[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"similar-EdisonLeeeee--Graph-Adversarial-Learning":3,"tool-EdisonLeeeee--Graph-Adversarial-Learning":64},[4,17,27,35,43,56],{"id":5,"name":6,"github_repo":7,"description_zh":8,"stars":9,"difficulty_score":10,"last_commit_at":11,"category_tags":12,"status":16},3808,"stable-diffusion-webui","AUTOMATIC1111\u002Fstable-diffusion-webui","stable-diffusion-webui 是一个基于 Gradio 构建的网页版操作界面，旨在让用户能够轻松地在本地运行和使用强大的 Stable Diffusion 图像生成模型。它解决了原始模型依赖命令行、操作门槛高且功能分散的痛点，将复杂的 AI 绘图流程整合进一个直观易用的图形化平台。\n\n无论是希望快速上手的普通创作者、需要精细控制画面细节的设计师，还是想要深入探索模型潜力的开发者与研究人员，都能从中获益。其核心亮点在于极高的功能丰富度：不仅支持文生图、图生图、局部重绘（Inpainting）和外绘（Outpainting）等基础模式，还独创了注意力机制调整、提示词矩阵、负向提示词以及“高清修复”等高级功能。此外，它内置了 GFPGAN 和 CodeFormer 等人脸修复工具，支持多种神经网络放大算法，并允许用户通过插件系统无限扩展能力。即使是显存有限的设备，stable-diffusion-webui 也提供了相应的优化选项，让高质量的 AI 艺术创作变得触手可及。",162132,3,"2026-04-05T11:01:52",[13,14,15],"开发框架","图像","Agent","ready",{"id":18,"name":19,"github_repo":20,"description_zh":21,"stars":22,"difficulty_score":23,"last_commit_at":24,"category_tags":25,"status":16},1381,"everything-claude-code","affaan-m\u002Feverything-claude-code","everything-claude-code 是一套专为 AI 编程助手（如 Claude Code、Codex、Cursor 等）打造的高性能优化系统。它不仅仅是一组配置文件，而是一个经过长期实战打磨的完整框架，旨在解决 AI 代理在实际开发中面临的效率低下、记忆丢失、安全隐患及缺乏持续学习能力等核心痛点。\n\n通过引入技能模块化、直觉增强、记忆持久化机制以及内置的安全扫描功能，everything-claude-code 能显著提升 AI 在复杂任务中的表现，帮助开发者构建更稳定、更智能的生产级 AI 代理。其独特的“研究优先”开发理念和针对 Token 消耗的优化策略，使得模型响应更快、成本更低，同时有效防御潜在的攻击向量。\n\n这套工具特别适合软件开发者、AI 研究人员以及希望深度定制 AI 工作流的技术团队使用。无论您是在构建大型代码库，还是需要 AI 协助进行安全审计与自动化测试，everything-claude-code 都能提供强大的底层支持。作为一个曾荣获 Anthropic 黑客大奖的开源项目，它融合了多语言支持与丰富的实战钩子（hooks），让 AI 真正成长为懂上",138956,2,"2026-04-05T11:33:21",[13,15,26],"语言模型",{"id":28,"name":29,"github_repo":30,"description_zh":31,"stars":32,"difficulty_score":23,"last_commit_at":33,"category_tags":34,"status":16},2271,"ComfyUI","Comfy-Org\u002FComfyUI","ComfyUI 是一款功能强大且高度模块化的视觉 AI 引擎，专为设计和执行复杂的 Stable Diffusion 图像生成流程而打造。它摒弃了传统的代码编写模式，采用直观的节点式流程图界面，让用户通过连接不同的功能模块即可构建个性化的生成管线。\n\n这一设计巧妙解决了高级 AI 绘图工作流配置复杂、灵活性不足的痛点。用户无需具备编程背景，也能自由组合模型、调整参数并实时预览效果，轻松实现从基础文生图到多步骤高清修复等各类复杂任务。ComfyUI 拥有极佳的兼容性，不仅支持 Windows、macOS 和 Linux 全平台，还广泛适配 NVIDIA、AMD、Intel 及苹果 Silicon 等多种硬件架构，并率先支持 SDXL、Flux、SD3 等前沿模型。\n\n无论是希望深入探索算法潜力的研究人员和开发者，还是追求极致创作自由度的设计师与资深 AI 绘画爱好者，ComfyUI 都能提供强大的支持。其独特的模块化架构允许社区不断扩展新功能，使其成为当前最灵活、生态最丰富的开源扩散模型工具之一，帮助用户将创意高效转化为现实。",107662,"2026-04-03T11:11:01",[13,14,15],{"id":36,"name":37,"github_repo":38,"description_zh":39,"stars":40,"difficulty_score":23,"last_commit_at":41,"category_tags":42,"status":16},3704,"NextChat","ChatGPTNextWeb\u002FNextChat","NextChat 是一款轻量且极速的 AI 助手，旨在为用户提供流畅、跨平台的大模型交互体验。它完美解决了用户在多设备间切换时难以保持对话连续性，以及面对众多 AI 模型不知如何统一管理的痛点。无论是日常办公、学习辅助还是创意激发，NextChat 都能让用户随时随地通过网页、iOS、Android、Windows、MacOS 或 Linux 端无缝接入智能服务。\n\n这款工具非常适合普通用户、学生、职场人士以及需要私有化部署的企业团队使用。对于开发者而言，它也提供了便捷的自托管方案，支持一键部署到 Vercel 或 Zeabur 等平台。\n\nNextChat 的核心亮点在于其广泛的模型兼容性，原生支持 Claude、DeepSeek、GPT-4 及 Gemini Pro 等主流大模型，让用户在一个界面即可自由切换不同 AI 能力。此外，它还率先支持 MCP（Model Context Protocol）协议，增强了上下文处理能力。针对企业用户，NextChat 提供专业版解决方案，具备品牌定制、细粒度权限控制、内部知识库整合及安全审计等功能，满足公司对数据隐私和个性化管理的高标准要求。",87618,"2026-04-05T07:20:52",[13,26],{"id":44,"name":45,"github_repo":46,"description_zh":47,"stars":48,"difficulty_score":23,"last_commit_at":49,"category_tags":50,"status":16},2268,"ML-For-Beginners","microsoft\u002FML-For-Beginners","ML-For-Beginners 是由微软推出的一套系统化机器学习入门课程，旨在帮助零基础用户轻松掌握经典机器学习知识。这套课程将学习路径规划为 12 周，包含 26 节精炼课程和 52 道配套测验，内容涵盖从基础概念到实际应用的完整流程，有效解决了初学者面对庞大知识体系时无从下手、缺乏结构化指导的痛点。\n\n无论是希望转型的开发者、需要补充算法背景的研究人员，还是对人工智能充满好奇的普通爱好者，都能从中受益。课程不仅提供了清晰的理论讲解，还强调动手实践，让用户在循序渐进中建立扎实的技能基础。其独特的亮点在于强大的多语言支持，通过自动化机制提供了包括简体中文在内的 50 多种语言版本，极大地降低了全球不同背景用户的学习门槛。此外，项目采用开源协作模式，社区活跃且内容持续更新，确保学习者能获取前沿且准确的技术资讯。如果你正寻找一条清晰、友好且专业的机器学习入门之路，ML-For-Beginners 将是理想的起点。",84991,"2026-04-05T10:45:23",[14,51,52,53,15,54,26,13,55],"数据工具","视频","插件","其他","音频",{"id":57,"name":58,"github_repo":59,"description_zh":60,"stars":61,"difficulty_score":10,"last_commit_at":62,"category_tags":63,"status":16},3128,"ragflow","infiniflow\u002Fragflow","RAGFlow 是一款领先的开源检索增强生成（RAG）引擎，旨在为大语言模型构建更精准、可靠的上下文层。它巧妙地将前沿的 RAG 技术与智能体（Agent）能力相结合，不仅支持从各类文档中高效提取知识，还能让模型基于这些知识进行逻辑推理和任务执行。\n\n在大模型应用中，幻觉问题和知识滞后是常见痛点。RAGFlow 通过深度解析复杂文档结构（如表格、图表及混合排版），显著提升了信息检索的准确度，从而有效减少模型“胡编乱造”的现象，确保回答既有据可依又具备时效性。其内置的智能体机制更进一步，使系统不仅能回答问题，还能自主规划步骤解决复杂问题。\n\n这款工具特别适合开发者、企业技术团队以及 AI 研究人员使用。无论是希望快速搭建私有知识库问答系统，还是致力于探索大模型在垂直领域落地的创新者，都能从中受益。RAGFlow 提供了可视化的工作流编排界面和灵活的 API 接口，既降低了非算法背景用户的上手门槛，也满足了专业开发者对系统深度定制的需求。作为基于 Apache 2.0 协议开源的项目，它正成为连接通用大模型与行业专有知识之间的重要桥梁。",77062,"2026-04-04T04:44:48",[15,14,13,26,54],{"id":65,"github_repo":66,"name":67,"description_en":68,"description_zh":69,"ai_summary_zh":69,"readme_en":70,"readme_zh":71,"quickstart_zh":72,"use_case_zh":73,"hero_image_url":74,"owner_login":75,"owner_name":76,"owner_avatar_url":77,"owner_bio":78,"owner_company":79,"owner_location":80,"owner_email":81,"owner_twitter":82,"owner_website":83,"owner_url":84,"languages":85,"stars":90,"forks":91,"last_commit_at":92,"license":93,"difficulty_score":94,"env_os":95,"env_gpu":96,"env_ram":96,"env_deps":97,"category_tags":100,"github_topics":101,"view_count":23,"oss_zip_url":82,"oss_zip_packed_at":82,"status":16,"created_at":111,"updated_at":112,"faqs":113,"releases":114},3205,"EdisonLeeeee\u002FGraph-Adversarial-Learning","Graph-Adversarial-Learning","A curated collection of adversarial attack and defense on graph data.","Graph-Adversarial-Learning 是一个专注于图数据对抗攻击与防御的精选开源资源库。随着图神经网络在社交网络分析、推荐系统等领域的广泛应用，其面临的安全威胁日益凸显。该项目旨在解决图模型易受恶意扰动（如节点注入、结构篡改）导致性能下降或隐私泄露的核心问题，通过系统整理从 2017 年至今的 400 多篇前沿论文，为社区提供全面的技术参考。\n\n资源库内容涵盖攻击策略、防御机制、鲁棒性认证及稳定性分析等多个维度，并按年份、会议 venue 及是否附带代码进行了细致分类。其独特亮点在于不仅收录了理论研究成果，还特别标记了提供复现代码的论文，并定期更新最新进展，极大地降低了研究人员复现算法和对比实验的门槛。\n\n这款工具非常适合人工智能领域的研究人员、算法工程师及安全专家使用。无论是希望深入了解图对抗学习发展脉络的学者，还是致力于提升模型鲁棒性的开发者，都能从中快速定位所需文献与代码资源，从而高效推动相关领域的安全研究与实际应用落地。","# ⚔🛡 Awesome Graph Adversarial Learning\r\n\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FContributions-Welcome-278ea5\" alt=\"Contrib\"\u002F> \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FNumber%20of%20Papers-416-FF6F00\" alt=\"PaperNum\"\u002F>\r\n\r\n\u003Ca class=\"toc\" id=\"table-of-contents\">\u003C\u002Fa>\r\n- [⚔🛡 Awesome Graph Adversarial Learning](#-awesome-graph-adversarial-learning)\r\n- [👀Quick Look](#quick-look)\r\n- [⚔Attack](#attack)\r\n  - [2023](#2023)\r\n  - [2022](#2022)\r\n  - [2021](#2021)\r\n  - [2020](#2020)\r\n  - [2019](#2019)\r\n  - [2018](#2018)\r\n  - [2017](#2017)\r\n- [🛡Defense](#defense)\r\n  - [2023](#2023-1)\r\n  - [2022](#2022-1)\r\n  - [2021](#2021-1)\r\n  - [2020](#2020-1)\r\n  - [2019](#2019-1)\r\n  - [2018](#2018-1)\r\n  - [2017](#2017-1)\r\n- [🔐Certification](#certification)\r\n- [⚖Stability](#stability)\r\n- [🚀Others](#others)\r\n- [📃Survey](#survey)\r\n- [⚙Toolbox](#toolbox)\r\n- [🔗Resource](#resource)\r\n\r\n\u003Cimg width =500 height =300 src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FEdisonLeeeee_Graph-Adversarial-Learning_readme_70dcd3e64ab0.png\" >\r\n\r\nThis repository contains Attack-related papers, Defense-related papers, Robustness Certification papers, etc., ranging from 2017 to 2021. \r\nIf you find this repo useful, please cite:\r\n*A Survey of Adversarial Learning on Graph, arXiv'20*, [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2003.05730)\r\n\r\n```bibtex\r\n@article{chen2020survey,\r\n  title={A Survey of Adversarial Learning on Graph},\r\n  author={Chen, Liang and Li, Jintang and Peng, Jiaying and Xie, \r\n        Tao and Cao, Zengxu and Xu, Kun and He, \r\n        Xiangnan and Zheng, Zibin and Wu, Bingzhe},\r\n  journal={arXiv preprint arXiv:2003.05730},\r\n  year={2020}\r\n}\r\n```\r\n\r\n# 👀Quick Look\r\n\r\nThe papers in this repo are categorized or sorted:\r\n\r\n| [By Alphabet](Categorized\u002Falphabet.md) | [By Year](Categorized\u002Fyear.md) | [By Venue](Categorized\u002Fvenue.md) | [Papers with Code](Categorized\u002Fpapers_with_code.md) |\r\n\r\nIf you want to get a quick look at the recently updated papers in the repository (in 30 days), you can refer to [📍this](Categorized\u002Frecent.md).\r\n\r\n\r\n# ⚔Attack\r\n\r\n## 2023\r\n[💨 Back to Top](#table-of-contents)\r\n+ **Revisiting Graph Adversarial Attack and Defense From a Data Distribution Perspective**, *[📝ICLR](https:\u002F\u002Fopenreview.net\u002Fforum?id=dSYoPjM5J_W)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Flikuanppd\u002FSTRG)*\r\n+ **Let Graph be the Go Board: Gradient-free Node Injection Attack for Graph Neural Networks via Reinforcement Learning**, *[📝AAAI](https:\u002F\u002Farxiv.org\u002Fabs\u002F2211.10782)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fjumxglhf\u002FG2A2C)*\r\n+ **GUAP: Graph Universal Attack Through Adversarial Patching**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2301.01731)*, *[:octocat:Code](https:\u002F\u002Fanonymous.4open.science\u002Fr\u002Fffd4fad9-367f-4a2a-bc65-1a7fe23d9d7f\u002F)*\r\n+ **Node Injection for Class-specific Network Poisoning**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2301.12277)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Frahulk207\u002Fnicki)*\r\n+ **Unnoticeable Backdoor Attacks on Graph Neural Networks**, *[📝WWW](https:\u002F\u002Farxiv.org\u002Fabs\u002F2303.01263)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fventr1c\u002FUGBA)*\r\n+ **A semantic backdoor attack against Graph Convolutional Networks**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2302.14353)*\r\n\r\n## 2022\r\n[💨 Back to Top](#table-of-contents)\r\n\r\n+ **Adversarial Attack on Graph Neural Networks as An Influence Maximization Problem**, *[📝WSDM](https:\u002F\u002Farxiv.org\u002Fabs\u002F2106.10785)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FTheaperDeng\u002FGNN-Attack-InfMax)*\r\n+ **Inference Attacks Against Graph Neural Networks**, *[📝USENIX Security](https:\u002F\u002Farxiv.org\u002Fabs\u002F2110.02631)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FZhangzhk0819\u002FGNN-Embedding-Leaks)*\r\n+ **Model Stealing Attacks Against Inductive Graph Neural Networks**, *[📝IEEE Symposium on Security and Privacy](https:\u002F\u002Farxiv.org\u002Fabs\u002F2112.08331)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fxinleihe\u002FGNNStealing)*\r\n+ **Unsupervised Graph Poisoning Attack via Contrastive Loss Back-propagation**, *[📝WWW](https:\u002F\u002Farxiv.org\u002Fabs\u002F2201.07986)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FRinneSz\u002FCLGA)*\r\n+ **Neighboring Backdoor Attacks on Graph Convolutional Network**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2201.06202)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FEdisonLeeeee\u002FGraphWar)*\r\n+ **Understanding and Improving Graph Injection Attack by Promoting Unnoticeability**, *[📝ICLR](https:\u002F\u002Fopenreview.net\u002Fforum?id=wkMG8cdvh7-)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FLFhase\u002FGIA-HAO)*\r\n+ **Blindfolded Attackers Still Threatening: Strict Black-Box Adversarial Attacks on Graphs**, *[📝AAAI](https:\u002F\u002Farxiv.org\u002Fabs\u002F2012.06757)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fgalina0217\u002Fstack)*\r\n+ **More is Better (Mostly): On the Backdoor Attacks in Federated Graph Neural Networks**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2202.03195)*\r\n+ **Black-box Node Injection Attack for Graph Neural Networks**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2202.09389)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fjumxglhf\u002FGA2C)*\r\n+ **Interpretable and Effective Reinforcement Learning for Attacking against Graph-based Rumor Detection**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2201.05819)*\r\n+ **Projective Ranking-based GNN Evasion Attacks**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2202.12993)*\r\n+ **GAP: Differentially Private Graph Neural Networks with Aggregation Perturbation**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2203.00949)*\r\n+ **Model Extraction