Graph Neural Networks (GNNs) have emerged as the dominant approach for machine learning on graph-structured data. However, concerns have arisen regarding the vulnerability of GNNs to small adversarial perturbations. Existing defense methods against such perturbations suffer from high time complexity and can negatively impact the model's performance on clean graphs. To address these challenges, this paper introduces NoisyGNNs, a novel defense method that incorporates noise into the underlying model's architecture. We establish a theoretical connection between noise injection and the enhancement of GNN robustness, highlighting the effectiveness of our approach. We further conduct extensive empirical evaluations on the node classification task to validate our theoretical findings, focusing on two popular GNNs: the GCN and GIN. The results demonstrate that NoisyGNN achieves superior or comparable defense performance to existing methods while minimizing added time complexity. The NoisyGNN approach is model-agnostic, allowing it to be integrated with different GNN architectures. Successful combinations of our NoisyGNN approach with existing defense techniques demonstrate even further improved adversarial defense results. Our code is publicly available at: https://github.com/Sennadir/NoisyGNN.

翻译：图神经网络（GNN）已成为处理图结构数据的机器学习主流方法。然而，GNN在小规模对抗扰动下的脆弱性问题日益引发关注。现有针对此类扰动的防御方法存在时间复杂度高、且可能影响模型在干净图上的性能等问题。为应对这些挑战，本文提出NoisyGNN——一种通过在基础模型架构中注入噪声的新型防御方法。我们从理论上建立了噪声注入与GNN鲁棒性增强之间的关联，揭示了该方法有效性。进一步，我们以节点分类任务为场景，针对两种主流GNN（GCN和GIN）开展了广泛实证评估，以验证理论发现。结果表明，NoisyGNN在实现与现有方法相当或更优的防御性能的同时，显著降低了额外时间复杂度。该方法是模型无关的，可灵活集成至不同GNN架构。通过将NoisyGNN与现有防御技术成功结合，对抗防御效果得到进一步提升。我们的代码已开源至：https://github.com/Sennadir/NoisyGNN。