Graph Neural Networks (GNNs) are increasingly important given their popularity and the diversity of applications. Yet, existing studies of their vulnerability to adversarial attacks rely on relatively small graphs. We address this gap and study how to attack and defend GNNs at scale. We propose two sparsity-aware first-order optimization attacks that maintain an efficient representation despite optimizing over a number of parameters which is quadratic in the number of nodes. We show that common surrogate losses are not well-suited for global attacks on GNNs. Our alternatives can double the attack strength. Moreover, to improve GNNs' reliability we design a robust aggregation function, Soft Median, resulting in an effective defense at all scales. We evaluate our attacks and defense with standard GNNs on graphs more than 100 times larger compared to previous work. We even scale one order of magnitude further by extending our techniques to a scalable GNN.

翻译：图神经网络（GNN）因其广泛流行和多样化的应用场景而日益重要。然而，现有关于其对抗攻击脆弱性的研究仍局限于相对较小的图结构。我们针对这一空白，研究如何在大规模场景下攻击与防御GNN。我们提出两种稀疏感知的一阶优化攻击方法，在参数规模与节点数呈二次增长的情况下，仍能保持高效表示。研究表明，常见的替代损失函数不适用于全局性GNN攻击，而我们的替代方案可将攻击强度提升一倍。此外，为增强GNN的可靠性，我们设计了鲁棒聚合函数Soft Median，实现了全尺度下有效的防御。我们在比先前工作大100倍以上的图上，使用标准GNN评估了攻击与防御方法。通过将技术扩展至可扩展GNN，我们进一步将规模提升了一个数量级。