📝KDD Workshop](https://drive.google.com/file/d/12arm9w6UmvSIzGmaoocdH70czx7RVzGr/view)*, *[:octocat:Code](https://github.com/gnnattack/SINGLE)*\r\n+ **The Robustness of Graph k-shell Structure under Adversarial Attacks**, *[📝arXiv](https://arxiv.org/abs/2107.13962)*\r\n+ **Poisoning Knowledge Graph Embeddings via Relation Inference Patterns**, *[📝ACL](https://aclanthology.org/2021.acl-long.147)*, *[:octocat:Code](https://github.com/PeruBhardwaj/InferenceAttack)*\r\n+ **A Hard Label Black-box Adversarial Attack Against Graph Neural Networks**, *[📝CCS](https://arxiv.org/abs/2108.09513)*\r\n+ **GNNUnlock: Graph Neural Networks-based Oracle-less Unlocking Scheme for Provably Secure Logic Locking**, *[📝DATE Conference](https://arxiv.org/abs/2104.13012)*\r\n+ **Single Node Injection Attack against Graph Neural Networks**, *[📝CIKM](https://arxiv.org/abs/2108.13049)*, *[:octocat:Code](https://github.com/TaoShuchang/G-NIA)*\r\n+ **Spatially Focused Attack against Spatiotemporal Graph Neural Networks**, *[📝arXiv](https://arxiv.org/abs/2109.04608)*\r\n+ **Derivative-free optimization adversarial attacks for graph convolutional networks**, *[📝PeerJ](https://peerj.com/articles/cs-693)*\r\n+ **Projective Ranking: A Transferable Evasion Attack Method on Graph Neural Networks**, *[📝CIKM](https://shiruipan.github.io/publication/cikm-21-zhang/cikm-21-zhang.pdf)*\r\n+ **Time-aware Gradient Attack on Dynamic Network Link Prediction**, *[📝TKDE](https://ieeexplore.ieee.org/abstract/document/9531428)*\r\n+ **Graph-Fraudster: Adversarial Attacks on Graph Neural Network Based Vertical Federated Learning**, *[📝arXiv](https://arxiv.org/abs/2110.06468)*\r\n+ **Adapting Membership Inference Attacks to GNN for Graph Classification: Approaches and Implications**, *[📝ICDM](https://arxiv.org/abs/2110.08760)*, *[:octocat:Code](https://github.com/TrustworthyGNN/MIA-GNN)*\r\n+ **Watermarking Graph Neural Networks based on Backdoor Attacks**, *[📝arXiv](https://arxiv.org/abs/2110.11024)*\r\n+ **Robustness of Graph Neural Networks at Scale**, *[📝NeurIPS](https://arxiv.org/pdf/2110.14038.pdf)*, *[:octocat:Code](https://github.com/sigeisler/robustness_of_gnns_at_scale)*\r\n+ **Generalization of Neural Combinatorial Solvers Through the Lens of Adversarial Robustness**, *[📝NeurIPS](https://arxiv.org/abs/2110.10942)*\r\n+ **Graph Universal Adversarial Attacks: A Few Bad Actors Ruin Graph Learning Models**, *[📝IJCAI](https://www.ijcai.org/proceedings/2021/458)*, *[:octocat:Code](https://github.com/chisam0217/Graph-Universal-Attack)*\r\n+ **Adversarial Attacks on Graph Classification via Bayesian Optimisation**, *[📝NeurIPS](https://arxiv.org/abs/2111.02842)*, *[:octocat:Code](https://github.com/xingchenwan/grabnel)*\r\n+ **Adversarial Attacks on Knowledge Graph Embeddings via Instance Attribution Methods**, *[📝EMNLP](https://arxiv.org/abs/2111.03120)*, *[:octocat:Code](https://github.com/PeruBhardwaj/AttributionAttack)*\r\n+ **COREATTACK: Breaking Up the Core Structure of Graphs**, *[📝arXiv](https://arxiv.org/abs/2111.15276)*\r\n+ **UNTANGLE: Unlocking Routing and Logic Obfuscation Using Graph Neural Networks-based Link Prediction**, *[📝ICCAD](https://arxiv.org/abs/2111.07062)*, *[:octocat:Code](https://github.com/lilasrahis/untangle)*\r\n+ **GraphMI: Extracting Private Graph Data from Graph Neural Networks**, *[📝IJCAI](https://www.ijcai.org/proceedings/2021/516)*, *[:octocat:Code](https://github.com/zaixizhang/GraphMI)*\r\n+ **Structural Attack against Graph Based Android Malware Detection**, *[📝CCS](https://dl.acm.org/doi/abs/10.1145/3460120.3485387)*\r\n+ **Adversarial Attack against Cross-lingual Knowledge Graph Alignment**, *[📝EMNLP](https://aclanthology.org/2021.emnlp-main.432)*\r\n+ **FHA: Fast Heuristic Attack Against Graph Convolutional Networks**, *[📝ICDS](https://link.springer.com/chapter/10.1007/978-3-030-88942-5_12)*\r\n+ **Task and Model Agnostic Adversarial Attack on Graph Neural Networks**, *[📝arXiv](https://arxiv.org/abs/2112.13267)*\r\n+ **How Members of Covert Networks Conceal the Identities of Their Leaders**, *[📝ACM TIST](https://dl.acm.org/doi/full/10.1145/3490462)*\r\n+ **Revisiting Adversarial Attacks on Graph Neural Networks for Graph Classification**, *[📝arXiv](https://arxiv.org/abs/2208.06651)*\r\n\r\n\r\n## 2020\r\n[💨 Back to Top](#table-of-contents)\r\n\r\n+ **A Graph Matching Attack on Privacy-Preserving Record Linkage**, *[📝CIKM](https://dl.acm.org/doi/abs/10.1145/3340531.3411931)*\r\n+ **Semantic-preserving Reinforcement Learning Attack Against Graph Neural Networks for Malware Detection**, *[📝arXiv](https://arxiv.org/abs/2009.05602)*\r\n+ **Adaptive Adversarial Attack on Graph Embedding via GAN**, *[📝SocialSec](https://link.springer.com/chapter/10.1007/978-981-15-9031-3_7)*\r\n+ **Scalable Adversarial Attack on Graph Neural Networks with Alternating Direction Method of Multipliers**, *[📝arXiv](https://arxiv.org/abs/2009.10233)*\r\n+ **One Vertex Attack on Graph Neural Networks-based Spatiotemporal Forecasting**, *[📝ICLR OpenReview](https://openreview.net/forum?id=W0MKrbVOxtd)*\r\n+ **Near-Black-Box Adversarial Attacks on Graph Neural Networks as An Influence Maximization Problem**, *[📝ICLR OpenReview](https://openreview.net/forum?id=sbyjwhxxT8K)*\r\n+ **Adversarial Attacks on Deep Graph Matching**, *[📝NeurIPS](https://papers.nips.cc/paper/2020/file/ef126722e64e98d1c33933783e52eafc-Paper.pdf)*\r\n+ **Attacking Graph-Based Classification without Changing Existing Connections**, *[📝ACSAC](https://cse.sc.edu/~zeng1/papers/2020-acsac-graph.pdf)*\r\n+ **Cross Entropy Attack on Deep Graph Infomax**, *[📝IEEE ISCAS](https://ieeexplore.ieee.org/document/9180817)*\r\n+ **Learning to Deceive Knowledge Graph Augmented Models via Targeted Perturbation**, *[📝ICLR](https://arxiv.org/abs/2010.12872)*, *[:octocat:Code](https://github.com/INK-USC/deceive-KG-models)*\r\n+ **Towards More Practical Adversarial Attacks on Graph Neural Networks**, *[📝NeurIPS](https://arxiv.org/abs/2006.05057)*, *[:octocat:Code](https://github.com/Mark12Ding/GNN-Practical-Attack)*\r\n+ **Adversarial Label-Flipping Attack and Defense for Graph Neural Networks**, *[📝ICDM](http://shichuan.org/doc/97.pdf)*, *[:octocat:Code](https://github.com/MengmeiZ/LafAK)*\r\n+ **Exploratory Adversarial Attacks on Graph Neural Networks**, *[📝ICDM](https://ieeexplore.ieee.org/document/9338329)*, *[:octocat:Code](https://github.com/EpoAtk/EpoAtk)*\r\n+ **A Targeted Universal Attack on Graph Convolutional Network**, *[📝arXiv](https://arxiv.org/abs/2011.14365)*, *[:octocat:Code](https://github.com/Nanyuu/TUA)*\r\n+ **Query-free Black-box Adversarial Attacks on Graphs**, *[📝arXiv](https://arxiv.org/abs/2012.06757)*\r\n+ **Reinforcement Learning-based Black-Box Evasion Attacks to Link Prediction in Dynamic Graphs**, *[📝arXiv](https://arxiv.org/abs/2009.00163)*\r\n+ **Efficient Evasion Attacks to