Attacks on Graph Neural Networks: Taxonomy and Realization**, *[📝Asia CCS](https:\u002F\u002Farxiv.org\u002Fabs\u002F2010.12751)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FTrustworthyGNN\u002FMEA-GNN)*\r\n+ **Bandits for Structure Perturbation-based Black-box Attacks to Graph Neural Networks with Theoretical Guarantees**, *[📝CVPR](https:\u002F\u002Farxiv.org\u002Fabs\u002F2205.03546)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FMetaoblivion\u002FBandit_GNN_Attack)*\r\n+ **Transferable Graph Backdoor Attack**, *[📝RAID](https:\u002F\u002Farxiv.org\u002Fabs\u002F2207.00425)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FMetaoblivion\u002FBandit_GNN_Attack)*\r\n+ **Adversarial Robustness of Graph-based Anomaly Detection**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2206.08260)*\r\n+ **Label specificity attack: Change your label as I want**, *[📝IJIS](https:\u002F\u002Fonlinelibrary.wiley.com\u002Fdoi\u002Ffull\u002F10.1002\u002Fint.22902)*\r\n+ **AdverSparse: An Adversarial Attack Framework for Deep Spatial-Temporal Graph Neural Networks**, *[📝ICASSP](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F9747850)*\r\n+ **Surrogate Representation Learning with Isometric Mapping for Gray-box Graph Adversarial Attacks**, *[📝WSDM](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002F10.1145\u002F3488560.3498481)*\r\n+ **Cluster Attack: Query-based Adversarial Attacks on Graphs with Graph-Dependent Priors**, *[📝IJCAI](https:\u002F\u002Farxiv.org\u002Fabs\u002F2109.13069)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fthuwzy\u002FCluster-Attack)*\r\n+ **Label-Only Membership Inference Attack against Node-Level Graph Neural NetworksCluster Attack: Query-based Adversarial Attacks on Graphs with Graph-Dependent Priors**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2207.13766)*\r\n+ **Adversarial Camouflage for Node Injection Attack on Graphs**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2208.01819)*\r\n+ **Are Gradients on Graph Structure Reliable in Gray-box Attacks?**, *[📝CIKM](https:\u002F\u002Farxiv.org\u002Fabs\u002F2208.05514)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FZihan-Liu-00\u002FAtkSE)*\r\n+ **Adversarial Camouflage for Node Injection Attack on Graphs**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2208.01819)*\r\n+ **Graph Structural Attack by Perturbing Spectral Distance**, *[📝KDD](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3534678.3539435)*\r\n+ **What Does the Gradient Tell When Attacking the Graph Structure**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2208.12815)*\r\n+ **BinarizedAttack: Structural Poisoning Attacks to Graph-based Anomaly Detection**, *[📝ICDM](https:\u002F\u002Farxiv.org\u002Fabs\u002F2106.09989)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fzhuyulin-tony\u002FBinarizedAttack)*\r\n+ **Model Inversion Attacks against Graph Neural Networks**, *[📝TKDE](https:\u002F\u002Farxiv.org\u002Fabs\u002F2209.07807)*\r\n+ **Sparse Vicious Attacks on Graph Neural Networks**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2209.09688)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FGiovanniTRA\u002FSAVAGE)*\r\n+ **Poisoning GNN-based Recommender Systems with Generative Surrogate-based Attacks**, *[📝ACM TIS](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3567420)*\r\n+ **Dealing with the unevenness: deeper insights in graph-based attack and defense**, *[📝Machine Learning](https:\u002F\u002Flink.springer.com\u002Farticle\u002F10.1007\u002Fs10994-022-06234-4)*\r\n+ **Membership Inference Attacks Against Robust Graph Neural Network**, *[📝CSS](https:\u002F\u002Flink.springer.com\u002Fchapter\u002F10.1007\u002F978-3-031-18067-5_19)*\r\n+ **Adversarial Inter-Group Link Injection Degrades the Fairness of Graph Neural Networks**, *[📝ICDM](https:\u002F\u002Farxiv.org\u002Fabs\u002F2209.05957)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fmengcao327\u002Fattack-gnn-fairness)*\r\n+ **Revisiting Item Promotion in GNN-based Collaborative Filtering: A Masked Targeted Topological Attack Perspective**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2208.09979)*\r\n+ **Link-Backdoor: Backdoor Attack on Link Prediction via Node Injection**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2208.06776)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FSeaocn\u002FLink-Backdoor)*\r\n+ **Private Graph Extraction via Feature Explanations**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2206.14724)*\r\n+ **Towards Secrecy-Aware Attacks Against Trust Prediction in Signed Graphs**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2206.13104)*\r\n+ **Camouflaged Poisoning Attack on Graph Neural Networks**, *[📝ICDM](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3512527.3531373)*\r\n+ **LOKI: A Practical Data Poisoning Attack Framework against Next Item Recommendations**, *[📝TKDE](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F9806383)*\r\n+ **Adversarial for Social Privacy: A Poisoning Strategy to Degrade User Identity Linkage**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2209.00269)*\r\n+ **Exploratory Adversarial Attacks on Graph Neural Networks for Semi-Supervised Node Classification**, *[📝Pattern Recognition](https:\u002F\u002Fwww.sciencedirect.com\u002Fscience\u002Farticle\u002Fpii\u002FS0031320322005222)*\r\n+ **GANI: Global Attacks on Graph Neural Networks via Imperceptible Node Injections**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2210.12598)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Falexfanjn\u002FGANI)*\r\n+ **Motif-Backdoor: Rethinking the Backdoor Attack on Graph Neural Networks via Motifs**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2210.13710)*\r\n+ **Are Defenses for Graph Neural Networks Robust?**, *[📝NeurIPS](https:\u002F\u002Fpublications.cispa.saarland\u002F3812\u002F1\u002Fare_defenses_for_graph_neural_networks_robust.pdf)*, *[:octocat:Code](https:\u002F\u002Fwww.cs.cit.tum.de\u002Fdaml\u002Fare-gnn-defenses-robust\u002F)*\r\n+ **Adversarial Label Poisoning Attack on Graph Neural Networks via Label Propagation**, *[📝ECCV](https:\u002F\u002Fwww.ecva.net\u002Fpapers\u002Feccv_2022\u002Fpapers_ECCV\u002Fpapers\u002F136650223.pdf)*\r\n+ **Imperceptible Adversarial Attacks on Discrete-Time Dynamic Graph Models**, *[📝NeurIPS](https:\u002F\u002Fopenreview.net\u002Fforum?id=YMrdoXP3x_A)*\r\n+ **Towards Reasonable Budget Allocation in Untargeted Graph Structure Attacks via Gradient Debias**, *[📝NeurIPS](https:\u002F\u002Fopenreview.net\u002Fforum?id=vkGk2HI8oOP)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FZihan-Liu-00\u002FGraD--NeurIPS22)*\r\n+ **Adversary for Social Good: Leveraging Attribute-Obfuscating Attack to Protect User Privacy on Social Networks**, *[📝SecureComm](https:\u002F\u002Flink.springer.com\u002Fchapter\u002F10.1007\u002F978-3-031-25538-0_37)*\r\n\r\n## 2021\r\n[💨 Back to Top](#table-of-contents)\r\n\r\n+ **Stealing Links from Graph Neural Networks**, *[📝USENIX Security](https:\u002F\u002Fwww.usenix.org\u002Fsystem\u002Ffiles\u002Fsec21summer_he.pdf)*\r\n+ **PATHATTACK: Attacking Shortest Paths in Complex Networks**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2104.03761)*\r\n+ **Structack: Structure-based Adversarial Attacks on Graph Neural Networks**, *[📝ACM Hypertext](https:\u002F\u002Farxiv.org\u002Fabs\u002F2107.11327)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fsqrhussain\u002Fstructack)*\r\n+ **Optimal Edge Weight Perturbations to Attack Shortest Paths**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2107.03347)*\r\n+ **GReady for Emerging Threats to Recommender Systems? A Graph Convolution-based Generative Shilling Attack**, *[📝Information Sciences](https:\u002F\u002Farxiv.org\u002Fabs\u002F2107.10457)*\r\n+ **Graph Adversarial Attack via Rewiring**, *[📝KDD](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3447548.3467416)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Falge24\u002FReWatt)*\r\n+ **Membership Inference Attack on Graph Neural Networks**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2101.06570)*\r\n+ **Graph Backdoor**, *[📝USENIX Security](https:\u002F\u002Farxiv.org\u002Fabs\u002F2006.11890)*\r\n+ **TDGIA: Effective Injection Attacks on Graph Neural Networks**, *[📝KDD](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3447548.3467314)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FTHUDM\u002Ftdgia)*\r\n+ **Adversarial Attack Framework on Graph Embedding Models with Limited Knowledge**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2105.12419)*\r\n+ **Adversarial Attack on Large Scale Graph**, *[📝TKDE](https:\u002F\u002Farxiv.org\u002Fabs\u002F2009.03488)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FEdisonLeeeee\u002FSGAttack)*\r\n+ **Black-box Gradient Attack on Graph Neural Networks: Deeper Insights in Graph-based Attack and Defense**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2104.15061)*\r\n+ **Joint Detection and Localization of Stealth False Data Injection Attacks in Smart Grids using Graph Neural Networks**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2104.11846)*\r\n+ **Universal Spectral Adversarial Attacks for Deformable Shapes**, *[📝CVPR](https:\u002F\u002Farxiv.org\u002Fabs\u002F2104.03356)*\r\n+ **SAGE: Intrusion Alert-driven Attack Graph Extractor**, *[📝KDD Workshop](https:\u002F\u002Farxiv.org\u002Fabs\u002F2107.02783)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Ftudelft-cda-lab\u002FSAGE)*\r\n+ **Adversarial Diffusion Attacks on Graph-based Traffic Prediction Models**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2104.09369)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FLYZ98\u002FAdversarial-Diffusion-Attacks-on-Graph-based-Traffic-Prediction-Models)*\r\n+ **VIKING: Adversarial Attack on Network Embeddings via Supervised Network Poisoning**, *[📝PAKDD](https:\u002F\u002Farxiv.org\u002Fabs\u002F2102.07164)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fvirresh\u002Fviking)*\r\n+ **Explainability-based Backdoor Attacks Against Graph Neural Networks**, *[📝WiseML@WiSec](https:\u002F\u002Farxiv.org\u002Fabs\u002F2104.03674)*\r\n+ **GraphAttacker: A General Multi-Task GraphAttack Framework**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2101.06855)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fhonoluluuuu\u002FGraphAttacker)*\r\n+ **Attacking Graph Neural Networks at Scale**, *[📝AAAI workshop](https:\u002F\u002Fwww.dropbox.com\u002Fs\u002Fddrwoswpz3wwx40\u002FRobust_GNNs_at_Scale__AAAI_Workshop_2020_CameraReady.pdf?dl=0)*\r\n+ **Node-Level Membership Inference Attacks Against Graph Neural Networks**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2102.05429)*\r\n+ **Reinforcement Learning For Data Poisoning on Graph Neural Networks**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2102.06800)*\r\n+ **DeHiB: Deep Hidden Backdoor Attack on Semi-Supervised Learning via Adversarial Perturbation**, *[📝AAAI](https:\u002F\u002Fojs.aaai.org\u002Findex.php\u002FAAAI\u002Farticle\u002Fview\u002F17266)*\r\n+ **Graphfool: Targeted Label Adversarial Attack on Graph Embedding**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2102.12284)*\r\n+ **Towards Revealing Parallel Adversarial Attack on Politician Socialnet of Graph Structure**, *[📝Security and Communication Networks](https:\u002F\u002Fwww.hindawi.com\u002Fjournals\u002Fscn\u002F2021\u002F6631247)*\r\n+ **Network Embedding Attack: An Euclidean Distance Based Method**, *[📝MDATA](https:\u002F\u002Flink.springer.com\u002Fchapter\u002F10.1007%2F978-3-030-71590-8_8)*\r\n+ **Preserve, Promote, or Attack? GNN Explanation via Topology Perturbation**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2103.12256)*\r\n+ **Jointly Attacking Graph Neural Network and its Explanations**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2108.03388)*\r\n+ **Graph Stochastic