End-to-end training with global optimization have popularized graph neural networks (GNNs) for node classification, yet inadvertently introduced vulnerabilities to adversarial edge-perturbing attacks. Adversaries can exploit the inherent opened interfaces of GNNs' input and output, perturbing critical edges and thus manipulating the classification results. Current defenses, due to their persistent utilization of global-optimization-based end-to-end training schemes, inherently encapsulate the vulnerabilities of GNNs. This is specifically evidenced in their inability to defend against targeted secondary attacks. In this paper, we propose the Graph Agent Network (GAgN) to address the aforementioned vulnerabilities of GNNs. GAgN is a graph-structured agent network in which each node is designed as an 1-hop-view agent. Through the decentralized interactions between agents, they can learn to infer global perceptions to perform tasks including inferring embeddings, degrees and neighbor relationships for given nodes. This empowers nodes to filtering adversarial edges while carrying out classification tasks. Furthermore, agents' limited view prevents malicious messages from propagating globally in GAgN, thereby resisting global-optimization-based secondary attacks. We prove that single-hidden-layer multilayer perceptrons (MLPs) are theoretically sufficient to achieve these functionalities. Experimental results show that GAgN effectively implements all its intended capabilities and, compared to state-of-the-art defenses, achieves optimal classification accuracy on the perturbed datasets.

翻译：基于全局优化的端到端训练使得图神经网络（GNNs）在节点分类任务中得到广泛应用，但无意中引入了对对抗性边扰动攻击的脆弱性。攻击者可利用GNN输入与输出固有的开放接口，扰动关键边从而操纵分类结果。现有防御方法由于持续采用基于全局优化的端到端训练方案，本质上封装了GNN的固有脆弱性，这尤其体现在其无法抵御针对性二次攻击。本文提出图智能体网络（GAgN）以解决上述GNN脆弱性问题。GAgN是一种图结构智能体网络，其中每个节点被设计为具有单跳视野的智能体。通过智能体间的去中心化交互，它们能够学习推断全局感知，以执行包括推断给定节点的嵌入、度数与邻居关系等任务。这使得节点在执行分类任务的同时能够过滤对抗性边。此外，智能体的有限视野可阻止恶意信息在GAgN中全局传播，从而抵御基于全局优化的二次攻击。我们证明单隐藏层多层感知机（MLPs）在理论上足以实现这些功能。实验结果表明，GAgN有效实现了所有预期能力，并且在扰动数据集上相比现有最优防御方法取得了最佳分类精度。