Graph Neural Networks via Influence Function**, *[📝arXiv](https://arxiv.org/abs/2009.00203)*\r\n+ **Backdoor Attacks to Graph Neural Networks**, *[📝SACMAT](https://dl.acm.org/doi/pdf/10.1145/3450569.3463560)*, *[:octocat:Code](https://github.com/zaixizhang/graphbackdoor)*\r\n+ **Link Prediction Adversarial Attack Via Iterative Gradient Attack**, *[📝IEEE Trans](https://ieeexplore.ieee.org/abstract/document/9141291)*\r\n+ **Adversarial Attack on Hierarchical Graph Pooling Neural Networks**, *[📝arXiv](https://arxiv.org/abs/2005.11560)*\r\n+ **Adversarial Attack on Community Detection by Hiding Individuals**, *[📝WWW](https://arxiv.org/abs/2001.07933)*, *[:octocat:Code](https://github.com/halimiqi/CD-ATTACK)*\r\n+ **Manipulating Node Similarity Measures in Networks**, *[📝AAMAS](https://arxiv.org/abs/1910.11529)*\r\n+ **A Restricted Black-box Adversarial Framework Towards Attacking Graph Embedding Models**, *[📝AAAI](https://arxiv.org/abs/1908.01297)*, *[:octocat:Code](https://github.com/SwiftieH/GFAttack)*\r\n+ **Indirect Adversarial Attacks via Poisoning Neighbors for Graph Convolutional Networks**, *[📝BigData](https://arxiv.org/abs/2002.08012)*\r\n+ **Adversarial Attacks on Graph Neural Networks via Node Injections: A Hierarchical Reinforcement Learning Approach**, *[📝WWW](https://dl.acm.org/doi/10.1145/3366423.3380149)*\r\n+ **An Efficient Adversarial Attack on Graph Structured Data**, *[📝IJCAI Workshop](https://www.aisafetyw.org/programme)*\r\n+ **Practical Adversarial Attacks on Graph Neural Networks**, *[📝ICML Workshop](https://grlplus.github.io/papers/8.pdf)*\r\n+ **Adversarial Attacks on Graph Neural Networks: Perturbations and their Patterns**, *[📝TKDD](https://dl.acm.org/doi/10.1145/3394520)*\r\n+ **Adversarial Attacks on Link Prediction Algorithms Based on Graph Neural Networks**, *[📝Asia CCS](https://iqua.ece.toronto.edu/papers/wlin-asiaccs20.pdf)*\r\n+ **Scalable Attack on Graph Data by Injecting Vicious Nodes**, *[📝ECML-PKDD](https://arxiv.org/abs/2004.13825)*, *[:octocat:Code](https://github.com/wangjh-github/AFGSM)*\r\n+ **Attackability Characterization of Adversarial Evasion Attack on Discrete Data**, *[📝KDD](https://dl.acm.org/doi/10.1145/3394486.3403194)*\r\n+ **MGA: Momentum Gradient Attack on Network**, *[📝arXiv](https://arxiv.org/abs/2002.11320)*\r\n+ **Adversarial Attacks to Scale-Free Networks: Testing the Robustness of Physical Criteria**, *[📝arXiv](https://arxiv.org/abs/2002.01249)*\r\n+ **Adversarial Perturbations of Opinion Dynamics in Networks**, *[📝arXiv](https://arxiv.org/abs/2003.07010)*\r\n+ **Network disruption: maximizing disagreement and polarization in social networks**, *[📝arXiv](https://arxiv.org/abs/2003.08377)*, *[:octocat:Code](https://github.com/mayee107/network-disruption)*\r\n+ **Adversarial attack on BC classification for scale-free networks**, *[📝AIP Chaos](https://aip.scitation.org/doi/10.1063/5.0003707)*\r\n\r\n## 2019\r\n[💨 Back to Top](#table-of-contents)\r\n\r\n+ **Attacking Graph Convolutional Networks via Rewiring**, *[📝arXiv](https://arxiv.org/abs/1906.03750)*\r\n+ **Unsupervised Euclidean Distance Attack on Network Embedding**, *[📝arXiv](https://arxiv.org/abs/1905.11015)*\r\n+ **Structured Adversarial Attack Towards General Implementation and Better Interpretability**, *[📝ICLR](https://arxiv.org/abs/1808.01664)*, *[:octocat:Code](https://github.com/KaidiXu/StrAttack)*\r\n+ **Generalizable Adversarial Attacks with Latent Variable Perturbation Modelling**, *[📝arXiv](https://arxiv.org/abs/1905.10864)*\r\n+ **Vertex Nomination, Consistent Estimation, and Adversarial Modification**, *[📝arXiv](https://arxiv.org/abs/1905.01776)*\r\n+ **PeerNets Exploiting Peer Wisdom Against Adversarial Attacks**, *[📝ICLR](https://arxiv.org/abs/1806.00088)*, *[:octocat:Code](https://github.com/tantara/PeerNets-pytorch)*\r\n+ **Network Structural Vulnerability A Multi-Objective Attacker Perspective**, *[📝IEEE Trans](https://ieeexplore.ieee.org/document/8275029)*\r\n+ **Multiscale Evolutionary Perturbation Attack on Community Detection**, *[📝arXiv](https://arxiv.org/abs/1910.09741)*\r\n+ **αCyber: Enhancing Robustness of Android Malware Detection System against Adversarial Attacks on Heterogeneous Graph based Model**, *[📝CIKM](https://dl.acm.org/doi/10.1145/3357384.3357875)*\r\n+ **Adversarial Attacks on Node Embeddings via Graph Poisoning**, *[📝ICML](https://arxiv.org/abs/1809.01093)*, *[:octocat:Code](https://github.com/abojchevski/node_embedding_attack)*\r\n+ **GA Based Q-Attack on Community Detection**, *[📝TCSS](https://arxiv.org/abs/1811.00430)*\r\n+ **Data Poisoning Attack against Knowledge Graph Embedding**, *[📝IJCAI](https://arxiv.org/abs/1904.12052)*\r\n+ **Adversarial Attacks on Graph Neural Networks via Meta Learning**, *[📝ICLR](https://arxiv.org/abs/1902.08412)*, *[:octocat:Code](https://github.com/danielzuegner/gnn-meta-attack)*\r\n+ **Topology Attack and Defense for Graph Neural Networks: An Optimization Perspective**, *[📝IJCAI](https://arxiv.org/abs/1906.04214)*, *[:octocat:Code](https://github.com/KaidiXu/GCN_ADV_Train)*\r\n+ **Adversarial Examples on Graph Data: Deep Insights into Attack and Defense**, *[📝IJCAI](https://arxiv.org/abs/1903.01610)*, *[:octocat:Code](https://github.com/stellargraph/stellargraph/tree/develop/demos/interpretability)*\r\n+ **A Unified Framework for Data Poisoning Attack to Graph-based Semi-supervised Learning**, *[📝NeurIPS](https://arxiv.org/abs/1910.14147)*, *[:octocat:Code](https://github.com/xuanqing94/AdvSSL)*\r\n+ **Attacking Graph-based Classification via Manipulating the Graph Structure**, *[📝CCS](https://arxiv.org/abs/1903.00553)*\r\n\r\n## 2018\r\n[💨 Back to Top](#table-of-contents)\r\n\r\n+ **Fake Node Attacks on Graph Convolutional Networks**, *[📝arXiv](https://arxiv.org/abs/1810.10751)*\r\n+ **Data Poisoning Attack against Unsupervised Node Embedding Methods**, *[📝arXiv](https://arxiv.org/abs/1810.12881)*\r\n+ **Fast Gradient Attack on Network Embedding**, *[📝arXiv](https://arxiv.org/abs/1809.02797)*\r\n+ **Attack Tolerance of Link Prediction Algorithms: How to Hide Your Relations in a Social Network**, *[📝arXiv](https://arxiv.org/abs/1809.00152)*\r\n+ **Adversarial Attacks on Neural Networks for Graph Data**, *[📝KDD](https://arxiv.org/abs/1805.07984)*, *[:octocat:Code](https://github.com/danielzuegner/nettack)*\r\n+ **Hiding Individuals and Communities in a Social Network**, *[📝Nature Human Behavior](https://arxiv.org/abs/1608.00375)*\r\n+ **Attacking Similarity-Based Link Prediction in Social Networks**, *[📝AAMAS](https://arxiv.org/abs/1809.08368)*\r\n+ **Adversarial Attack on Graph Structured Data**, *[📝ICML](https://arxiv.org/abs/1806.02371)*, *[:octocat:Code](https://github.com/Hanjun-Dai/graph_adversarial_attack)*\r\n\r\n## 2017\r\n[💨 Back to Top](#table-of-contents)\r\n\r\n+ **Practical Attacks Against Graph-based