Neural Networks for Semi-supervised Learning**, *[📝arXiv](https:\u002F\u002Fpapers.nips.cc\u002Fpaper\u002F2020\u002Ffile\u002Fe586a4f55fb43a540c2e9dab45e00f53-Paper.pdf)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FGSNN\u002FGSNN)*\r\n+ **Iterative Deep Graph Learning for Graph Neural Networks: Better and Robust Node Embeddings**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2006.13009)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fhugochan\u002FIDGL)*\r\n+ **Single-Node Attack for Fooling Graph Neural Networks**, *[📝KDD Workshop](https:\u002F\u002Fdrive.google.com\u002Ffile\u002Fd\u002F12arm9w6UmvSIzGmaoocdH70czx7RVzGr\u002Fview)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fgnnattack\u002FSINGLE)*\r\n+ **The Robustness of Graph k-shell Structure under Adversarial Attacks**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2107.13962)*\r\n+ **Poisoning Knowledge Graph Embeddings via Relation Inference Patterns**, *[📝ACL](https:\u002F\u002Faclanthology.org\u002F2021.acl-long.147)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FPeruBhardwaj\u002FInferenceAttack)*\r\n+ **A Hard Label Black-box Adversarial Attack Against Graph Neural Networks**, *[📝CCS](https:\u002F\u002Farxiv.org\u002Fabs\u002F2108.09513)*\r\n+ **GNNUnlock: Graph Neural Networks-based Oracle-less Unlocking Scheme for Provably Secure Logic Locking**, *[📝DATE Conference](https:\u002F\u002Farxiv.org\u002Fabs\u002F2104.13012)*\r\n+ **Single Node Injection Attack against Graph Neural Networks**, *[📝CIKM](https:\u002F\u002Farxiv.org\u002Fabs\u002F2108.13049)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FTaoShuchang\u002FG-NIA)*\r\n+ **Spatially Focused Attack against Spatiotemporal Graph Neural Networks**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2109.04608)*\r\n+ **Derivative-free optimization adversarial attacks for graph convolutional networks**, *[📝PeerJ](https:\u002F\u002Fpeerj.com\u002Farticles\u002Fcs-693)*\r\n+ **Projective Ranking: A Transferable Evasion Attack Method on Graph Neural Networks**, *[📝CIKM](https:\u002F\u002Fshiruipan.github.io\u002Fpublication\u002Fcikm-21-zhang\u002Fcikm-21-zhang.pdf)*\r\n+ **Time-aware Gradient Attack on Dynamic Network Link Prediction**, *[📝TKDE](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F9531428)*\r\n+ **Graph-Fraudster: Adversarial Attacks on Graph Neural Network Based Vertical Federated Learning**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2110.06468)*\r\n+ **Adapting Membership Inference Attacks to GNN for Graph Classification: Approaches and Implications**, *[📝ICDM](https:\u002F\u002Farxiv.org\u002Fabs\u002F2110.08760)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FTrustworthyGNN\u002FMIA-GNN)*\r\n+ **Watermarking Graph Neural Networks based on Backdoor Attacks**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2110.11024)*\r\n+ **Robustness of Graph Neural Networks at Scale**, *[📝NeurIPS](https:\u002F\u002Farxiv.org\u002Fpdf\u002F2110.14038.pdf)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fsigeisler\u002Frobustness_of_gnns_at_scale)*\r\n+ **Generalization of Neural Combinatorial Solvers Through the Lens of Adversarial Robustness**, *[📝NeurIPS](https:\u002F\u002Farxiv.org\u002Fabs\u002F2110.10942)*\r\n+ **Graph Universal Adversarial Attacks: A Few Bad Actors Ruin Graph Learning Models**, *[📝IJCAI](https:\u002F\u002Fwww.ijcai.org\u002Fproceedings\u002F2021\u002F458)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fchisam0217\u002FGraph-Universal-Attack)*\r\n+ **Adversarial Attacks on Graph Classification via Bayesian Optimisation**, *[📝NeurIPS](https:\u002F\u002Farxiv.org\u002Fabs\u002F2111.02842)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fxingchenwan\u002Fgrabnel)*\r\n+ **Adversarial Attacks on Knowledge Graph Embeddings via Instance Attribution Methods**, *[📝EMNLP](https:\u002F\u002Farxiv.org\u002Fabs\u002F2111.03120)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FPeruBhardwaj\u002FAttributionAttack)*\r\n+ **COREATTACK: Breaking Up the Core Structure of Graphs**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2111.15276)*\r\n+ **UNTANGLE: Unlocking Routing and Logic Obfuscation Using Graph Neural Networks-based Link Prediction**, *[📝ICCAD](https:\u002F\u002Farxiv.org\u002Fabs\u002F2111.07062)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Flilasrahis\u002Funtangle)*\r\n+ **GraphMI: Extracting Private Graph Data from Graph Neural Networks**, *[📝IJCAI](https:\u002F\u002Fwww.ijcai.org\u002Fproceedings\u002F2021\u002F516)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fzaixizhang\u002FGraphMI)*\r\n+ **Structural Attack against Graph Based Android Malware Detection**, *[📝CCS](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3460120.3485387)*\r\n+ **Adversarial Attack against Cross-lingual Knowledge Graph Alignment**, *[📝EMNLP](https:\u002F\u002Faclanthology.org\u002F2021.emnlp-main.432)*\r\n+ **FHA: Fast Heuristic Attack Against Graph Convolutional Networks**, *[📝ICDS](https:\u002F\u002Flink.springer.com\u002Fchapter\u002F10.1007\u002F978-3-030-88942-5_12)*\r\n+ **Task and Model Agnostic Adversarial Attack on Graph Neural Networks**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2112.13267)*\r\n+ **How Members of Covert Networks Conceal the Identities of Their Leaders**, *[📝ACM TIST](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Ffull\u002F10.1145\u002F3490462)*\r\n+ **Revisiting Adversarial Attacks on Graph Neural Networks for Graph Classification**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2208.06651)*\r\n\r\n\r\n## 2020\r\n[💨 Back to Top](#table-of-contents)\r\n\r\n+ **A Graph Matching Attack on Privacy-Preserving Record Linkage**, *[📝CIKM](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3340531.3411931)*\r\n+ **Semantic-preserving Reinforcement Learning Attack Against Graph Neural Networks for Malware Detection**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2009.05602)*\r\n+ **Adaptive Adversarial Attack on Graph Embedding via GAN**, *[📝SocialSec](https:\u002F\u002Flink.springer.com\u002Fchapter\u002F10.1007\u002F978-981-15-9031-3_7)*\r\n+ **Scalable Adversarial Attack on Graph Neural Networks with Alternating Direction Method of Multipliers**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2009.10233)*\r\n+ **One Vertex Attack on Graph Neural Networks-based Spatiotemporal Forecasting**, *[📝ICLR OpenReview](https:\u002F\u002Fopenreview.net\u002Fforum?id=W0MKrbVOxtd)*\r\n+ **Near-Black-Box Adversarial Attacks on Graph Neural Networks as An Influence Maximization Problem**, *[📝ICLR OpenReview](https:\u002F\u002Fopenreview.net\u002Fforum?id=sbyjwhxxT8K)*\r\n+ **Adversarial Attacks on Deep Graph Matching**, *[📝NeurIPS](https:\u002F\u002Fpapers.nips.cc\u002Fpaper\u002F2020\u002Ffile\u002Fef126722e64e98d1c33933783e52eafc-Paper.pdf)*\r\n+ **Attacking Graph-Based Classification without Changing Existing Connections**, *[📝ACSAC](https:\u002F\u002Fcse.sc.edu\u002F~zeng1\u002Fpapers\u002F2020-acsac-graph.pdf)*\r\n+ **Cross Entropy Attack on Deep Graph Infomax**, *[📝IEEE ISCAS](https:\u002F\u002Fieeexplore.ieee.org\u002Fdocument\u002F9180817)*\r\n+ **Learning to Deceive Knowledge Graph Augmented Models via Targeted Perturbation**, *[📝ICLR](https:\u002F\u002Farxiv.org\u002Fabs\u002F2010.12872)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FINK-USC\u002Fdeceive-KG-models)*\r\n+ **Towards More Practical Adversarial Attacks on Graph Neural Networks**, *[📝NeurIPS](https:\u002F\u002Farxiv.org\u002Fabs\u002F2006.05057)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FMark12Ding\u002FGNN-Practical-Attack)*\r\n+ **Adversarial Label-Flipping Attack and Defense for Graph Neural Networks**, *[📝ICDM](http:\u002F\u002Fshichuan.org\u002Fdoc\u002F97.pdf)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FMengmeiZ\u002FLafAK)*\r\n+ **Exploratory Adversarial Attacks on Graph Neural Networks**, *[📝ICDM](https:\u002F\u002Fieeexplore.ieee.org\u002Fdocument\u002F9338329)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FEpoAtk\u002FEpoAtk)*\r\n+ **A Targeted Universal Attack on Graph Convolutional Network**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2011.14365)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FNanyuu\u002FTUA)*\r\n+ **Query-free Black-box Adversarial Attacks on Graphs**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2012.06757)*\r\n+ **Reinforcement Learning-based Black-Box Evasion Attacks to Link Prediction in Dynamic Graphs**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2009.00163)*\r\n+ **Efficient Evasion Attacks to Graph Neural Networks via Influence Function**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2009.00203)*\r\n+ **Backdoor Attacks to Graph Neural Networks**, *[📝SACMAT](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fpdf\u002F10.1145\u002F3450569.3463560)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fzaixizhang\u002Fgraphbackdoor)*\r\n+ **Link Prediction Adversarial Attack Via Iterative Gradient Attack**, *[📝IEEE Trans](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F9141291)*\r\n+ **Adversarial Attack on Hierarchical Graph Pooling Neural Networks**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2005.11560)*\r\n+ **Adversarial Attack on Community Detection by Hiding Individuals**, *[📝WWW](https:\u002F\u002Farxiv.org\u002Fabs\u002F2001.07933)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fhalimiqi\u002FCD-ATTACK)*\r\n+ **Manipulating Node Similarity Measures in Networks**, *[📝AAMAS](https:\u002F\u002Farxiv.org\u002Fabs\u002F1910.11529)*\r\n+ **A Restricted Black-box Adversarial Framework Towards Attacking Graph Embedding Models**, *[📝AAAI](https:\u002F\u002Farxiv.org\u002Fabs\u002F1908.01297)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FSwiftieH\u002FGFAttack)*\r\n+ **Indirect Adversarial Attacks via Poisoning Neighbors for Graph Convolutional Networks**, *[📝BigData](https:\u002F\u002Farxiv.org\u002Fabs\u002F2002.08012)*\r\n+ **Adversarial Attacks on Graph Neural Networks via Node Injections: A Hierarchical Reinforcement Learning Approach**, *[📝WWW](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002F10.1145\u002F3366423.3380149)*\r\n+ **An Efficient Adversarial Attack on Graph Structured Data**, *[📝IJCAI Workshop](https:\u002F\u002Fwww.aisafetyw.org\u002Fprogramme)*\r\n+ **Practical Adversarial Attacks on Graph Neural Networks**, *[📝ICML Workshop](https:\u002F\u002Fgrlplus.github.io\u002Fpapers\u002F8.pdf)*\r\n+ **Adversarial Attacks on Graph Neural Networks: Perturbations and their Patterns**, *[📝TKDD](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002F10.1145\u002F3394520)*\r\n+ **Adversarial Attacks on Link Prediction Algorithms Based on Graph Neural Networks**, *[📝Asia CCS](https:\u002F\u002Fiqua.ece.toronto.edu\u002Fpapers\u002Fwlin-asiaccs20.pdf)*\r\n+ **Scalable Attack on Graph Data by Injecting Vicious Nodes**, *[📝ECML-PKDD](https:\u002F\u002Farxiv.org\u002Fabs\u002F2004.13825)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fwangjh-github\u002FAFGSM)*\r\n+ **Attackability Characterization of Adversarial Evasion Attack on Discrete Data**, *[📝KDD](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002F10.1145\u002F3394486.3403194)*\r\n+ **MGA: Momentum Gradient Attack on Network**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2002.11320)*\r\n+ **Adversarial Attacks to Scale-Free Networks: Testing the Robustness of Physical Criteria**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2002.01249)*\r\n+ **Adversarial Perturbations of Opinion Dynamics in Networks**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2003.07010)*\r\n+ **Network disruption: maximizing disagreement and polarization in social networks**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2003.08377)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fmayee107\u002Fnetwork-disruption)*\r\n+ **Adversarial