Graph convolutional networks (GCNs) have been shown to be vulnerable to small adversarial perturbations, which becomes a severe threat and largely limits their applications in security-critical scenarios. To mitigate such a threat, considerable research efforts have been devoted to increasing the robustness of GCNs against adversarial attacks. However, current defense approaches are typically designed to prevent GCNs from untargeted adversarial attacks and focus on overall performance, making it challenging to protect important local nodes from more powerful targeted adversarial attacks. Additionally, a trade-off between robustness and performance is often made in existing research. Such limitations highlight the need for developing an effective and efficient approach that can defend local nodes against targeted attacks, without compromising the overall performance of GCNs. In this work, we present a simple yet effective method, named Graph Universal Adversarial Defense (GUARD). Unlike previous works, GUARD protects each individual node from attacks with a universal defensive patch, which is generated once and can be applied to any node (node-agnostic) in a graph. GUARD is fast, straightforward to implement without any change to network architecture nor any additional parameters, and is broadly applicable to any GCNs. Extensive experiments on four benchmark datasets demonstrate that GUARD significantly improves robustness for several established GCNs against multiple adversarial attacks and outperforms state-of-the-art defense methods by large margins.

翻译：图卷积神经网络已被证明易受微小对抗扰动的影响，这构成了严重威胁并极大限制了其在安全关键场景中的应用。为缓解此类威胁，大量研究工作致力于提升图卷积网络对抗攻击的鲁棒性。然而，现有防御方法通常旨在阻止图卷积网络遭受无目标对抗攻击并关注整体性能，这使得难以保护关键局部节点免受更强大的有目标对抗攻击。此外，现有研究往往需要在鲁棒性与性能之间进行权衡。这些局限性凸显了开发一种能够在不损害图卷积网络整体性能的前提下防御局部节点免受有目标攻击的有效且高效方法的必要性。本文提出一种简单而有效的方法——图通用对抗防御（GUARD）。与先前工作不同，GUARD通过通用防御补丁保护每个独立节点免受攻击，该补丁仅需生成一次即可应用于图中任意节点（节点无关）。GUARD速度快捷、实现简便（无需改变网络架构或增加额外参数），并广泛适用于各种图卷积网络。在四个基准数据集上的大量实验表明，GUARD显著提升多种经典图卷积网络对抗多种攻击的鲁棒性，并以较大优势超越现有最优防御方法。