Clustering**, *[📝CCS](https://arxiv.org/abs/1708.09056)*\r\n+ **Adversarial Sets for Regularising Neural Link Predictors**, *[📝UAI](https://arxiv.org/abs/1707.07596)*, *[:octocat:Code](https://github.com/uclmr/inferbeddings)*\r\n\r\n\r\n\r\n# 🛡Defense\r\n\r\n## 2023\r\n[💨 Back to Top](#table-of-contents)\r\n\r\n+ **Adversarial Training for Graph Neural Networks: Pitfalls, Solutions, and New Directions**, *[📝NeurIPS](https://openreview.net/forum?id=GPtroppvUM)*, *[:octocat:Code](https://www.cs.cit.tum.de/daml/adversarial-training/)*\r\n+ **ASGNN: Graph Neural Networks with Adaptive Structure**, *[📝ICLR OpenReview](https://arxiv.org/abs/2210.01002)*\r\n+ **Empowering Graph Representation Learning with Test-Time Graph Transformation**, *[📝ICLR](https://arxiv.org/abs/2210.03561)*, *[:octocat:Code](https://github.com/ChandlerBang/GTrans)*\r\n+ **Robust Training of Graph Neural Networks via Noise Governance**, *[📝WSDM](https://arxiv.org/abs/2211.06614)*, *[:octocat:Code](https://github.com/GhostQ99/RobustTrainingGNN)*\r\n+ **Self-Supervised Graph Structure Refinement for Graph Neural Networks**, *[📝WSDM](https://arxiv.org/abs/2211.06545)*, *[:octocat:Code](https://github.com/AndyJZhao/WSDM23-GSR)*\r\n+ **Revisiting Robustness in Graph Machine Learning**, *[📝ICLR](https://openreview.net/forum?id=h1o7Ry9Zctm)*, *[:octocat:Code](https://www.cs.cit.tum.de/daml/revisiting-robustness/)*\r\n+ **Robust Mid-Pass Filtering Graph Convolutional Networks**, *[📝WWW](https://arxiv.org/abs/2302.08048)*\r\n+ **Towards Robust Graph Neural Networks via Adversarial Contrastive Learning**, *[📝BigData](https://ieeexplore.ieee.org/abstract/document/10021051)*\r\n\r\n\r\n## 2022\r\n[💨 Back to Top](#table-of-contents)\r\n+ **Unsupervised Adversarially-Robust Representation Learning on Graphs**, *[📝AAAI](https://arxiv.org/abs/2012.02486)*, *[:octocat:Code](https://github.com/galina0217/robustgraph)*\r\n+ **Towards Robust Graph Neural Networks for Noisy Graphs with Sparse Labels**, *[📝WSDM](https://arxiv.org/abs/2201.00232)*, *[:octocat:Code](https://github.com/EnyanDai/RSGNN)*\r\n+ **Mind Your Solver! On Adversarial Attack and Defense for Combinatorial Optimization**, *[📝arXiv](https://arxiv.org/abs/2201.004022)*, *[:octocat:Code](https://github.com/EnyanDai/RSGNN)*\r\n+ **Learning Robust Representation through Graph Adversarial Contrastive Learning**, *[📝arXiv](https://arxiv.org/abs/2201.13025)*\r\n+ **GARNET: Reduced-Rank Topology Learning for Robust and Scalable Graph Neural Networks**, *[📝arXiv](https://arxiv.org/abs/2201.12741)*\r\n+ **Graph Neural Network for Local Corruption Recovery**, *[📝arXiv](https://arxiv.org/abs/2202.04936)*, *[:octocat:Code](https://github.com/bzho3923/MAGnet)*\r\n+ **Robust Heterogeneous Graph Neural Networks against Adversarial Attacks**, *[📝AAAI](http://shichuan.org/doc/132.pdf)*\r\n+ **How Does Bayesian Noisy Self-Supervision Defend Graph Convolutional Networks?**, *[📝Neural Processing Letters](https://link.springer.com/article/10.1007/s11063-022-10750-8)*\r\n+ **Defending Graph Convolutional Networks against Dynamic Graph Perturbations via Bayesian Self-supervision**, *[📝AAAI](https://arxiv.org/abs/2203.03762)*, *[:octocat:Code](https://github.com/junzhuang-code/GraphSS)*\r\n+ **SimGRACE: A Simple Framework for Graph Contrastive Learning without Data Augmentation**, *[📝WWW](https://arxiv.org/abs/2202.03104)*, *[:octocat:Code](https://github.com/junxia97/SimGRACE)*\r\n+ **Exploring High-Order Structure for Robust Graph Structure Learning**, *[📝arXiv](https://arxiv.org/abs/2203.11492)*\r\n+ **GUARD: Graph Universal Adversarial Defense**, *[📝arXiv](https://arxiv.org/abs/2204.09803)*, *[:octocat:Code](https://github.com/EdisonLeeeee/GUARD)*\r\n+ **Detecting Topology Attacks against Graph Neural Networks**, *[📝arXiv](https://arxiv.org/abs/2204.10072)*\r\n+ **LPGNet: Link Private Graph Networks for Node Classification**, *[📝arXiv](https://arxiv.org/abs/2205.03105)*\r\n+ **EvenNet: Ignoring Odd-Hop Neighbors Improves Robustness of Graph Neural Networks**, *[📝arXiv](https://arxiv.org/abs/2205.13892)*\r\n+ **Bayesian Robust Graph Contrastive Learning**, *[📝arXiv](https://arxiv.org/abs/2205.14109)*, *[:octocat:Code](https://github.com/BRGCL-code/BRGCL-code)*\r\n+ **Reliable Representations Make A Stronger Defender: Unsupervised Structure Refinement for Robust GNN**, *[📝KDD](https://arxiv.org/abs/2207.00012)*, *[:octocat:Code](https://github.com/likuanppd/STABLE)*\r\n+ **Robust Graph Representation Learning for Local Corruption Recovery**, *[📝ICML workshop](https://yuguangwang.github.io/papers/L_p_graph_regularizer_ICML%20TAG%202022.pdf)*\r\n+ **Appearance and Structure Aware Robust Deep Visual Graph Matching: Attack, Defense and Beyond**, *[📝CVPR](https://openaccess.thecvf.com/content/CVPR2022/html/Ren_Appearance_and_Structure_Aware_Robust_Deep_Visual_Graph_Matching_Attack_CVPR_2022_paper.html)*, *[:octocat:Code](https://github.com/Thinklab-SJTU/RobustMatch)*\r\n+ **Large-Scale Privacy-Preserving Network Embedding against Private Link Inference Attacks**, *[📝arXiv](https://arxiv.org/abs/2205.14440)*\r\n+ **Robust Graph Neural Networks via Ensemble Learning**, *[📝Mathematics](https://www.mdpi.com/2227-7390/10/8/1300/html)*\r\n+ **AN-GCN: An Anonymous Graph Convolutional Network Against Edge-Perturbing Attacks**, *[📝IEEE TNNLS](https://ieeexplore.ieee.org/abstract/document/9775013)*\r\n+ **How does Heterophily Impact Robustness of Graph Neural Networks? Theoretical Connections and Practical Implications**, *[📝KDD](https://arxiv.org/abs/2106.07767)*, *[:octocat:Code](https://github.com/GemsLab/HeteRobust)*\r\n+ **Robust Graph Neural Networks using Weighted Graph Laplacian**, *[📝SPCOM](https://arxiv.org/abs/2208.01853)*, *[:octocat:Code](https://github.com/Bharat-Runwal/RWL-GNN)*\r\n+ **ARIEL: Adversarial Graph Contrastive Learning**, *[📝arXiv](https://arxiv.org/abs/2208.06956)*·\r\n+ **Robust Tensor Graph Convolutional Networks via T-SVD based Graph Augmentation**, *[📝KDD](https://dl.acm.org/doi/abs/10.1145/3534678.3539436)*, *[:octocat:Code](https://github.com/GTML-LAB/RT-GCN)*\r\n+ **NOSMOG: Learning Noise-robust and Structure-aware MLPs on Graphs**, *[📝arXiv](https://arxiv.org/abs/2208.10010)*\r\n+ **Robust Node Classification on Graphs: Jointly from Bayesian Label Transition and Topology-based Label Propagation**, *[📝CIKM](https://arxiv.org/abs/2208.09779)*, *[:octocat:Code](https://github.com/junzhuang-code/LInDT)*\r\n+ **On the Robustness of Graph Neural Diffusion to Topology Perturbations**, *[📝NeurIPS](https://arxiv.org/abs/2209.07754)*, *[:octocat:Code](https://github.com/zknus/Robustness-of-Graph-Neural-Diffusion)*\r\n+ **IoT-based Android Malware Detection Using Graph Neural Network With Adversarial Defense**, *[📝IEEE IOT](https://ieeexplore.ieee.org/abstract/document/9814995)*\r\n+ **Robust cross-network node classification via