attack on BC classification for scale-free networks**, *[📝AIP Chaos](https:\u002F\u002Faip.scitation.org\u002Fdoi\u002F10.1063\u002F5.0003707)*\r\n\r\n## 2019\r\n[💨 Back to Top](#table-of-contents)\r\n\r\n+ **Attacking Graph Convolutional Networks via Rewiring**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F1906.03750)*\r\n+ **Unsupervised Euclidean Distance Attack on Network Embedding**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F1905.11015)*\r\n+ **Structured Adversarial Attack Towards General Implementation and Better Interpretability**, *[📝ICLR](https:\u002F\u002Farxiv.org\u002Fabs\u002F1808.01664)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FKaidiXu\u002FStrAttack)*\r\n+ **Generalizable Adversarial Attacks with Latent Variable Perturbation Modelling**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F1905.10864)*\r\n+ **Vertex Nomination, Consistent Estimation, and Adversarial Modification**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F1905.01776)*\r\n+ **PeerNets Exploiting Peer Wisdom Against Adversarial Attacks**, *[📝ICLR](https:\u002F\u002Farxiv.org\u002Fabs\u002F1806.00088)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Ftantara\u002FPeerNets-pytorch)*\r\n+ **Network Structural Vulnerability A Multi-Objective Attacker Perspective**, *[📝IEEE Trans](https:\u002F\u002Fieeexplore.ieee.org\u002Fdocument\u002F8275029)*\r\n+ **Multiscale Evolutionary Perturbation Attack on Community Detection**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F1910.09741)*\r\n+ **αCyber: Enhancing Robustness of Android Malware Detection System against Adversarial Attacks on Heterogeneous Graph based Model**, *[📝CIKM](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002F10.1145\u002F3357384.3357875)*\r\n+ **Adversarial Attacks on Node Embeddings via Graph Poisoning**, *[📝ICML](https:\u002F\u002Farxiv.org\u002Fabs\u002F1809.01093)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fabojchevski\u002Fnode_embedding_attack)*\r\n+ **GA Based Q-Attack on Community Detection**, *[📝TCSS](https:\u002F\u002Farxiv.org\u002Fabs\u002F1811.00430)*\r\n+ **Data Poisoning Attack against Knowledge Graph Embedding**, *[📝IJCAI](https:\u002F\u002Farxiv.org\u002Fabs\u002F1904.12052)*\r\n+ **Adversarial Attacks on Graph Neural Networks via Meta Learning**, *[📝ICLR](https:\u002F\u002Farxiv.org\u002Fabs\u002F1902.08412)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fdanielzuegner\u002Fgnn-meta-attack)*\r\n+ **Topology Attack and Defense for Graph Neural Networks: An Optimization Perspective**, *[📝IJCAI](https:\u002F\u002Farxiv.org\u002Fabs\u002F1906.04214)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FKaidiXu\u002FGCN_ADV_Train)*\r\n+ **Adversarial Examples on Graph Data: Deep Insights into Attack and Defense**, *[📝IJCAI](https:\u002F\u002Farxiv.org\u002Fabs\u002F1903.01610)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fstellargraph\u002Fstellargraph\u002Ftree\u002Fdevelop\u002Fdemos\u002Finterpretability)*\r\n+ **A Unified Framework for Data Poisoning Attack to Graph-based Semi-supervised Learning**, *[📝NeurIPS](https:\u002F\u002Farxiv.org\u002Fabs\u002F1910.14147)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fxuanqing94\u002FAdvSSL)*\r\n+ **Attacking Graph-based Classification via Manipulating the Graph Structure**, *[📝CCS](https:\u002F\u002Farxiv.org\u002Fabs\u002F1903.00553)*\r\n\r\n## 2018\r\n[💨 Back to Top](#table-of-contents)\r\n\r\n+ **Fake Node Attacks on Graph Convolutional Networks**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F1810.10751)*\r\n+ **Data Poisoning Attack against Unsupervised Node Embedding Methods**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F1810.12881)*\r\n+ **Fast Gradient Attack on Network Embedding**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F1809.02797)*\r\n+ **Attack Tolerance of Link Prediction Algorithms: How to Hide Your Relations in a Social Network**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F1809.00152)*\r\n+ **Adversarial Attacks on Neural Networks for Graph Data**, *[📝KDD](https:\u002F\u002Farxiv.org\u002Fabs\u002F1805.07984)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fdanielzuegner\u002Fnettack)*\r\n+ **Hiding Individuals and Communities in a Social Network**, *[📝Nature Human Behavior](https:\u002F\u002Farxiv.org\u002Fabs\u002F1608.00375)*\r\n+ **Attacking Similarity-Based Link Prediction in Social Networks**, *[📝AAMAS](https:\u002F\u002Farxiv.org\u002Fabs\u002F1809.08368)*\r\n+ **Adversarial Attack on Graph Structured Data**, *[📝ICML](https:\u002F\u002Farxiv.org\u002Fabs\u002F1806.02371)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FHanjun-Dai\u002Fgraph_adversarial_attack)*\r\n\r\n## 2017\r\n[💨 Back to Top](#table-of-contents)\r\n\r\n+ **Practical Attacks Against Graph-based Clustering**, *[📝CCS](https:\u002F\u002Farxiv.org\u002Fabs\u002F1708.09056)*\r\n+ **Adversarial Sets for Regularising Neural Link Predictors**, *[📝UAI](https:\u002F\u002Farxiv.org\u002Fabs\u002F1707.07596)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fuclmr\u002Finferbeddings)*\r\n\r\n\r\n\r\n# 🛡Defense\r\n\r\n## 2023\r\n[💨 Back to Top](#table-of-contents)\r\n\r\n+ **Adversarial Training for Graph Neural Networks: Pitfalls, Solutions, and New Directions**, *[📝NeurIPS](https:\u002F\u002Fopenreview.net\u002Fforum?id=GPtroppvUM)*, *[:octocat:Code](https:\u002F\u002Fwww.cs.cit.tum.de\u002Fdaml\u002Fadversarial-training\u002F)*\r\n+ **ASGNN: Graph Neural Networks with Adaptive Structure**, *[📝ICLR OpenReview](https:\u002F\u002Farxiv.org\u002Fabs\u002F2210.01002)*\r\n+ **Empowering Graph Representation Learning with Test-Time Graph Transformation**, *[📝ICLR](https:\u002F\u002Farxiv.org\u002Fabs\u002F2210.03561)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FChandlerBang\u002FGTrans)*\r\n+ **Robust Training of Graph Neural Networks via Noise Governance**, *[📝WSDM](https:\u002F\u002Farxiv.org\u002Fabs\u002F2211.06614)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FGhostQ99\u002FRobustTrainingGNN)*\r\n+ **Self-Supervised Graph Structure Refinement for Graph Neural Networks**, *[📝WSDM](https:\u002F\u002Farxiv.org\u002Fabs\u002F2211.06545)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FAndyJZhao\u002FWSDM23-GSR)*\r\n+ **Revisiting Robustness in Graph Machine Learning**, *[📝ICLR](https:\u002F\u002Fopenreview.net\u002Fforum?id=h1o7Ry9Zctm)*, *[:octocat:Code](https:\u002F\u002Fwww.cs.cit.tum.de\u002Fdaml\u002Frevisiting-robustness\u002F)*\r\n+ **Robust Mid-Pass Filtering Graph Convolutional Networks**, *[📝WWW](https:\u002F\u002Farxiv.org\u002Fabs\u002F2302.08048)*\r\n+ **Towards Robust Graph Neural Networks via Adversarial Contrastive Learning**, *[📝BigData](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F10021051)*\r\n\r\n\r\n## 2022\r\n[💨 Back to Top](#table-of-contents)\r\n+ **Unsupervised Adversarially-Robust Representation Learning on Graphs**, *[📝AAAI](https:\u002F\u002Farxiv.org\u002Fabs\u002F2012.02486)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fgalina0217\u002Frobustgraph)*\r\n+ **Towards Robust Graph Neural Networks for Noisy Graphs with Sparse Labels**, *[📝WSDM](https:\u002F\u002Farxiv.org\u002Fabs\u002F2201.00232)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FEnyanDai\u002FRSGNN)*\r\n+ **Mind Your Solver! On Adversarial Attack and Defense for Combinatorial Optimization**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2201.004022)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FEnyanDai\u002FRSGNN)*\r\n+ **Learning Robust Representation through Graph Adversarial Contrastive Learning**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2201.13025)*\r\n+ **GARNET: Reduced-Rank Topology Learning for Robust and Scalable Graph Neural Networks**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2201.12741)*\r\n+ **Graph Neural Network for Local Corruption Recovery**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2202.04936)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fbzho3923\u002FMAGnet)*\r\n+ **Robust Heterogeneous Graph Neural Networks against Adversarial Attacks**, *[📝AAAI](http:\u002F\u002Fshichuan.org\u002Fdoc\u002F132.pdf)*\r\n+ **How Does Bayesian Noisy Self-Supervision Defend Graph Convolutional Networks?**, *[📝Neural Processing Letters](https:\u002F\u002Flink.springer.com\u002Farticle\u002F10.1007\u002Fs11063-022-10750-8)*\r\n+ **Defending Graph Convolutional Networks against Dynamic Graph Perturbations via Bayesian Self-supervision**, *[📝AAAI](https:\u002F\u002Farxiv.org\u002Fabs\u002F2203.03762)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fjunzhuang-code\u002FGraphSS)*\r\n+ **SimGRACE: A Simple Framework for Graph Contrastive Learning without Data Augmentation**, *[📝WWW](https:\u002F\u002Farxiv.org\u002Fabs\u002F2202.03104)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fjunxia97\u002FSimGRACE)*\r\n+ **Exploring High-Order Structure for Robust Graph Structure Learning**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2203.11492)*\r\n+ **GUARD: Graph Universal Adversarial Defense**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2204.09803)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FEdisonLeeeee\u002FGUARD)*\r\n+ **Detecting Topology Attacks against Graph Neural Networks**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2204.10072)*\r\n+ **LPGNet: Link Private Graph Networks for Node Classification**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2205.03105)*\r\n+ **EvenNet: Ignoring Odd-Hop Neighbors Improves Robustness of Graph Neural Networks**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2205.13892)*\r\n+ **Bayesian Robust Graph Contrastive Learning**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2205.14109)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FBRGCL-code\u002FBRGCL-code)*\r\n+ **Reliable Representations Make A Stronger Defender: Unsupervised Structure Refinement for Robust GNN**, *[📝KDD](https:\u002F\u002Farxiv.org\u002Fabs\u002F2207.00012)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Flikuanppd\u002FSTABLE)*\r\n+ **Robust Graph Representation Learning for Local Corruption Recovery**, *[📝ICML workshop](https:\u002F\u002Fyuguangwang.github.io\u002Fpapers\u002FL_p_graph_regularizer_ICML%20TAG%202022.pdf)*\r\n+ **Appearance and Structure Aware Robust Deep Visual Graph Matching: Attack, Defense and Beyond**, *[📝CVPR](https:\u002F\u002Fopenaccess.thecvf.com\u002Fcontent\u002FCVPR2022\u002Fhtml\u002FRen_Appearance_and_Structure_Aware_Robust_Deep_Visual_Graph_Matching_Attack_CVPR_2022_paper.html)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FThinklab-SJTU\u002FRobustMatch)*\r\n+ **Large-Scale Privacy-Preserving Network Embedding against Private Link Inference Attacks**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2205.14440)*\r\n+ **Robust Graph Neural Networks via Ensemble Learning**, *[📝Mathematics](https:\u002F\u002Fwww.mdpi.com\u002F2227-7390\u002F10\u002F8\u002F1300\u002Fhtml)*\r\n+ **AN-GCN: An Anonymous Graph Convolutional Network Against Edge-Perturbing Attacks**, *[📝IEEE TNNLS](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F9775013)*\r\n+ **How does Heterophily Impact Robustness of Graph Neural Networks? Theoretical Connections and Practical Implications**, *[📝KDD](https:\u002F\u002Farxiv.org\u002Fabs\u002F2106.07767)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FGemsLab\u002FHeteRobust)*\r\n+ **Robust Graph Neural Networks using Weighted Graph Laplacian**, *[📝SPCOM](https:\u002F\u002Farxiv.org\u002Fabs\u002F2208.01853)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FBharat-Runwal\u002FRWL-GNN)*\r\n+ **ARIEL: Adversarial Graph Contrastive Learning**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2208.06956)*·\r\n+ **Robust Tensor Graph Convolutional Networks via T-SVD based Graph Augmentation**, *[📝KDD](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3534678.3539436)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FGTML-LAB\u002FRT-GCN)*\r\n+ **NOSMOG: Learning Noise-robust and Structure-aware MLPs on Graphs**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2208.10010)*\r\n+ **Robust Node Classification on Graphs: Jointly from Bayesian Label Transition and Topology-based Label Propagation**, *[📝CIKM](https:\u002F\u002Farxiv.org\u002Fabs\u002F2208.09779)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fjunzhuang-code\u002FLInDT)*\r\n+ **On the Robustness of Graph Neural Diffusion to Topology Perturbations**, *[📝NeurIPS](https:\u002F\u002Farxiv.org\u002Fabs\u002F2209.07754)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fzknus\u002FRobustness-of-Graph-Neural-Diffusion)*\r\n+ **IoT-based Android Malware Detection Using Graph Neural Network With Adversarial Defense**, *[📝IEEE IOT](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F9814995)*\r\n+ **Robust cross-network node classification via constrained graph mutual information**, *[📝KBS](https:\u002F\u002Fwww.sciencedirect.com\u002Fscience\u002Farticle\u002Fpii\u002FS0950705122009455)*\r\n+ **Defending Against Backdoor Attack on Graph Nerual Network by Explainability**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2209.02902)*\r\n+ **Towards an Optimal Asymmetric Graph Structure for Robust Semi-supervised Node Classification**, *[📝KDD](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3534678.3539332)*\r\n+ **FocusedCleaner: Sanitizing Poisoned Graphs for Robust GNN-based Node Classification**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2210.13815)*\r\n+ **EvenNet: Ignoring Odd-Hop Neighbors Improves Robustness of Graph Neural Networks**, *[📝NeurIPS](https:\u002F\u002Farxiv.org\u002Fabs\u002F2205.13892)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FLeirunlin\u002FEvenNet)*\r\n+ **Resisting Graph Adversarial Attack via Cooperative Homophilous Augmentation**, *[📝ECML-PKDD](https:\u002F\u002Farxiv.org\u002Fabs\u002F2211.08068)*\r\n+ **Spectral Adversarial Training for Robust Graph Neural Network**, *[📝TKDE](https:\u002F\u002Farxiv.org\u002Fabs\u002F2211.10896)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FEdisonLeeeee\u002FSAT)*\r\n+ **On the Vulnerability of Graph Learning based Collaborative Filtering**, *[📝TIS](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3572834)*\r\n+ **GARNET: Reduced-Rank Topology Learning for Robust and Scalable Graph Neural Networks**, *[📝LoG](https:\u002F\u002Fopenreview.net\u002Fforum?id=kvwWjYQtmw)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fcornell-zhang\u002FGARNET)*\r\n+ **You Can Have Better Graph Neural Networks by Not Training Weights at All: Finding Untrained GNNs Tickets**, *[📝LoG](https:\u002F\u002Fopenreview.net\u002Fforum?id=dF6aEW3_62O)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FTienjinHuang\u002FUGTs-LoG)*\r\n+ **Robust Graph Representation Learning via Predictive Coding**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2212.04656)*\r\n+ **FocusedCleaner: Sanitizing Poisoned Graphs for Robust GNN-based Node Classification**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2210.13815)*\r\n\r\n## 2021\r\n[💨 Back to Top](#table-of-contents)\r\n\r\n+ **Learning to Drop: Robust Graph Neural Network via Topological Denoising**, *[📝WSDM](https:\u002F\u002Farxiv.org\u002Fabs\u002F2011.07057)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fflyingdoog\u002FPTDNet)*\r\n+ **How effective are Graph Neural Networks in Fraud Detection for Network Data?**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2105.14568)*\r\n+ **Graph Sanitation with Application to Node Classification**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2105.09384)*\r\n+ **Understanding Structural Vulnerability in Graph Convolutional Networks**, *[📝IJCAI](https:\u002F\u002Fwww.ijcai.org\u002Fproceedings\u002F2021\u002F310)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FEdisonLeeeee\u002FMedianGCN)*\r\n+ **A Robust and Generalized Framework for Adversarial Graph Embedding**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2105.10651)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FRingBDStack\u002FAGE)*\r\n+ **Integrated Defense for Resilient Graph Matching**, *[📝ICML](http:\u002F\u002Fproceedings.mlr.press\u002Fv139\u002Fren21c\u002Fren21c.pdf)*\r\n+ **Unveiling Anomalous Nodes Via Random Sampling and Consensus on Graphs**, *[📝ICASSP](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F9414953)*\r\n+ **Robust Network Alignment via Attack Signal Scaling and Adversarial Perturbation Elimination**, *[📝WWW](http:\u002F\u002Feng.auburn.edu\u002Fusers\u002Fyangzhou\u002Fpapers\u002FRNA.pdf)*\r\n+ **Information Obfuscation of Graph Neural Network**, *[📝ICML](https:\u002F\u002Farxiv.org\u002Fpdf\u002F2009.13504.pdf)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fliaopeiyuan\u002FGAL)*\r\n+ **Improving Robustness of Graph Neural Networks with Heterophily-Inspired Designs**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2106.07767)*\r\n+ **On Generalization of Graph Autoencoders with Adversarial Training**, *[📝ECML](https:\u002F\u002Farxiv.org\u002Fabs\u002F2107.02658)*\r\n+ **DeepInsight: Interpretability Assisting Detection of Adversarial Samples on Graphs**, *[📝ECML](https:\u002F\u002Farxiv.org\u002Fabs\u002F2106.09501)*\r\n+ **Elastic Graph Neural Networks**, *[📝ICML](http:\u002F\u002Fproceedings.mlr.press\u002Fv139\u002Fliu21k\u002Fliu21k.pdf)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Flxiaorui\u002FElasticGNN)*\r\n+ **Robust Counterfactual Explanations on Graph Neural Networks**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2107.04086)*\r\n+ **Node Similarity Preserving Graph Convolutional Networks**, *[📝WSDM](https:\u002F\u002Farxiv.org\u002Fabs\u002F2011.09643)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FChandlerBang\u002FSimP-GCN)*\r\n+ **Enhancing Robustness and Resilience of Multiplex Networks Against Node-Community Cascading Failures**, *[📝IEEE TSMC](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F9415463)*\r\n+ **NetFense: Adversarial Defenses against Privacy Attacks on Neural Networks for Graph Data**, *[📝TKDE](https:\u002F\u002Farxiv.org\u002Fabs\u002F2106.11865)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FICHproject\u002FNetFense)*\r\n+ **Robust Graph Learning Under Wasserstein Uncertainty**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2105.04210)*\r\n+ **Towards Robust Graph Contrastive Learning**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2102.13085)*\r\n+ **Expressive 1-Lipschitz Neural Networks for Robust Multiple Graph Learning against Adversarial Attacks**, *[📝ICML](http:\u002F\u002Fproceedings.mlr.press\u002Fv139\u002Fzhao21e.html)*\r\n+ **UAG: Uncertainty-Aware Attention Graph Neural Network for Defending Adversarial Attacks**, *[📝AAAI](https:\u002F\u002Farxiv.org\u002Fabs\u002F2009.10235)*\r\n+ **Uncertainty-Matching Graph Neural Networks to Defend Against Poisoning Attacks**, *[📝AAAI](https:\u002F\u002Farxiv.org\u002Fabs\u002F2009.14455)*\r\n+ **Power up! Robust Graph Convolutional Network against Evasion Attacks based on Graph Powering**, *[📝AAAI](https:\u002F\u002Farxiv.org\u002Fabs\u002F1905.10029)*, *[:octocat:Code](https:\u002F\u002Fwww.dropbox.com\u002Fsh\u002Fp36pzx1ock2iamo\u002FAABEr7FtM5nqwC4i9nICLIsta?dl=0)*\r\n+ **Personalized privacy protection in social networks through adversarial modeling**, *[📝AAAI](https:\u002F\u002Fwww.cs.uic.edu\u002F~elena\u002Fpubs\u002Fbiradar-ppai21.pdf)*\r\n+ **Interpretable Stability Bounds for Spectral Graph Filters**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2102.09587)*\r\n+ **Randomized Generation of Adversary-Aware Fake Knowledge Graphs to Combat Intellectual Property Theft**, *[📝AAAI](http:\u002F\u002F34.94.61.102\u002Fpaper_AAAI-9475.html)*\r\n+ **Unified Robust Training for Graph NeuralNetworks against Label Noise**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2103.03414)*\r\n+ **An Introduction to Robust Graph Convolutional Networks**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2103.14807)*\r\n+ **E-GraphSAGE: A Graph Neural Network based Intrusion Detection System**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2103.16329)*\r\n+ **Spatio-Temporal Sparsification for General Robust Graph Convolution Networks**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2103.12256)*\r\n+ **Robust graph convolutional networks with directional graph adversarial training**, *[📝Applied Intelligence](https:\u002F\u002Flink.springer.com\u002Farticle\u002F10.1007\u002Fs10489-021-02272-y)*\r\n+ **Detection and Defense of Topological Adversarial Attacks on Graphs**, *[📝AISTATS](http:\u002F\u002Fproceedings.mlr.press\u002Fv130\u002Fzhang21i.html)*\r\n+ **Unveiling the potential of Graph Neural Networks for robust Intrusion Detection**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2107.14747)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FBNN-UPC\u002FGNN-NIDS)*\r\n+ **Adversarial Robustness of Probabilistic Network Embedding for Link Prediction**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2107.01936)*\r\n+ **EGC2: Enhanced Graph Classification with Easy Graph Compression**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2107.07737)*\r\n+ **LinkTeller: Recovering Private Edges from Graph Neural Networks via Influence Analysis**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2108.06504)*\r\n+ **Structure-Aware Hierarchical Graph Pooling using Information Bottleneck**, *[📝IJCNN ](https:\u002F\u002Farxiv.org\u002Fabs\u002F2104.13012)*\r\n+ **Mal2GCN: A Robust Malware Detection Approach Using Deep Graph Convolutional Networks With Non-Negative Weights**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2108.12473)*\r\n+ **CoG: a Two-View Co-training Framework for Defending Adversarial Attacks on Graph**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2109.05558)*\r\n+ **Releasing Graph Neural Networks with Differential Privacy Guarantees**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2109.08907)*\r\n+ **Speedup Robust Graph Structure Learning with Low-Rank Information**, *[📝CIKM](http:\u002F\u002Fxiangliyao.cn\u002Fpapers\u002Fcikm21-hui.pdf)*\r\n+ **A Lightweight Metric Defence Strategy for Graph Neural Networks Against Poisoning Attacks**, *[📝ICICS](https:\u002F\u002Flink.springer.com\u002Fchapter\u002F10.1007\u002F978-3-030-88052-1_4)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Flizi-learner\u002FMD-GNN)*\r\n+ **Node Feature Kernels Increase Graph Convolutional Network Robustness**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2109.01785)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FChangminWu\u002FRobustGCN)*\r\n+ **On the Relationship between Heterophily and Robustness of Graph Neural Networks**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2106.07767)*\r\n+ **Distributionally Robust Semi-Supervised Learning Over Graphs**, *[📝ICLR](https:\u002F\u002Farxiv.org\u002Fabs\u002F2110.10582)*\r\n+ **Robustness of Graph Neural Networks at Scale**, *[📝NeurIPS](https:\u002F\u002Farxiv.org\u002Fpdf\u002F2110.14038.pdf)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fsigeisler\u002Frobustness_of_gnns_at_scale)*\r\n+ **Graph Transplant: Node Saliency-Guided Graph Mixup with Local Structure Preservation**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2111.05639)*\r\n+ **Not All Low-Pass Filters are Robust in Graph Convolutional Networks**, *[📝NeurIPS](https:\u002F\u002Fopenreview.net\u002Fforum?id=bDdfxLQITtu)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FSwiftieH\u002FLFR)*\r\n+ **Towards Robust Reasoning over Knowledge Graphs**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2110.14693)*\r\n+ **Robust Graph Neural Networks via Probabilistic Lipschitz Constraints**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2112.07575)*\r\n+ **Graph Neural