constrained graph mutual information**, *[📝KBS](https://www.sciencedirect.com/science/article/pii/S0950705122009455)*\r\n+ **Defending Against Backdoor Attack on Graph Nerual Network by Explainability**, *[📝arXiv](https://arxiv.org/abs/2209.02902)*\r\n+ **Towards an Optimal Asymmetric Graph Structure for Robust Semi-supervised Node Classification**, *[📝KDD](https://dl.acm.org/doi/abs/10.1145/3534678.3539332)*\r\n+ **FocusedCleaner: Sanitizing Poisoned Graphs for Robust GNN-based Node Classification**, *[📝arXiv](https://arxiv.org/abs/2210.13815)*\r\n+ **EvenNet: Ignoring Odd-Hop Neighbors Improves Robustness of Graph Neural Networks**, *[📝NeurIPS](https://arxiv.org/abs/2205.13892)*, *[:octocat:Code](https://github.com/Leirunlin/EvenNet)*\r\n+ **Resisting Graph Adversarial Attack via Cooperative Homophilous Augmentation**, *[📝ECML-PKDD](https://arxiv.org/abs/2211.08068)*\r\n+ **Spectral Adversarial Training for Robust Graph Neural Network**, *[📝TKDE](https://arxiv.org/abs/2211.10896)*, *[:octocat:Code](https://github.com/EdisonLeeeee/SAT)*\r\n+ **On the Vulnerability of Graph Learning based Collaborative Filtering**, *[📝TIS](https://dl.acm.org/doi/abs/10.1145/3572834)*\r\n+ **GARNET: Reduced-Rank Topology Learning for Robust and Scalable Graph Neural Networks**, *[📝LoG](https://openreview.net/forum?id=kvwWjYQtmw)*, *[:octocat:Code](https://github.com/cornell-zhang/GARNET)*\r\n+ **You Can Have Better Graph Neural Networks by Not Training Weights at All: Finding Untrained GNNs Tickets**, *[📝LoG](https://openreview.net/forum?id=dF6aEW3_62O)*, *[:octocat:Code](https://github.com/TienjinHuang/UGTs-LoG)*\r\n+ **Robust Graph Representation Learning via Predictive Coding**, *[📝arXiv](https://arxiv.org/abs/2212.04656)*\r\n+ **FocusedCleaner: Sanitizing Poisoned Graphs for Robust GNN-based Node Classification**, *[📝arXiv](https://arxiv.org/abs/2210.13815)*\r\n\r\n## 2021\r\n[💨 Back to Top](#table-of-contents)\r\n\r\n+ **Learning to Drop: Robust Graph Neural Network via Topological Denoising**, *[📝WSDM](https://arxiv.org/abs/2011.07057)*, *[:octocat:Code](https://github.com/flyingdoog/PTDNet)*\r\n+ **How effective are Graph Neural Networks in Fraud Detection for Network Data?**, *[📝arXiv](https://arxiv.org/abs/2105.14568)*\r\n+ **Graph Sanitation with Application to Node Classification**, *[📝arXiv](https://arxiv.org/abs/2105.09384)*\r\n+ **Understanding Structural Vulnerability in Graph Convolutional Networks**, *[📝IJCAI](https://www.ijcai.org/proceedings/2021/310)*, *[:octocat:Code](https://github.com/EdisonLeeeee/MedianGCN)*\r\n+ **A Robust and Generalized Framework for Adversarial Graph Embedding**, *[📝arXiv](https://arxiv.org/abs/2105.10651)*, *[:octocat:Code](https://github.com/RingBDStack/AGE)*\r\n+ **Integrated Defense for Resilient Graph Matching**, *[📝ICML](http://proceedings.mlr.press/v139/ren21c/ren21c.pdf)*\r\n+ **Unveiling Anomalous Nodes Via Random Sampling and Consensus on Graphs**, *[📝ICASSP](https://ieeexplore.ieee.org/abstract/document/9414953)*\r\n+ **Robust Network Alignment via Attack Signal Scaling and Adversarial Perturbation Elimination**, *[📝WWW](http://eng.auburn.edu/users/yangzhou/papers/RNA.pdf)*\r\n+ **Information Obfuscation of Graph Neural Network**, *[📝ICML](https://arxiv.org/pdf/2009.13504.pdf)*, *[:octocat:Code](https://github.com/liaopeiyuan/GAL)*\r\n+ **Improving Robustness of Graph Neural Networks with Heterophily-Inspired Designs**, *[📝arXiv](https://arxiv.org/abs/2106.07767)*\r\n+ **On Generalization of Graph Autoencoders with Adversarial Training**, *[📝ECML](https://arxiv.org/abs/2107.02658)*\r\n+ **DeepInsight: Interpretability Assisting Detection of Adversarial Samples on Graphs**, *[📝ECML](https://arxiv.org/abs/2106.09501)*\r\n+ **Elastic Graph Neural Networks**, *[📝ICML](http://proceedings.mlr.press/v139/liu21k/liu21k.pdf)*, *[:octocat:Code](https://github.com/lxiaorui/ElasticGNN)*\r\n+ **Robust Counterfactual Explanations on Graph Neural Networks**, *[📝arXiv](https://arxiv.org/abs/2107.04086)*\r\n+ **Node Similarity Preserving Graph Convolutional Networks**, *[📝WSDM](https://arxiv.org/abs/2011.09643)*, *[:octocat:Code](https://github.com/ChandlerBang/SimP-GCN)*\r\n+ **Enhancing Robustness and Resilience of Multiplex Networks Against Node-Community Cascading Failures**, *[📝IEEE TSMC](https://ieeexplore.ieee.org/abstract/document/9415463)*\r\n+ **NetFense: Adversarial Defenses against Privacy Attacks on Neural Networks for Graph Data**, *[📝TKDE](https://arxiv.org/abs/2106.11865)*, *[:octocat:Code](https://github.com/ICHproject/NetFense)*\r\n+ **Robust Graph Learning Under Wasserstein Uncertainty**, *[📝arXiv](https://arxiv.org/abs/2105.04210)*\r\n+ **Towards Robust Graph Contrastive Learning**, *[📝arXiv](https://arxiv.org/abs/2102.13085)*\r\n+ **Expressive 1-Lipschitz Neural Networks for Robust Multiple Graph Learning against Adversarial Attacks**, *[📝ICML](http://proceedings.mlr.press/v139/zhao21e.html)*\r\n+ **UAG: Uncertainty-Aware Attention Graph Neural Network for Defending Adversarial Attacks**, *[📝AAAI](https://arxiv.org/abs/2009.10235)*\r\n+ **Uncertainty-Matching Graph Neural Networks to Defend Against Poisoning Attacks**, *[📝AAAI](https://arxiv.org/abs/2009.14455)*\r\n+ **Power up! Robust Graph Convolutional Network against Evasion Attacks based on Graph Powering**, *[📝AAAI](https://arxiv.org/abs/1905.10029)*, *[:octocat:Code](https://www.dropbox.com/sh/p36pzx1ock2iamo/AABEr7FtM5nqwC4i9nICLIsta?dl=0)*\r\n+ **Personalized privacy protection in social networks through adversarial modeling**, *[📝AAAI](https://www.cs.uic.edu/~elena/pubs/biradar-ppai21.pdf)*\r\n+ **Interpretable Stability Bounds for Spectral Graph Filters**, *[📝arXiv](https://arxiv.org/abs/2102.09587)*\r\n+ **Randomized Generation of Adversary-Aware Fake Knowledge Graphs to Combat Intellectual Property Theft**, *[📝AAAI](http://34.94.61.102/paper_AAAI-9475.html)*\r\n+ **Unified Robust Training for Graph NeuralNetworks against Label Noise**, *[📝arXiv](https://arxiv.org/abs/2103.03414)*\r\n+ **An Introduction to Robust Graph Convolutional Networks**, *[📝arXiv](https://arxiv.org/abs/2103.14807)*\r\n+ **E-GraphSAGE: A Graph Neural Network based Intrusion Detection System**, *[📝arXiv](https://arxiv.org/abs/2103.16329)*\r\n+ **Spatio-Temporal Sparsification for General Robust Graph Convolution Networks**, *[📝arXiv](https://arxiv.org/abs/2103.12256)*\r\n+ **Robust graph convolutional networks with directional graph adversarial training**, *[📝Applied Intelligence](https://link.springer.com/article/10.1007/s10489-021-02272-y)*\r\n+ **Detection and Defense of Topological Adversarial Attacks on Graphs**, *[📝AISTATS](http://proceedings.mlr.press/v130/zhang21i.html)*\r\n+ **Unveiling the potential of Graph Neural Networks for robust Intrusion Detection**, *[📝arXiv](https://arxiv.org/abs/2107.14747)*, *[:octocat:Code](https://github.com/BNN-UPC/GNN-NIDS)*\r\n+ **Adversarial Robustness of Probabilistic Network Embedding for Link Prediction**, *[📝arXiv](https://arxiv.org/abs/2107.01936)*\r\n+ **EGC2: Enhanced Graph Classification with Easy Graph Compression**, *[📝arXiv](https://arxiv.org/abs/2107.07737)*\r\n+ **LinkTeller: Recovering Private Edges from Graph Neural Networks via Influence Analysis**, *[📝arXiv](https://arxiv.org/abs/2108.06504)*\r\n+ **Structure-Aware Hierarchical Graph Pooling using Information Bottleneck**, *[📝IJCNN ](https://arxiv.org/abs/2104.13012)*\r\n+ **Mal2GCN: A Robust Malware Detection Approach Using Deep Graph Convolutional Networks With Non-Negative Weights**, *[📝arXiv](https://arxiv.org/abs/2108.12473)*\r\n+ **CoG: a Two-View Co-training Framework for Defending Adversarial Attacks on Graph**, *[📝arXiv](https://arxiv.org/abs/2109.05558)*\r\n+ **Releasing Graph Neural Networks with Differential Privacy Guarantees**, *[📝arXiv](https://arxiv.org/abs/2109.08907)*\r\n+ **Speedup Robust Graph Structure Learning with Low-Rank Information**, *[📝CIKM](http://xiangliyao.cn/papers/cikm21-hui.pdf)*\r\n+ **A Lightweight Metric Defence Strategy for Graph Neural Networks Against Poisoning Attacks**, *[📝ICICS](https://link.springer.com/chapter/10.1007/978-3-030-88052-1_4)*, *[:octocat:Code](https://github.com/lizi-learner/MD-GNN)*\r\n+ **Node Feature Kernels Increase Graph Convolutional Network Robustness**, *[📝arXiv](https://arxiv.org/abs/2109.01785)*, *[:octocat:Code](https://github.com/ChangminWu/RobustGCN)*\r\n+ **On the Relationship between Heterophily and Robustness of Graph Neural Networks**, *[📝arXiv](https://arxiv.org/abs/2106.07767)*\r\n+ **Distributionally Robust Semi-Supervised Learning Over Graphs**, *[📝ICLR](https://arxiv.org/abs/2110.10582)*\r\n+ **Robustness of Graph Neural Networks at Scale**, *[📝NeurIPS](https://arxiv.org/pdf/2110.14038.pdf)*, *[:octocat:Code](https://github.com/sigeisler/robustness_of_gnns_at_scale)*\r\n+ **Graph Transplant: Node Saliency-Guided Graph Mixup with Local Structure Preservation**, *[📝arXiv](https://arxiv.org/abs/2111.05639)*\r\n+ **Not All Low-Pass Filters are Robust in Graph Convolutional Networks**, *[📝NeurIPS](https://openreview.net/forum?id=bDdfxLQITtu)*, *[:octocat:Code](https://github.com/SwiftieH/LFR)*\r\n+ **Towards Robust Reasoning over Knowledge Graphs**, *[📝arXiv](https://arxiv.org/abs/2110.14693)*\r\n+ **Robust Graph Neural Networks via Probabilistic Lipschitz Constraints**, *[📝arXiv](https://arxiv.org/abs/2112.07575)*\r\n+ **Graph Neural Networks with Adaptive Residual**, *[📝NeurIPS](https://openreview.net/forum?id=hfkER_KJiNw)*, *[:octocat:Code](https://github.com/lxiaorui/AirGNN)*\r\n+ **Graph-based Adversarial Online Kernel Learning with Adaptive Embedding**, *[📝ICDM]()*\r\n+ **Graph Posterior Network: Bayesian Predictive Uncertainty for Node Classification**, *[📝NeurIPS](https://arxiv.org/pdf/2110.14012.pdf)*, *[:octocat:Code](https://github.com/stadlmax/Graph-Posterior-Network)*\r\n+ **Graph Neural Networks with Feature and Structure Aware Random Walk**, *[📝arXiv](https://arxiv.org/abs/2111.10102)*\r\n+ **Topological Relational Learning on Graphs**, *[📝NeurIPS](https://arxiv.org/abs/2110.15529)*, *[:octocat:Code](https://github.com/tri-gnn/tri-gnn)*\r\n\r\n## 2020\r\n[💨 Back to Top](#table-of-contents)\r\n\r\n+ **Ricci-GNN: Defending Against Structural Attacks Through a Geometric Approach**, *[📝ICLR OpenReview](https://openreview.net/forum?id=_qoQkWNEhS)*\r\n+ **Provable Overlapping Community Detection in Weighted Graphs**, *[📝NeurIPS](https://arxiv.org/abs/2004.07150)*\r\n+ **Variational Inference for Graph Convolutional Networks in the Absence of Graph Data and Adversarial Settings**, *[📝NeurIPS](https://arxiv.org/abs/1906.01852)*, *[:octocat:Code](https://github.com/ebonilla/VGCN)*\r\n+ **Graph Random Neural Networks for Semi-Supervised Learning on Graphs**, *[📝NeurIPS](https://arxiv.org/abs/2005.11079)*, *[:octocat:Code](https://github.com/Grand20/grand)*\r\n+ **Reliable Graph Neural Networks via Robust Aggregation**, *[📝NeurIPS](https://arxiv.org/abs/2010.15651)*, *[:octocat:Code](https://github.com/sigeisler/reliable_gnn_via_robust_aggregation)*\r\n+ **Towards Robust Graph Neural Networks against Label Noise**, *[📝ICLR OpenReview](https://openreview.net/forum?id=H38f_9b90BO)*\r\n+ **Graph Adversarial Networks: Protecting Information against Adversarial Attacks**, *[📝ICLR OpenReview](https://openreview.net/forum?id=Q8ZdJahesWe)*, *[:octocat:Code](https://github.com/liaopeiyuan/GAL)*\r\n+ **A Novel Defending Scheme for Graph-Based Classification Against Graph Structure Manipulating Attack**, *[📝SocialSec](https://link.springer.com/chapter/10.1007/978-981-15-9031-3_26)*\r\n+ **Iterative Deep Graph Learning for Graph Neural Networks: Better and Robust Node Embeddings**, *[📝NeurIPS](https://arxiv.org/abs/2006.13009)*, *[:octocat:Code](https://github.com/hugochan/IDGL)*\r\n+ **Node Copying for Protection Against Graph Neural Network Topology Attacks**, *[📝arXiv](https://arxiv.org/abs/2007.06704)*\r\n+ **Community detection in sparse time-evolving graphs with a dynamical Bethe-Hessian**, *[📝NeurIPS](https://arxiv.org/abs/2006.04510)*\r\n+ **A Feature-Importance-Aware and Robust Aggregator for GCN**, *[📝CIKM](https://dl.acm.org/doi/abs/10.1145/3340531.3411983)*, *[:octocat:Code](https://github.com/LiZhang-github/LA-GCN)*\r\n+ **Anti-perturbation of Online Social Networks by Graph Label Transition**, *[📝arXiv](https://arxiv.org/abs/2010.14121)*\r\n+ **Graph Information Bottleneck**, *[📝NeurIPS](https://arxiv.org/abs/2010.12811)*, *[:octocat:Code](http://snap.stanford.edu/gib/)*\r\n+ **Adversarial Detection on Graph Structured Data**, *[📝PPMLP](https://dl.acm.org/doi/abs/10.1145/3411501.3419424)*\r\n+ **Graph Contrastive Learning with Augmentations**, *[📝NeurIPS](https://arxiv.org/abs/2010.13902)*, *[:octocat:Code](https://github.com/Shen-Lab/GraphCL)*\r\n+ **Learning Graph Embedding with Adversarial Training Methods**, *[📝IEEE Transactions on Cybernetics](https://arxiv.org/abs/1901.01250)*\r\n+ **I-GCN: Robust Graph Convolutional Network via Influence Mechanism**, *[📝arXiv](https://arxiv.org/abs/2012.06110)*\r\n+ **Adversary for Social Good: Protecting Familial Privacy through Joint Adversarial Attacks**, *[📝AAAI](https://ojs.aaai.org//index.php/AAAI/article/view/6791)*\r\n+ **Smoothing Adversarial Training for GNN**, *[📝IEEE TCSS](https://ieeexplore.ieee.org/abstract/document/9305289?casa_token=fTXIL3hT1yIAAAAA:I4fn-GlF0PIwzPRC87SayRi5_pi2ZDDuSancEsY96A4O4bUBEsp0hSYMNJVGVzMgBWxycYN9qu6D)*\r\n+ **Graph Structure Reshaping Against Adversarial Attacks on Graph Neural Networks**, *[📝None](None)*, *[:octocat:Code](https://github.com/GraphReshape/GraphReshape)*\r\n+ **RoGAT: a robust GNN combined revised GAT with adjusted graphs**, *[📝arXiv](https://arxiv.org/abs/2009.13038)*\r\n+ **ResGCN: Attention-based Deep Residual Modeling for Anomaly Detection on Attributed Networks**, *[📝arXiv](https://arxiv.org/abs/2009.14738)*\r\n+ **Adversarial Perturbations of Opinion Dynamics in Networks**, *[📝arXiv](https://arxiv.org/abs/2003.07010)*\r\n+ **Adversarial Privacy Preserving Graph Embedding against Inference Attack**, *[📝arXiv](https://arxiv.org/abs/2008.13072)*, *[:octocat:Code](https://github.com/uJ62JHD/Privacy-Preserving-Social-Network-Embedding)*\r\n+ **Robust Graph Learning From Noisy Data**, *[📝IEEE Trans](https://ieeexplore.ieee.org/abstract/document/8605364)*\r\n+ **GNNGuard: Defending Graph Neural Networks against Adversarial Attacks**, *[📝NeurIPS](https://arxiv.org/abs/2006.08149)*, *[:octocat:Code](https://github.com/mims-harvard/GNNGuard)*\r\n+ **Transferring Robustness for Graph Neural Network Against Poisoning Attacks**, *[📝WSDM](https://arxiv.org/abs/1908.07558)*, *[:octocat:Code](https://github.com/tangxianfeng/PA-GNN)*\r\n+ **All You Need Is Low (Rank): Defending Against Adversarial Attacks on Graphs**, *[📝WSDM](https://dl.acm.org/doi/abs/10.1145/3336191.3371789)*, *[:octocat:Code](https://github.com/DSE-MSU/DeepRobust)*\r\n+ **How Robust Are Graph Neural Networks to Structural Noise?**, *[📝DLGMA](https://arxiv.org/abs/1912.10206)*\r\n+ **Robust Detection of Adaptive Spammers by Nash Reinforcement Learning**, *[📝KDD](https://arxiv.org/abs/2006.06069)*, *[:octocat:Code](https://github.com/YingtongDou/Nash-Detect)*\r\n+ **Graph Structure Learning for Robust Graph Neural Networks**, *[📝KDD](https://arxiv.org/abs/2005.10203)*, *[:octocat:Code](https://github.com/DSE-MSU/DeepRobust)*\r\n+ **On The Stability of Polynomial Spectral Graph Filters**, *[📝ICASSP](https://ieeexplore.ieee.org/abstract/document/9054072)*, *[:octocat:Code](https://github.com/henrykenlay/spgf)*\r\n+ **On the Robustness of Cascade Diffusion under Node Attacks**, *[📝WWW](https://www.cs.au.dk/~karras/robustIC.pdf)*, *[:octocat:Code](https://github.com/allogn/robustness)*\r\n+ **Friend or Faux: Graph-Based Early Detection of Fake Accounts on Social Networks**, *[📝WWW](https://arxiv.org/abs/2004.04834)*\r\n+ **Towards an Efficient and General Framework of Robust Training for Graph Neural Networks**, *[📝ICASSP](https://arxiv.org/abs/2002.10947)*\r\n+ **Robust Graph Representation Learning via Neural Sparsification**, *[📝ICML](https://proceedings.icml.cc/static/paper_files/icml/2020/2611-Paper.pdf)*\r\n+ **Robust Training of Graph Convolutional Networks via Latent Perturbation**, *[📝ECML-PKDD](https://www.cs.uic.edu/~zhangx/papers/JinZha20.pdf)*\r\n+ **Robust Collective Classification against Structural Attacks**, *[📝Preprint](http://www.auai.org/uai2020/proceedings/119_main_paper.pdf)*\r\n+ **Enhancing Graph Neural Network-based Fraud Detectors against Camouflaged Fraudsters**, *[📝CIKM](https://arxiv.org/abs/2008.08692)*, *[:octocat:Code](https://github.com/safe-graph/DGFraud)*\r\n+ **Topological Effects on Attacks Against Vertex Classification**, *[📝arXiv](https://arxiv.org/abs/2003.05822)*\r\n+ **Tensor Graph Convolutional Networks for Multi-relational and Robust Learning**, *[📝arXiv](https://arxiv.org/abs/2003.07729)*\r\n+ **DefenseVGAE: Defending against Adversarial Attacks on Graph Data via a Variational Graph Autoencoder**, *[📝arXiv](https://arxiv.org/abs/2006.08900)*, *[:octocat:Code](https://github.com/zhangao520/defense-vgae)*\r\n+ **Dynamic Knowledge Graph-based Dialogue Generation with Improved Adversarial Meta-Learning**, *[📝arXiv](https://arxiv.org/abs/2004.08833)*\r\n+ **AANE: Anomaly Aware Network Embedding For Anomalous Link Detection**, *[📝ICDM](https://ieeexplore.ieee.org/document/9338406)*\r\n+ **Provably Robust Node Classification via Low-Pass Message Passing**, *[📝ICDM](https://shenghua-liu.github.io/papers/icdm2020-provablerobust.pdf)*\r\n+ **Graph-Revised Convolutional Network**, *[📝ECML-PKDD](https://arxiv.org/abs/1911.07123)*, *[:octocat:Code](https://github.com/PlusRoss/GRCN)*\r\n\r\n## 2019\r\n[💨 Back to Top](#table-of-contents)\r\n\r\n+ **Graph Adversarial Training: Dynamically Regularizing Based on Graph Structure**, *[📝TKDE](https://arxiv.org/abs/1902.08226)*, *[:octocat:Code](https://github.com/fulifeng/GraphAT)*\r\n+ **Bayesian graph convolutional neural networks for semi-supervised classification**, *[📝AAAI](https://arxiv.org/abs/1811.11103)*, *[:octocat:Code](https://github.com/huawei-noah/BGCN)*\r\n+ **Target Defense Against Link-Prediction-Based Attacks via Evolutionary Perturbations**, *[📝arXiv](https://arxiv.org/abs/1809.05912)*\r\n+ **Examining Adversarial Learning against Graph-based IoT Malware Detection Systems**, *[📝arXiv](https://arxiv.org/abs/1902.04416)*\r\n+ **Adversarial Embedding: A robust and elusive Steganography and Watermarking technique**, *[📝arXiv](https://arxiv.org/abs/1912.01487)*\r\n+ **Graph Interpolating Activation Improves Both Natural and Robust Accuracies in Data-Efficient Deep Learning**, *[📝arXiv](https://arxiv.org/abs/1907.06800)*, *[:octocat:Code](https://github.com/BaoWangMath/DNN-DataDependentActivation)*\r\n+ **Adversarial Defense Framework for Graph Neural Network**, *[📝arXiv](https://arxiv.org/abs/1905.03679)*\r\n+ **GraphSAC: Detecting anomalies in large-scale graphs**, *[📝arXiv](https://arxiv.org/abs/1910.09589)*\r\n+ **Edge Dithering for Robust Adaptive Graph Convolutional Networks**, *[📝arXiv](https://arxiv.org/abs/1910.09590)*\r\n+ **Can Adversarial Network Attack be Defended?**, *[📝arXiv](https://arxiv.org/abs/1903.05994)*\r\n+ **GraphDefense: Towards Robust Graph Convolutional Networks**, *[📝arXiv](https://arxiv.org/abs/1911.04429)*\r\n+ **Adversarial Training Methods for Network Embedding**, *[📝WWW](https://arxiv.org/abs/1908.11514)*, *[:octocat:Code](https://github.com/wonniu/AdvT4NE_WWW2019)*\r\n+ **Adversarial Examples on Graph Data: Deep Insights into Attack and Defense**, *[📝IJCAI](https://arxiv.org/abs/1903.01610)*, *[:octocat:Code](https://github.com/DSE-MSU/DeepRobust)*\r\n+ **Improving Robustness to Attacks Against Vertex Classification**, *[📝MLG@KDD](http://eliassi.org/papers/benmiller-mlg2019.pdf)*\r\n+ **Adversarial Robustness of Similarity-Based Link Prediction**, *[📝ICDM](https://arxiv.org/abs/1909.01432)*\r\n+ **αCyber: Enhancing Robustness of Android Malware Detection System against Adversarial Attacks on Heterogeneous Graph based Model**, *[📝CIKM](https://dl.acm.org/doi/10.1145/3357384.3357875)*\r\n+ **Batch Virtual Adversarial Training for Graph Convolutional Networks**, *[📝ICML](https://arxiv.org/abs/1902.09192)*, *[:octocat:Code](https://github.com/thudzj/BVAT)*\r\n+ **Latent Adversarial Training of Graph Convolution Networks**, *[📝LRGSD@ICML](https://graphreason.github.io/papers/35.pdf)*, *[:octocat:Code](https://github.com/cshjin/LATGCN)*\r\n+ **Characterizing Malicious Edges targeting on Graph Neural Networks**, *[📝ICLR