Networks with Adaptive Residual**, *[📝NeurIPS](https:\u002F\u002Fopenreview.net\u002Fforum?id=hfkER_KJiNw)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Flxiaorui\u002FAirGNN)*\r\n+ **Graph-based Adversarial Online Kernel Learning with Adaptive Embedding**, *[📝ICDM]()*\r\n+ **Graph Posterior Network: Bayesian Predictive Uncertainty for Node Classification**, *[📝NeurIPS](https:\u002F\u002Farxiv.org\u002Fpdf\u002F2110.14012.pdf)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fstadlmax\u002FGraph-Posterior-Network)*\r\n+ **Graph Neural Networks with Feature and Structure Aware Random Walk**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2111.10102)*\r\n+ **Topological Relational Learning on Graphs**, *[📝NeurIPS](https:\u002F\u002Farxiv.org\u002Fabs\u002F2110.15529)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Ftri-gnn\u002Ftri-gnn)*\r\n\r\n## 2020\r\n[💨 Back to Top](#table-of-contents)\r\n\r\n+ **Ricci-GNN: Defending Against Structural Attacks Through a Geometric Approach**, *[📝ICLR OpenReview](https:\u002F\u002Fopenreview.net\u002Fforum?id=_qoQkWNEhS)*\r\n+ **Provable Overlapping Community Detection in Weighted Graphs**, *[📝NeurIPS](https:\u002F\u002Farxiv.org\u002Fabs\u002F2004.07150)*\r\n+ **Variational Inference for Graph Convolutional Networks in the Absence of Graph Data and Adversarial Settings**, *[📝NeurIPS](https:\u002F\u002Farxiv.org\u002Fabs\u002F1906.01852)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Febonilla\u002FVGCN)*\r\n+ **Graph Random Neural Networks for Semi-Supervised Learning on Graphs**, *[📝NeurIPS](https:\u002F\u002Farxiv.org\u002Fabs\u002F2005.11079)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FGrand20\u002Fgrand)*\r\n+ **Reliable Graph Neural Networks via Robust Aggregation**, *[📝NeurIPS](https:\u002F\u002Farxiv.org\u002Fabs\u002F2010.15651)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fsigeisler\u002Freliable_gnn_via_robust_aggregation)*\r\n+ **Towards Robust Graph Neural Networks against Label Noise**, *[📝ICLR OpenReview](https:\u002F\u002Fopenreview.net\u002Fforum?id=H38f_9b90BO)*\r\n+ **Graph Adversarial Networks: Protecting Information against Adversarial Attacks**, *[📝ICLR OpenReview](https:\u002F\u002Fopenreview.net\u002Fforum?id=Q8ZdJahesWe)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fliaopeiyuan\u002FGAL)*\r\n+ **A Novel Defending Scheme for Graph-Based Classification Against Graph Structure Manipulating Attack**, *[📝SocialSec](https:\u002F\u002Flink.springer.com\u002Fchapter\u002F10.1007\u002F978-981-15-9031-3_26)*\r\n+ **Iterative Deep Graph Learning for Graph Neural Networks: Better and Robust Node Embeddings**, *[📝NeurIPS](https:\u002F\u002Farxiv.org\u002Fabs\u002F2006.13009)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fhugochan\u002FIDGL)*\r\n+ **Node Copying for Protection Against Graph Neural Network Topology Attacks**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2007.06704)*\r\n+ **Community detection in sparse time-evolving graphs with a dynamical Bethe-Hessian**, *[📝NeurIPS](https:\u002F\u002Farxiv.org\u002Fabs\u002F2006.04510)*\r\n+ **A Feature-Importance-Aware and Robust Aggregator for GCN**, *[📝CIKM](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3340531.3411983)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FLiZhang-github\u002FLA-GCN)*\r\n+ **Anti-perturbation of Online Social Networks by Graph Label Transition**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2010.14121)*\r\n+ **Graph Information Bottleneck**, *[📝NeurIPS](https:\u002F\u002Farxiv.org\u002Fabs\u002F2010.12811)*, *[:octocat:Code](http:\u002F\u002Fsnap.stanford.edu\u002Fgib\u002F)*\r\n+ **Adversarial Detection on Graph Structured Data**, *[📝PPMLP](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3411501.3419424)*\r\n+ **Graph Contrastive Learning with Augmentations**, *[📝NeurIPS](https:\u002F\u002Farxiv.org\u002Fabs\u002F2010.13902)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FShen-Lab\u002FGraphCL)*\r\n+ **Learning Graph Embedding with Adversarial Training Methods**, *[📝IEEE Transactions on Cybernetics](https:\u002F\u002Farxiv.org\u002Fabs\u002F1901.01250)*\r\n+ **I-GCN: Robust Graph Convolutional Network via Influence Mechanism**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2012.06110)*\r\n+ **Adversary for Social Good: Protecting Familial Privacy through Joint Adversarial Attacks**, *[📝AAAI](https:\u002F\u002Fojs.aaai.org\u002F\u002Findex.php\u002FAAAI\u002Farticle\u002Fview\u002F6791)*\r\n+ **Smoothing Adversarial Training for GNN**, *[📝IEEE TCSS](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F9305289?casa_token=fTXIL3hT1yIAAAAA:I4fn-GlF0PIwzPRC87SayRi5_pi2ZDDuSancEsY96A4O4bUBEsp0hSYMNJVGVzMgBWxycYN9qu6D)*\r\n+ **Graph Structure Reshaping Against Adversarial Attacks on Graph Neural Networks**, *[📝None](None)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FGraphReshape\u002FGraphReshape)*\r\n+ **RoGAT: a robust GNN combined revised GAT with adjusted graphs**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2009.13038)*\r\n+ **ResGCN: Attention-based Deep Residual Modeling for Anomaly Detection on Attributed Networks**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2009.14738)*\r\n+ **Adversarial Perturbations of Opinion Dynamics in Networks**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2003.07010)*\r\n+ **Adversarial Privacy Preserving Graph Embedding against Inference Attack**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2008.13072)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FuJ62JHD\u002FPrivacy-Preserving-Social-Network-Embedding)*\r\n+ **Robust Graph Learning From Noisy Data**, *[📝IEEE Trans](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F8605364)*\r\n+ **GNNGuard: Defending Graph Neural Networks against Adversarial Attacks**, *[📝NeurIPS](https:\u002F\u002Farxiv.org\u002Fabs\u002F2006.08149)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fmims-harvard\u002FGNNGuard)*\r\n+ **Transferring Robustness for Graph Neural Network Against Poisoning Attacks**, *[📝WSDM](https:\u002F\u002Farxiv.org\u002Fabs\u002F1908.07558)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Ftangxianfeng\u002FPA-GNN)*\r\n+ **All You Need Is Low (Rank): Defending Against Adversarial Attacks on Graphs**, *[📝WSDM](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3336191.3371789)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FDSE-MSU\u002FDeepRobust)*\r\n+ **How Robust Are Graph Neural Networks to Structural Noise?**, *[📝DLGMA](https:\u002F\u002Farxiv.org\u002Fabs\u002F1912.10206)*\r\n+ **Robust Detection of Adaptive Spammers by Nash Reinforcement Learning**, *[📝KDD](https:\u002F\u002Farxiv.org\u002Fabs\u002F2006.06069)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FYingtongDou\u002FNash-Detect)*\r\n+ **Graph Structure Learning for Robust Graph Neural Networks**, *[📝KDD](https:\u002F\u002Farxiv.org\u002Fabs\u002F2005.10203)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FDSE-MSU\u002FDeepRobust)*\r\n+ **On The Stability of Polynomial Spectral Graph Filters**, *[📝ICASSP](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F9054072)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fhenrykenlay\u002Fspgf)*\r\n+ **On the Robustness of Cascade Diffusion under Node Attacks**, *[📝WWW](https:\u002F\u002Fwww.cs.au.dk\u002F~karras\u002FrobustIC.pdf)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fallogn\u002Frobustness)*\r\n+ **Friend or Faux: Graph-Based Early Detection of Fake Accounts on Social Networks**, *[📝WWW](https:\u002F\u002Farxiv.org\u002Fabs\u002F2004.04834)*\r\n+ **Towards an Efficient and General Framework of Robust Training for Graph Neural Networks**, *[📝ICASSP](https:\u002F\u002Farxiv.org\u002Fabs\u002F2002.10947)*\r\n+ **Robust Graph Representation Learning via Neural Sparsification**, *[📝ICML](https:\u002F\u002Fproceedings.icml.cc\u002Fstatic\u002Fpaper_files\u002Ficml\u002F2020\u002F2611-Paper.pdf)*\r\n+ **Robust Training of Graph Convolutional Networks via Latent Perturbation**, *[📝ECML-PKDD](https:\u002F\u002Fwww.cs.uic.edu\u002F~zhangx\u002Fpapers\u002FJinZha20.pdf)*\r\n+ **Robust Collective Classification against Structural Attacks**, *[📝Preprint](http:\u002F\u002Fwww.auai.org\u002Fuai2020\u002Fproceedings\u002F119_main_paper.pdf)*\r\n+ **Enhancing Graph Neural Network-based Fraud Detectors against Camouflaged Fraudsters**, *[📝CIKM](https:\u002F\u002Farxiv.org\u002Fabs\u002F2008.08692)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fsafe-graph\u002FDGFraud)*\r\n+ **Topological Effects on Attacks Against Vertex Classification**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2003.05822)*\r\n+ **Tensor Graph Convolutional Networks for Multi-relational and Robust Learning**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2003.07729)*\r\n+ **DefenseVGAE: Defending against Adversarial Attacks on Graph Data via a Variational Graph Autoencoder**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2006.08900)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fzhangao520\u002Fdefense-vgae)*\r\n+ **Dynamic Knowledge Graph-based Dialogue Generation with Improved Adversarial Meta-Learning**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2004.08833)*\r\n+ **AANE: Anomaly Aware Network Embedding For Anomalous Link Detection**, *[📝ICDM](https:\u002F\u002Fieeexplore.ieee.org\u002Fdocument\u002F9338406)*\r\n+ **Provably Robust Node Classification via Low-Pass Message Passing**, *[📝ICDM](https:\u002F\u002Fshenghua-liu.github.io\u002Fpapers\u002Ficdm2020-provablerobust.pdf)*\r\n+ **Graph-Revised Convolutional Network**, *[📝ECML-PKDD](https:\u002F\u002Farxiv.org\u002Fabs\u002F1911.07123)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FPlusRoss\u002FGRCN)*\r\n\r\n## 2019\r\n[💨 Back to Top](#table-of-contents)\r\n\r\n+ **Graph Adversarial Training: Dynamically Regularizing Based on Graph Structure**, *[📝TKDE](https:\u002F\u002Farxiv.org\u002Fabs\u002F1902.08226)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Ffulifeng\u002FGraphAT)*\r\n+ **Bayesian graph convolutional neural networks for semi-supervised classification**, *[📝AAAI](https:\u002F\u002Farxiv.org\u002Fabs\u002F1811.11103)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fhuawei-noah\u002FBGCN)*\r\n+ **Target Defense Against Link-Prediction-Based Attacks via Evolutionary Perturbations**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F1809.05912)*\r\n+ **Examining Adversarial Learning against Graph-based IoT Malware Detection Systems**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F1902.04416)*\r\n+ **Adversarial Embedding: A robust and elusive Steganography and Watermarking technique**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F1912.01487)*\r\n+ **Graph Interpolating Activation Improves Both Natural and Robust Accuracies in Data-Efficient Deep Learning**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F1907.06800)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FBaoWangMath\u002FDNN-DataDependentActivation)*\r\n+ **Adversarial Defense Framework for Graph Neural Network**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F1905.03679)*\r\n+ **GraphSAC: Detecting anomalies in large-scale graphs**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F1910.09589)*\r\n+ **Edge Dithering for Robust Adaptive Graph Convolutional Networks**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F1910.09590)*\r\n+ **Can Adversarial Network Attack be Defended?