OpenReview](https://arxiv.org/abs/1906.04214)*, *[:octocat:Code](https://github.com/KaidiXu/GCN_ADV_Train)*\r\n+ **Comparing and Detecting Adversarial Attacks for Graph Deep Learning**, *[📝RLGM@ICLR](https://rlgm.github.io/papers/57.pdf)*\r\n+ **Virtual Adversarial Training on Graph Convolutional Networks in Node Classification**, *[📝PRCV](https://arxiv.org/abs/1902.11045)*\r\n+ **Robust Graph Convolutional Networks Against Adversarial Attacks**, *[📝KDD](http://pengcui.thumedialab.com/papers/RGCN.pdf)*, *[:octocat:Code](https://github.com/thumanlab/nrlweb/blob/master/static/assets/download/RGCN.zip)*\r\n+ **Investigating Robustness and Interpretability of Link Prediction via Adversarial Modifications**, *[📝NAACL](https://arxiv.org/abs/1905.00563)*, *[:octocat:Code](https://github.com/pouyapez/criage)*\r\n+ **Topology Attack and Defense for Graph Neural Networks: An Optimization Perspective**, *[📝IJCAI](https://arxiv.org/abs/1906.04214)*, *[:octocat:Code](https://github.com/KaidiXu/GCN_ADV_Train)*\r\n+ **Robust Graph Data Learning via Latent Graph Convolutional Representation**, *[📝arXiv](https://arxiv.org/abs/1904.11883)*\r\n\r\n## 2018\r\n[💨 Back to Top](#table-of-contents)\r\n\r\n+ **Adversarial Personalized Ranking for Recommendation**, *[📝SIGIR](https://dl.acm.org/citation.cfm?id=3209981)*, *[:octocat:Code](https://github.com/hexiangnan/adversarial_personalized_ranking)*\r\n\r\n## 2017\r\n[💨 Back to Top](#table-of-contents)\r\n\r\n+ **Adversarial Sets for Regularising Neural Link Predictors**, *[📝UAI](https://arxiv.org/abs/1707.07596)*, *[:octocat:Code](https://github.com/uclmr/inferbeddings)*\r\n\r\n\r\n\r\n# 🔐Certification\r\n[💨 Back to Top](#table-of-contents)\r\n\r\n+ **Hierarchical Randomized Smoothing**, *[📝NeurIPS'2023](https://openreview.net/forum?id=6IhNHKyuJO)*, *[:octocat:Code](https://www.cs.cit.tum.de/daml/hierarchical-smoothing)*\r\n+ **(Provable) Adversarial Robustness for Group Equivariant Tasks: Graphs, Point Clouds, Molecules, and More**, *[📝NeurIPS'2023](https://openreview.net/forum?id=mLe63bAYc7)*, *[:octocat:Code](https://www.cs.cit.tum.de/daml/equivariance-robustness/)*\r\n+ **Localized Randomized Smoothing for Collective Robustness Certification**, *[📝ICLR'2023](https://openreview.net/forum?id=-k7Lvk0GpBl)*\r\n+ **Graph Adversarial Immunization for Certifiable Robustness**, *[📝arXiv'2023](https://arxiv.org/abs/2302.08051)*\r\n+ **Randomized Message-Interception Smoothing: Gray-box Certificates for Graph Neural Networks**, *[📝NeurIPS'2022](https://openreview.net/forum?id=t0VbBTw-o8)*, *[:octocat:Code](https://www.cs.cit.tum.de/daml/interception-smoothing)*\r\n+ **Certified Robustness of Graph Neural Networks against Adversarial Structural Perturbation**, *[📝KDD'2021](https://dl.acm.org/doi/abs/10.1145/3447548.3467295)*, *[:octocat:Code](https://github.com/binghuiwang/CertifyGNN)*\r\n+ **Collective Robustness Certificates: Exploiting Interdependence in Graph Neural Networks**, *[📝ICLR'2021](https://openreview.net/forum?id=ULQdiUTHe3y)*, *[:octocat:Code](https://github.com/jan-schuchardt/collective_robustness)*\r\n+ **Adversarial Immunization for Improving Certifiable Robustness on Graphs**, *[📝WSDM'2021](https://arxiv.org/abs/2007.09647)*\r\n+ **Certifying Robustness of Graph Laplacian Based Semi-Supervised Learning**, *[📝ICLR OpenReview'2021](https://openreview.net/forum?id=cQyybLUoXxc)*\r\n+ **Robust Certification for Laplace Learning on Geometric Graphs**, *[📝MSML’2021](https://arxiv.org/abs/2104.10837)*\r\n+ **Improving the Robustness of Wasserstein Embedding by Adversarial PAC-Bayesian Learning**, *[📝AAAI'2020](http://staff.ustc.edu.cn/~hexn/papers/aaai20-adversarial-embedding.pdf)*\r\n+ **Certified Robustness of Graph Convolution Networks for Graph Classification under Topological Attacks**, *[📝NeurIPS'2020](https://www.cs.uic.edu/~zhangx/papers/Jinetal20.pdf)*, *[:octocat:Code](https://github.com/RobustGraph/RoboGraph)*\r\n+ **Certified Robustness of Community Detection against Adversarial Structural Perturbation via Randomized Smoothing**, *[📝WWW'2020](https://arxiv.org/abs/2002.03421)*\r\n+ **Efficient Robustness Certificates for Discrete Data: Sparsity - Aware Randomized Smoothing for Graphs, Images and More**, *[📝ICML'2020](https://proceedings.icml.cc/book/2020/file/4f7b884f2445ef08da9bbc77b028722c-Paper.pdf)*, *[:octocat:Code](https://github.com/abojchevski/sparse_smoothing)*\r\n+ **Abstract Interpretation based Robustness Certification for Graph Convolutional Networks**, *[📝ECAI'2020](http://ecai2020.eu/papers/31_paper.pdf)*\r\n+ **Certifiable Robustness of Graph Convolutional Networks under Structure Perturbation**, *[📝KDD'2020](https://dl.acm.org/doi/10.1145/3394486.3403217)*, *[:octocat:Code](https://github.com/danielzuegner/robust-gcn-structure)*\r\n+ **Certified Robustness of Graph Classification against Topology Attack with Randomized Smoothing**, *[📝GLOBECOM'2020](https://arxiv.org/abs/2009.05872)*\r\n+ **Certifiable Robustness and Robust Training for Graph Convolutional Networks**, *[📝KDD'2019](https://arxiv.org/abs/1906.12269)*, *[:octocat:Code](https://www.kdd.in.tum.de/research/robust-gcn/)*\r\n+ **Certifiable Robustness to Graph Perturbations**, *[📝NeurIPS'2019](http://papers.nips.cc/paper/9041-certifiable-robustness-to-graph-perturbations)*, *[:octocat:Code](https://github.com/abojchevski/graph_cert)*\r\n\r\n\r\n\r\n# ⚖Stability\r\n[💨 Back to Top](#table-of-contents)\r\n\r\n+ **On the Prediction Instability of Graph Neural Networks**, *[📝arXiv'2022](https://arxiv.org/abs/2205.10070)*\r\n+ **Stability and Generalization Capabilities of Message Passing Graph Neural Networks**, *[📝arXiv'2022](https://arxiv.org/abs/2202.00645)*\r\n+ **Towards a Unified Framework for Fair and Stable Graph Representation Learning**, *[📝UAI'2021](https://arxiv.org/abs/2102.13186)*, *[:octocat:Code](https://github.com/chirag126/nifty)*\r\n+ **Training Stable Graph Neural Networks Through Constrained Learning**, *[📝arXiv'2021](https://arxiv.org/abs/2110.03576)*\r\n+ **Shift-Robust GNNs: Overcoming the Limitations of Localized Graph Training data**, *[📝NeurIPS'2021](https://arxiv.org/abs/2108.01099)*, *[:octocat:Code](https://github.com/GentleZhu/Shift-Robust-GNNs)*\r\n+ **Stability of Graph Convolutional Neural Networks to Stochastic Perturbations**, *[📝arXiv'2021](https://arxiv.org/abs/2106.10526)*\r\n+ **Graph and Graphon Neural Network Stability**, *[📝arXiv'2020](https://arxiv.org/abs/2008.01767)*\r\n+ **On the Stability of Graph Convolutional Neural Networks under Edge Rewiring**, *[📝arXiv'2020](https://arxiv.org/abs/2010.13747)*\r\n+ **Stability of Graph Neural Networks to Relative Perturbations**, *[📝ICASSP'2020](https://ieeexplore.ieee.org/document/9054341)*\r\n+ **Graph Neural Networks: Architectures, Stability and Transferability**, *[📝arXiv'2020](https://arxiv.org/abs/2008.01767)*\r\n+ **Should Graph Convolution Trust Neighbors? A Simple Causal Inference Method**, *[📝arXiv'2020](https://arxiv.org/abs/2010.11797)*\r\n+ **When Do GNNs Work: Understanding and Improving Neighborhood Aggregation**, *[📝IJCAI Workshop'2019](https://www.ijcai.org/Proceedings/2020/181)*, *[:octocat:Code](https://github.com/raspberryice/ala-gcn)*\r\n+ **Stability Properties of Graph Neural Networks**, *[📝arXiv'2019](https://arxiv.org/abs/1905.04497)*\r\n+ **Stability and Generalization of Graph Convolutional Neural Networks**, *[📝KDD'2019](https://arxiv.org/abs/1905.01004)*\r\n\r\n\r\n# 🚀Others\r\n[💨 Back to Top](#table-of-contents)\r\n\r\n+ **Evaluating Robustness and Uncertainty of Graph Models Under Structural Distributional Shifts**, *[📝arXiv‘2023](https://arxiv.org/abs/2302.13875)*, *[:octocat:Code](https://github.com/yandex-research/structural-graph-shifts)*\r\n+ **We Cannot Guarantee Safety: The Undecidability of Graph Neural Network Verification**, *[📝arXiv'2022](https://arxiv.org/abs/2206.05070)*\r\n+ **A Systematic Evaluation of Node Embedding Robustness**, *[📝LoG‘2022](https://openreview.net/forum?id=oxjVVBNrG-)*, *[:octocat:Code](https://github.com/aida-ugent/EvalNE-robustness)*\r\n**Generating Adversarial Examples with Graph Neural Networks**, *[📝UAI'2021](https://arxiv.org/abs/2105.14644)*\r\n+ **SIGL: Securing Software Installations Through Deep Graph Learning**, *[📝USENIX'2021](https://www.usenix.org/system/files/sec21summer_han-xueyuan.pdf)*\r\n+ **FLAG: Adversarial Data Augmentation for Graph Neural Networks**, *[📝arXiv'2020](https://arxiv.org/abs/2010.09891)*, *[:octocat:Code](https://github.com/devnkong/FLAG)*\r\n+ **Dynamic Knowledge Graph-based Dialogue Generation with Improved Adversarial Meta-Learning**, *[📝arXiv'2020](https://arxiv.org/abs/2004.08833)*\r\n+ **Watermarking Graph Neural Networks by Random Graphs**, *[📝arXiv'2020](https://arxiv.org/abs/2011.00512)*\r\n+ **Training Robust Graph Neural Network by Applying Lipschitz Constant Constraint**, *[📝CentraleSupélec'2020](https://github.com/SJTUzhou/Lipschitz_gnn/blob/main/GNN_Robust_report.pdf)*, *[:octocat:Code](https://github.com/SJTUzhou/Lipschitz_gnn)*\r\n+ **CAP: Co-Adversarial Perturbation on Weights and Features for Improving Generalization of Graph Neural Networks**, *[📝arXiv'2021](https://arxiv.org/abs/2110.14855)*\r\n+ **When Does Self-Supervision Help Graph Convolutional Networks?**, *[📝ICML'2020](https://arxiv.org/abs/2006.09136)*\r\n+ **Perturbation Sensitivity of GNNs**, *[📝cs224w'2019](http://snap.stanford.edu/class/cs224w-2019/project/26424139.pdf)*\r\n\r\n# 📃Survey\r\n[💨 Back to Top](#table-of-contents)\r\n\r\n+ **Graph Vulnerability and Robustness: A Survey**, *[📝TKDE'2022](https://arxiv.org/abs/2105.00419)*\r\n+ **A Comprehensive Survey on Trustworthy Graph Neural Networks: Privacy, Robustness, Fairness, and Explainability**, *[📝arXiv'2022](https://arxiv.org/abs/2204.08570)*\r\n+ **Trustworthy Graph Neural Networks: Aspects, Methods and Trends**, *[📝arXiv'2022](https://arxiv.org/abs/2205.07424)*\r\n+ **A Survey of Trustworthy Graph Learning: Reliability, Explainability, and Privacy Protection**, *[📝arXiv'2022](https://arxiv.org/abs/2205.10014)*\r\n+ **A Comparative Study on Robust Graph Neural Networks to Structural Noises**, *[📝AAAI DLG'2022](https://arxiv.org/abs/2112.06070)*\r\n+ **Deep Graph Structure Learning for Robust Representations: A Survey**, *[📝arXiv'2021](https://arxiv.org/abs/2103.03036)*\r\n+ **Robustness of deep learning models on graphs: A survey**, *[📝AI Open'2021](https://arxiv.org/abs/1812.04202)*\r\n+ **Graph Neural Networks Methods, Applications, and Opportunities**, *[📝arXiv'2021](https://arxiv.org/abs/2108.10733)*\r\n+ **Adversarial Attacks and Defenses on Graphs: A Review, A Tool and Empirical Studies**, *[📝SIGKDD Explorations'2021](https://arxiv.org/abs/2003.00653)*\r\n+ **A Survey of Adversarial Learning on Graph**, *[📝arXiv'2020](https://arxiv.org/abs/2003.05730)*\r\n+ **Graph Neural Networks Taxonomy, Advances and Trends**, *[📝arXiv'2020](https://arxiv.org/abs/2012.08752)*\r\n+ **Recent Advances in Reliable Deep Graph Learning: Inherent Noise, Distribution Shift, and Adversarial Attack**, *[📝arXiv'2022](https://arxiv.org/abs/2202.07114)*\r\n+ **Adversarial Attacks and Defenses in Images, Graphs and Text: A Review**, *[📝arXiv'2019](https://arxiv.org/abs/1909.08072)*\r\n+ **Deep Learning on Graphs: A Survey**, *[📝arXiv'2018](https://arxiv.org/abs/1812.04202)*\r\n+ **Adversarial Attack and Defense on Graph Data: A Survey**, *[📝arXiv'2018](https://arxiv.org/abs/1812.10528)*\r\n\r\n\r\n\r\n# ⚙Toolbox\r\n[💨 Back to Top](#table-of-contents)\r\n\r\n+ **DeepRobust: a Platform for Adversarial Attacks and Defenses**, *[📝AAAI’2021](https://ojs.aaai.org/index.php/AAAI/article/view/18017)*, [**:octocat:DeepRobust**](https://github.com/DSE-MSU/DeepRobust)\r\n+ **GreatX: A graph reliability toolbox based on PyTorch and PyTorch Geometric**, *[📝arXiv’2022]()*, [**:octocat:GreatX**](https://github.com/EdisonLeeeee/GreatX)\r\n+ **Evaluating Graph Vulnerability and Robustness using TIGER**, *[📝arXiv‘2021](https://arxiv.org/abs/2006.05648)*, [**:octocat:TIGER**](https://github.com/safreita1/TIGER)\r\n+ **Graph Robustness Benchmark: Rethinking and Benchmarking Adversarial Robustness of Graph Neural Networks**, *[📝NeurIPS'2021](https://openreview.net/forum?id=pBwQ82pYha)*, [**:octocat:Graph Robustness Benchmark (GRB)**](https://github.com/thudm/grb)\r\n\r\n\r\n# 🔗Resource\r\n[💨 Back to Top](#table-of-contents)\r\n\r\n+ **Awesome Adversarial Learning on Recommender System** [:octocat:Link](https://github.com/EdisonLeeeee/RS-Adversarial-Learning)\r\n+ **Awesome Graph Attack and Defense Papers** [:octocat:Link](https://github.com/ChandlerBang/awesome-graph-attack-papers)\r\n+ **Graph Adversarial Learning Literature** [:octocat:Link](https://github.com/safe-graph/graph-adversarial-learning-literature)\r\n+ **A Complete List of All (arXiv) Adversarial Example Papers** [🌐Link](https://nicholas.carlini.com/writing/2019/all-adversarial-example-papers.html)\r\n+ **Adversarial Attacks and Defenses Frontiers, Advances and Practice**, *KDD'20 tutorial*, [🌐Link](https://sites.google.com/view/kdd-2020-attack-and-defense)\r\n+ **Trustworthy Graph Learning: Reliability, Explainability, and Privacy Protection**, *KDD'22 tutorial*, [🌐Link](https://ai.tencent.com/ailab/ml/twgl/)\r\n+ **Adversarial Robustness of Representation Learning for Knowledge Graphs**, *PhD Thesis at Trinity College Dublin*, [📝Link](https://arxiv.org/abs/2210.00122)\r\n\r\n\r\n\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fedisonleeeee%2Fgraph-adversarial-learning","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fedisonleeeee%2Fgraph-adversarial-learning","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fedisonleeeee%2Fgraph-adversarial-learning/lists"}