**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F1903.05994)*\r\n+ **GraphDefense: Towards Robust Graph Convolutional Networks**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F1911.04429)*\r\n+ **Adversarial Training Methods for Network Embedding**, *[📝WWW](https:\u002F\u002Farxiv.org\u002Fabs\u002F1908.11514)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fwonniu\u002FAdvT4NE_WWW2019)*\r\n+ **Adversarial Examples on Graph Data: Deep Insights into Attack and Defense**, *[📝IJCAI](https:\u002F\u002Farxiv.org\u002Fabs\u002F1903.01610)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FDSE-MSU\u002FDeepRobust)*\r\n+ **Improving Robustness to Attacks Against Vertex Classification**, *[📝MLG@KDD](http:\u002F\u002Feliassi.org\u002Fpapers\u002Fbenmiller-mlg2019.pdf)*\r\n+ **Adversarial Robustness of Similarity-Based Link Prediction**, *[📝ICDM](https:\u002F\u002Farxiv.org\u002Fabs\u002F1909.01432)*\r\n+ **αCyber: Enhancing Robustness of Android Malware Detection System against Adversarial Attacks on Heterogeneous Graph based Model**, *[📝CIKM](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002F10.1145\u002F3357384.3357875)*\r\n+ **Batch Virtual Adversarial Training for Graph Convolutional Networks**, *[📝ICML](https:\u002F\u002Farxiv.org\u002Fabs\u002F1902.09192)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fthudzj\u002FBVAT)*\r\n+ **Latent Adversarial Training of Graph Convolution Networks**, *[📝LRGSD@ICML](https:\u002F\u002Fgraphreason.github.io\u002Fpapers\u002F35.pdf)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fcshjin\u002FLATGCN)*\r\n+ **Characterizing Malicious Edges targeting on Graph Neural Networks**, *[📝ICLR OpenReview](https:\u002F\u002Farxiv.org\u002Fabs\u002F1906.04214)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FKaidiXu\u002FGCN_ADV_Train)*\r\n+ **Comparing and Detecting Adversarial Attacks for Graph Deep Learning**, *[📝RLGM@ICLR](https:\u002F\u002Frlgm.github.io\u002Fpapers\u002F57.pdf)*\r\n+ **Virtual Adversarial Training on Graph Convolutional Networks in Node Classification**, *[📝PRCV](https:\u002F\u002Farxiv.org\u002Fabs\u002F1902.11045)*\r\n+ **Robust Graph Convolutional Networks Against Adversarial Attacks**, *[📝KDD](http:\u002F\u002Fpengcui.thumedialab.com\u002Fpapers\u002FRGCN.pdf)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fthumanlab\u002Fnrlweb\u002Fblob\u002Fmaster\u002Fstatic\u002Fassets\u002Fdownload\u002FRGCN.zip)*\r\n+ **Investigating Robustness and Interpretability of Link Prediction via Adversarial Modifications**, *[📝NAACL](https:\u002F\u002Farxiv.org\u002Fabs\u002F1905.00563)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fpouyapez\u002Fcriage)*\r\n+ **Topology Attack and Defense for Graph Neural Networks: An Optimization Perspective**, *[📝IJCAI](https:\u002F\u002Farxiv.org\u002Fabs\u002F1906.04214)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FKaidiXu\u002FGCN_ADV_Train)*\r\n+ **Robust Graph Data Learning via Latent Graph Convolutional Representation**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F1904.11883)*\r\n\r\n## 2018\r\n[💨 Back to Top](#table-of-contents)\r\n\r\n+ **Adversarial Personalized Ranking for Recommendation**, *[📝SIGIR](https:\u002F\u002Fdl.acm.org\u002Fcitation.cfm?id=3209981)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fhexiangnan\u002Fadversarial_personalized_ranking)*\r\n\r\n## 2017\r\n[💨 Back to Top](#table-of-contents)\r\n\r\n+ **Adversarial Sets for Regularising Neural Link Predictors**, *[📝UAI](https:\u002F\u002Farxiv.org\u002Fabs\u002F1707.07596)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fuclmr\u002Finferbeddings)*\r\n\r\n\r\n\r\n# 🔐Certification\r\n[💨 Back to Top](#table-of-contents)\r\n\r\n+ **Hierarchical Randomized Smoothing**, *[📝NeurIPS'2023](https:\u002F\u002Fopenreview.net\u002Fforum?id=6IhNHKyuJO)*, *[:octocat:Code](https:\u002F\u002Fwww.cs.cit.tum.de\u002Fdaml\u002Fhierarchical-smoothing)*\r\n+ **(Provable) Adversarial Robustness for Group Equivariant Tasks: Graphs, Point Clouds, Molecules, and More**, *[📝NeurIPS'2023](https:\u002F\u002Fopenreview.net\u002Fforum?id=mLe63bAYc7)*, *[:octocat:Code](https:\u002F\u002Fwww.cs.cit.tum.de\u002Fdaml\u002Fequivariance-robustness\u002F)*\r\n+ **Localized Randomized Smoothing for Collective Robustness Certification**, *[📝ICLR'2023](https:\u002F\u002Fopenreview.net\u002Fforum?id=-k7Lvk0GpBl)*\r\n+ **Graph Adversarial Immunization for Certifiable Robustness**, *[📝arXiv'2023](https:\u002F\u002Farxiv.org\u002Fabs\u002F2302.08051)*\r\n+ **Randomized Message-Interception Smoothing: Gray-box Certificates for Graph Neural Networks**, *[📝NeurIPS'2022](https:\u002F\u002Fopenreview.net\u002Fforum?id=t0VbBTw-o8)*, *[:octocat:Code](https:\u002F\u002Fwww.cs.cit.tum.de\u002Fdaml\u002Finterception-smoothing)*\r\n+ **Certified Robustness of Graph Neural Networks against Adversarial Structural Perturbation**, *[📝KDD'2021](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3447548.3467295)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fbinghuiwang\u002FCertifyGNN)*\r\n+ **Collective Robustness Certificates: Exploiting Interdependence in Graph Neural Networks**, *[📝ICLR'2021](https:\u002F\u002Fopenreview.net\u002Fforum?id=ULQdiUTHe3y)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fjan-schuchardt\u002Fcollective_robustness)*\r\n+ **Adversarial Immunization for Improving Certifiable Robustness on Graphs**, *[📝WSDM'2021](https:\u002F\u002Farxiv.org\u002Fabs\u002F2007.09647)*\r\n+ **Certifying Robustness of Graph Laplacian Based Semi-Supervised Learning**, *[📝ICLR OpenReview'2021](https:\u002F\u002Fopenreview.net\u002Fforum?id=cQyybLUoXxc)*\r\n+ **Robust Certification for Laplace Learning on Geometric Graphs**, *[📝MSML’2021](https:\u002F\u002Farxiv.org\u002Fabs\u002F2104.10837)*\r\n+ **Improving the Robustness of Wasserstein Embedding by Adversarial PAC-Bayesian Learning**, *[📝AAAI'2020](http:\u002F\u002Fstaff.ustc.edu.cn\u002F~hexn\u002Fpapers\u002Faaai20-adversarial-embedding.pdf)*\r\n+ **Certified Robustness of Graph Convolution Networks for Graph Classification under Topological Attacks**, *[📝NeurIPS'2020](https:\u002F\u002Fwww.cs.uic.edu\u002F~zhangx\u002Fpapers\u002FJinetal20.pdf)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FRobustGraph\u002FRoboGraph)*\r\n+ **Certified Robustness of Community Detection against Adversarial Structural Perturbation via Randomized Smoothing**, *[📝WWW'2020](https:\u002F\u002Farxiv.org\u002Fabs\u002F2002.03421)*\r\n+ **Efficient Robustness Certificates for Discrete Data: Sparsity - Aware Randomized Smoothing for Graphs, Images and More**, *[📝ICML'2020](https:\u002F\u002Fproceedings.icml.cc\u002Fbook\u002F2020\u002Ffile\u002F4f7b884f2445ef08da9bbc77b028722c-Paper.pdf)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fabojchevski\u002Fsparse_smoothing)*\r\n+ **Abstract Interpretation based Robustness Certification for Graph Convolutional Networks**, *[📝ECAI'2020](http:\u002F\u002Fecai2020.eu\u002Fpapers\u002F31_paper.pdf)*\r\n+ **Certifiable Robustness of Graph Convolutional Networks under Structure Perturbation**, *[📝KDD'2020](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002F10.1145\u002F3394486.3403217)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fdanielzuegner\u002Frobust-gcn-structure)*\r\n+ **Certified Robustness of Graph Classification against Topology Attack with Randomized Smoothing**, *[📝GLOBECOM'2020](https:\u002F\u002Farxiv.org\u002Fabs\u002F2009.05872)*\r\n+ **Certifiable Robustness and Robust Training for Graph Convolutional Networks**, *[📝KDD'2019](https:\u002F\u002Farxiv.org\u002Fabs\u002F1906.12269)*, *[:octocat:Code](https:\u002F\u002Fwww.kdd.in.tum.de\u002Fresearch\u002Frobust-gcn\u002F)*\r\n+ **Certifiable Robustness to Graph Perturbations**, *[📝NeurIPS'2019](http:\u002F\u002Fpapers.nips.cc\u002Fpaper\u002F9041-certifiable-robustness-to-graph-perturbations)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fabojchevski\u002Fgraph_cert)*\r\n\r\n\r\n\r\n# ⚖Stability\r\n[💨 Back to Top](#table-of-contents)\r\n\r\n+ **On the Prediction Instability of Graph Neural Networks**, *[📝arXiv'2022](https:\u002F\u002Farxiv.org\u002Fabs\u002F2205.10070)*\r\n+ **Stability and Generalization Capabilities of Message Passing Graph Neural Networks**, *[📝arXiv'2022](https:\u002F\u002Farxiv.org\u002Fabs\u002F2202.00645)*\r\n+ **Towards a Unified Framework for Fair and Stable Graph Representation Learning**, *[📝UAI'2021](https:\u002F\u002Farxiv.org\u002Fabs\u002F2102.13186)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fchirag126\u002Fnifty)*\r\n+ **Training Stable Graph Neural Networks Through Constrained Learning**, *[📝arXiv'2021](https:\u002F\u002Farxiv.org\u002Fabs\u002F2110.03576)*\r\n+ **Shift-Robust GNNs: Overcoming the Limitations of Localized Graph Training data**, *[📝NeurIPS'2021](https:\u002F\u002Farxiv.org\u002Fabs\u002F2108.01099)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FGentleZhu\u002FShift-Robust-GNNs)*\r\n+ **Stability of Graph Convolutional Neural Networks to Stochastic Perturbations**, *[📝arXiv'2021](https:\u002F\u002Farxiv.org\u002Fabs\u002F2106.10526)*\r\n+ **Graph and Graphon Neural Network Stability**, *[📝arXiv'2020](https:\u002F\u002Farxiv.org\u002Fabs\u002F2008.01767)*\r\n+ **On the Stability of Graph Convolutional Neural Networks under Edge Rewiring**, *[📝arXiv'2020](https:\u002F\u002Farxiv.org\u002Fabs\u002F2010.13747)*\r\n+ **Stability of Graph Neural Networks to Relative Perturbations**, *[📝ICASSP'2020](https:\u002F\u002Fieeexplore.ieee.org\u002Fdocument\u002F9054341)*\r\n+ **Graph Neural Networks: Architectures, Stability and Transferability**, *[📝arXiv'2020](https:\u002F\u002Farxiv.org\u002Fabs\u002F2008.01767)*\r\n+ **Should Graph Convolution Trust Neighbors? A Simple Causal Inference Method**, *[📝arXiv'2020](https:\u002F\u002Farxiv.org\u002Fabs\u002F2010.11797)*\r\n+ **When Do GNNs Work: Understanding and Improving Neighborhood Aggregation**, *[📝IJCAI Workshop'2019](https:\u002F\u002Fwww.ijcai.org\u002FProceedings\u002F2020\u002F181)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fraspberryice\u002Fala-gcn)*\r\n+ **Stability Properties of Graph Neural Networks**, *[📝arXiv'2019](https:\u002F\u002Farxiv.org\u002Fabs\u002F1905.04497)*\r\n+ **Stability and Generalization of Graph Convolutional Neural Networks**, *[📝KDD'2019](https:\u002F\u002Farxiv.org\u002Fabs\u002F1905.01004)*\r\n\r\n\r\n# 🚀Others\r\n[💨 Back to Top](#table-of-contents)\r\n\r\n+ **Evaluating Robustness and Uncertainty of Graph Models Under Structural Distributional Shifts**, *[📝arXiv‘2023](https:\u002F\u002Farxiv.org\u002Fabs\u002F2302.13875)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fyandex-research\u002Fstructural-graph-shifts)*\r\n+ **We Cannot Guarantee Safety: The Undecidability of Graph Neural Network Verification**, *[📝arXiv'2022](https:\u002F\u002Farxiv.org\u002Fabs\u002F2206.05070)*\r\n+ **A Systematic Evaluation of Node Embedding Robustness**, *[📝LoG‘2022](https:\u002F\u002Fopenreview.net\u002Fforum?id=oxjVVBNrG-)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Faida-ugent\u002FEvalNE-robustness)*\r\n**Generating Adversarial Examples with Graph Neural Networks**, *[📝UAI'2021](https:\u002F\u002Farxiv.org\u002Fabs\u002F2105.14644)*\r\n+ **SIGL: Securing Software Installations Through Deep Graph Learning**, *[📝USENIX'2021](https:\u002F\u002Fwww.usenix.org\u002Fsystem\u002Ffiles\u002Fsec21summer_han-xueyuan.pdf)*\r\n+ **FLAG: Adversarial Data Augmentation for Graph Neural Networks**, *[📝arXiv'2020](https:\u002F\u002Farxiv.org\u002Fabs\u002F2010.09891)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002Fdevnkong\u002FFLAG)*\r\n+ **Dynamic Knowledge Graph-based Dialogue Generation with Improved Adversarial Meta-Learning**, *[📝arXiv'2020](https:\u002F\u002Farxiv.org\u002Fabs\u002F2004.08833)*\r\n+ **Watermarking Graph Neural Networks by Random Graphs**, *[📝arXiv'2020](https:\u002F\u002Farxiv.org\u002Fabs\u002F2011.00512)*\r\n+ **Training Robust Graph Neural Network by Applying Lipschitz Constant Constraint**, *[📝CentraleSupélec'2020](https:\u002F\u002Fgithub.com\u002FSJTUzhou\u002FLipschitz_gnn\u002Fblob\u002Fmain\u002FGNN_Robust_report.pdf)*, *[:octocat:Code](https:\u002F\u002Fgithub.com\u002FSJTUzhou\u002FLipschitz_gnn)*\r\n+ **CAP: Co-Adversarial Perturbation on Weights and Features for Improving Generalization of Graph Neural Networks**, *[📝arXiv'2021](https:\u002F\u002Farxiv.org\u002Fabs\u002F2110.14855)*\r\n+ **When Does Self-Supervision Help Graph Convolutional Networks?**, *[📝ICML'2020](https:\u002F\u002Farxiv.org\u002Fabs\u002F2006.09136)*\r\n+ **Perturbation Sensitivity of GNNs**, *[📝cs224w'2019](http:\u002F\u002Fsnap.stanford.edu\u002Fclass\u002Fcs224w-2019\u002Fproject\u002F26424139.pdf)*\r\n\r\n# 📃Survey\r\n[💨 Back to Top](#table-of-contents)\r\n\r\n+ **Graph Vulnerability and Robustness: A Survey**, *[📝TKDE'2022](https:\u002F\u002Farxiv.org\u002Fabs\u002F2105.00419)*\r\n+ **A Comprehensive Survey on Trustworthy Graph Neural Networks: Privacy, Robustness, Fairness, and Explainability**, *[📝arXiv'2022](https:\u002F\u002Farxiv.org\u002Fabs\u002F2204.08570)*\r\n+ **Trustworthy Graph Neural Networks: Aspects, Methods and Trends**, *[📝arXiv'2022](https:\u002F\u002Farxiv.org\u002Fabs\u002F2205.07424)*\r\n+ **A Survey of Trustworthy Graph Learning: Reliability, Explainability, and Privacy Protection**, *[📝arXiv'2022](https:\u002F\u002Farxiv.org\u002Fabs\u002F2205.10014)*\r\n+ **A Comparative Study on Robust Graph Neural Networks to Structural Noises**, *[📝AAAI DLG'2022](https:\u002F\u002Farxiv.org\u002Fabs\u002F2112.06070)*\r\n+ **Deep Graph Structure Learning for Robust Representations: A Survey**, *[📝arXiv'2021](https:\u002F\u002Farxiv.org\u002Fabs\u002F2103.03036)*\r\n+ **Robustness of deep learning models on graphs: A survey**, *[📝AI Open'2021](https:\u002F\u002Farxiv.org\u002Fabs\u002F1812.04202)*\r\n+ **Graph Neural Networks Methods, Applications, and Opportunities**, *[📝arXiv'2021](https:\u002F\u002Farxiv.org\u002Fabs\u002F2108.10733)*\r\n+ **Adversarial Attacks and Defenses on Graphs: A Review, A Tool and Empirical Studies**, *[📝SIGKDD Explorations'2021](https:\u002F\u002Farxiv.org\u002Fabs\u002F2003.00653)*\r\n+ **A Survey of Adversarial Learning on Graph**, *[📝arXiv'2020](https:\u002F\u002Farxiv.org\u002Fabs\u002F2003.05730)*\r\n+ **Graph Neural Networks Taxonomy, Advances and Trends**, *[📝arXiv'2020](https:\u002F\u002Farxiv.org\u002Fabs\u002F2012.08752)*\r\n+ **Recent Advances in Reliable Deep Graph Learning: Inherent Noise, Distribution Shift, and Adversarial Attack**, *[📝arXiv'2022](https:\u002F\u002Farxiv.org\u002Fabs\u002F2202.07114)*\r\n+ **Adversarial Attacks and Defenses in Images, Graphs and Text: A Review**, *[📝arXiv'2019](https:\u002F\u002Farxiv.org\u002Fabs\u002F1909.08072)*\r\n+ **Deep Learning on Graphs: A Survey**, *[📝arXiv'2018](https:\u002F\u002Farxiv.org\u002Fabs\u002F1812.04202)*\r\n+ **Adversarial Attack and Defense on Graph Data: A Survey**, *[📝arXiv'2018](https:\u002F\u002Farxiv.org\u002Fabs\u002F1812.10528)*\r\n\r\n\r\n\r\n# ⚙Toolbox\r\n[💨 Back to Top](#table-of-contents)\r\n\r\n+ **DeepRobust: a Platform for Adversarial Attacks and Defenses**, *[📝AAAI’2021](https:\u002F\u002Fojs.aaai.org\u002Findex.php\u002FAAAI\u002Farticle\u002Fview\u002F18017)*, [**:octocat:DeepRobust**](https:\u002F\u002Fgithub.com\u002FDSE-MSU\u002FDeepRobust)\r\n+ **GreatX: A graph reliability toolbox based on PyTorch and PyTorch Geometric**, *[📝arXiv’2022]()*, [**:octocat:GreatX**](https:\u002F\u002Fgithub.com\u002FEdisonLeeeee\u002FGreatX)\r\n+ **Evaluating Graph Vulnerability and Robustness using TIGER**, *[📝arXiv‘2021](https:\u002F\u002Farxiv.org\u002Fabs\u002F2006.05648)*, [**:octocat:TIGER**](https:\u002F\u002Fgithub.com\u002Fsafreita1\u002FTIGER)\r\n+ **Graph Robustness Benchmark: Rethinking and Benchmarking Adversarial Robustness of Graph Neural Networks**, *[📝NeurIPS'2021](https:\u002F\u002Fopenreview.net\u002Fforum?id=pBwQ82pYha)*, [**:octocat:Graph Robustness Benchmark (GRB)**](https:\u002F\u002Fgithub.com\u002Fthudm\u002Fgrb)\r\n\r\n\r\n# 🔗Resource\r\n[💨 Back to Top](#table-of-contents)\r\n\r\n+ **Awesome Adversarial Learning on Recommender System** [:octocat:Link](https:\u002F\u002Fgithub.com\u002FEdisonLeeeee\u002FRS-Adversarial-Learning)\r\n+ **Awesome Graph Attack and Defense Papers** [:octocat:Link](https:\u002F\u002Fgithub.com\u002FChandlerBang\u002Fawesome-graph-attack-papers)\r\n+ **Graph Adversarial Learning Literature** [:octocat:Link](https:\u002F\u002Fgithub.com\u002Fsafe-graph\u002Fgraph-adversarial-learning-literature)\r\n+ **A Complete List of All (arXiv) Adversarial Example Papers** [🌐Link](https:\u002F\u002Fnicholas.carlini.com\u002Fwriting\u002F2019\u002Fall-adversarial-example-papers.html)\r\n+ **Adversarial Attacks and Defenses Frontiers, Advances and Practice**, *KDD'20 tutorial*, [🌐Link](https:\u002F\u002Fsites.google.com\u002Fview\u002Fkdd-2020-attack-and-defense)\r\n+ **Trustworthy Graph Learning: Reliability, Explainability, and Privacy Protection**, *KDD'22 tutorial*, [🌐Link](https:\u002F\u002Fai.tencent.com\u002Failab\u002Fml\u002Ftwgl\u002F)\r\n+ **Adversarial Robustness of Representation Learning for Knowledge Graphs**, *PhD Thesis at Trinity College Dublin*, [📝Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2210.00122)\r\n\r\n\r\n\r\n","# ⚔🛡 令人惊叹的图对抗学习\n\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FContributions-Welcome-278ea5\" alt=\"Contrib\"\u002F> \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FNumber%20of%20Papers-416-FF6F00\" alt=\"PaperNum\"\u002F>\n\n\u003Ca class=\"toc\" id=\"table-of-contents\">\u003C\u002Fa>\n- [⚔🛡 令人惊叹的图对抗学习](#-awesome-graph-adversarial-learning)\n- [👀快速浏览](#quick-look)\n- [⚔攻击](#attack)\n  - [2023年](#2023)\n  - [2022年](#2022)\n  - [2021年](#2021)\n  - [2020年](#2020)\n  - [2019年](#2019)\n  - [2018年](#2018)\n  - [2017年](#2017)\n- [🛡防御](#defense)\n  - [2023年](#2023-1)\n  - [2022年](#2022-1)\n  - [2021年](#2021-1)\n  - [2020年](#2020-1)\n  - [2019年](#2019-1)\n  - [2018年](#2018-1)\n  - [2017年](#2017-1)\n- [🔐认证](#certification)\n- [⚖稳定性](#stability)\n- [🚀其他](#others)\n- [📃综述](#survey)\n- [⚙工具箱](#toolbox)\n- [🔗资源](#resource)\n\n\u003Cimg width =500 height =300 src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FEdisonLeeeee_Graph-Adversarial-Learning_readme_70dcd3e64ab0.png\" >\n\n本仓库收录了从2017年至2021年间与攻击、防御及鲁棒性认证等相关论文。若您觉得本仓库有所帮助，请引用以下文献：\n*《图上的对抗学习综述》，arXiv'20*, [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2003.05730)\n\n```bibtex\n@article{chen2020survey,\n  title={A Survey of Adversarial Learning on Graph},\n  author={Chen, Liang and Li, Jintang and Peng, Jiaying and Xie, \n        Tao and Cao, Zengxu and Xu, Kun and He, \n        Xiangnan and Zheng, Zibin and Wu, Bingzhe},\n  journal={arXiv preprint arXiv:2003.05730},\n  year={2020}\n}\n```\n\n# 👀快速浏览\n\n本仓库中的论文按不同方式分类或排序：\n\n| [按字母顺序](Categorized\u002Falphabet.md) | [按年份](Categorized\u002Fyear.md) | [按会议\u002F期刊](Categorized\u002Fvenue.md) | [附有代码的论文](Categorized\u002Fpapers_with_code.md) |\n\n若想快速了解仓库中近30天内更新的论文，可参考[📍此处](Categorized\u002Frecent.md)。\n\n# ⚔攻击\n\n## 2023年\n[💨 返回顶部](#table-of-contents)\n+ **从数据分布视角重新审视图对抗攻击与防御**, *[📝ICLR](https:\u002F\u002Fopenreview.net\u002Fforum?id=dSYoPjM5J_W)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Flikuanppd\u002FSTRG)*\n+ **让图成为围棋棋盘：基于强化学习的无梯度节点注入攻击**, *[📝AAAI](https:\u002F\u002Farxiv.org\u002Fabs\u002F2211.10782)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fjumxglhf\u002FG2A2C)*\n+ **GUAP：通过对抗补丁实现的图通用攻击**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2301.01731)*, *[:octocat:代码](https:\u002F\u002Fanonymous.4open.science\u002Fr\u002Fffd4fad9-367f-4a2a-bc65-1a7fe23d9d7f\u002F)*\n+ **面向特定类别的网络投毒节点注入攻击**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2301.12277)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Frahulk207\u002Fnicki)*\n+ **针对图神经网络的隐蔽后门攻击**, *[📝WWW](https:\u002F\u002Farxiv.org\u002Fabs\u002F2303.01263)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fventr1c\u002FUGBA)*\n+ **一种针对图卷积网络的语义后门攻击**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2302.14353)*\n\n## 2022\n[💨 返回顶部](#table-of-contents)\n\n+ **图神经网络的对抗攻击：作为一种影响力最大化问题**, *[📝WSDM](https:\u002F\u002Farxiv.org\u002Fabs\u002F2106.10785)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FTheaperDeng\u002FGNN-Attack-InfMax)*\n+ **针对图神经网络的推理攻击**, *[📝USENIX Security](https:\u002F\u002Farxiv.org\u002Fabs\u002F2110.02631)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FZhangzhk0819\u002FGNN-Embedding-Leaks)*\n+ **针对归纳式图神经网络的模型窃取攻击**, *[📝IEEE Symposium on Security and Privacy](https:\u002F\u002Farxiv.org\u002Fabs\u002F2112.08331)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fxinleihe\u002FGNNStealing)*\n+ **基于对比损失反向传播的无监督图中毒攻击**, *[📝WWW](https:\u002F\u002Farxiv.org\u002Fabs\u002F2201.07986)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FRinneSz\u002FCLGA)*\n+ **图卷积网络中的邻域后门攻击**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2201.06202)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FEdisonLeeeee\u002FGraphWar)*\n+ **通过提升隐蔽性理解并改进图注入攻击**, *[📝ICLR](https:\u002F\u002Fopenreview.net\u002Fforum?id=wkMG8cdvh7-)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FLFhase\u002FGIA-HAO)*\n+ **蒙眼攻击者依然构成威胁：严格的黑盒图对抗攻击**, *[📝AAAI](https:\u002F\u002Farxiv.org\u002Fabs\u002F2012.06757)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fgalina0217\u002Fstack)*\n+ **越多越好（通常如此）：关于联邦图神经网络中的后门攻击**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2202.03195)*\n+ **图神经网络的黑盒节点注入攻击**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2202.09389)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fjumxglhf\u002FGA2C)*\n+ **用于攻击基于图的谣言检测的可解释且高效的强化学习**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2201.05819)*\n+ **基于投影排序的图神经网络规避攻击**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2202.12993)*\n+ **GAP：基于聚合扰动的差分隐私图神经网络**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2203.00949)*\n+ **图神经网络的模型提取攻击：分类与实现**, *[📝Asia CCS](https:\u002F\u002Farxiv.org\u002Fabs\u002F2010.12751)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FTrustworthyGNN\u002FMEA-GNN)*\n+ **基于结构扰动的黑盒图神经网络攻击的带约束多臂老虎机方法及其理论保证**, *[📝CVPR](https:\u002F\u002Farxiv.org\u002Fabs\u002F2205.03546)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FMetaoblivion\u002FBandit_GNN_Attack)*\n+ **可迁移的图后门攻击**, *[📝RAID](https:\u002F\u002Farxiv.org\u002Fabs\u002F2207.00425)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FMetaoblivion\u002FBandit_GNN_Attack)*\n+ **基于图的异常检测的对抗鲁棒性**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2206.08260)*\n+ **标签特异性攻击：按我的意愿更改你的标签**, *[📝IJIS](https:\u002F\u002Fonlinelibrary.wiley.com\u002Fdoi\u002Ffull\u002F10.1002\u002Fint.22902)*\n+ **AdverSparse：面向深度时空图神经网络的对抗攻击框架**, *[📝ICASSP](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F9747850)*\n+ **基于等距映射的代理表示学习用于灰盒图对抗攻击**, *[📝WSDM](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002F10.1145\u002F3488560.3498481)*\n+ **聚类攻击：基于查询的图对抗攻击，结合图相关先验信息**, *[📝IJCAI](https:\u002F\u002Farxiv.org\u002Fabs\u002F2109.13069)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fthuwzy\u002FCluster-Attack)*\n+ **仅基于标签的成员推断攻击：针对节点级图神经网络的聚类攻击——基于查询的图对抗攻击，结合图相关先验信息**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2207.13766)*\n+ **图节点注入攻击的对抗伪装**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2208.01819)*\n+ **在灰盒攻击中，图结构上的梯度是否可靠？**, *[📝CIKM](https:\u002F\u002Farxiv.org\u002Fabs\u002F2208.05514)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FZihan-Liu-00\u002FAtkSE)*\n+ **图节点注入攻击的对抗伪装**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2208.01819)*\n+ **通过扰动谱距离进行图结构攻击**, *[📝KDD](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3534678.3539435)*\n+ **在攻击图结构时，梯度能告诉我们什么？**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2208.12815)*\n+ **BinarizedAttack：针对基于图的异常检测的结构毒化攻击**, *[📝ICDM](https:\u002F\u002Farxiv.org\u002Fabs\u002F2106.09989)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fzhuyulin-tony\u002FBinarizedAttack)*\n+ **针对图神经网络的模型逆向攻击**, *[📝TKDE](https:\u002F\u002Farxiv.org\u002Fabs\u002F2209.07807)*\n+ **图神经网络的稀疏恶性攻击**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2209.09688)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FGiovanniTRA\u002FSAVAGE)*\n+ **利用生成式代理攻击毒化基于图神经网络的推荐系统**, *[📝ACM TIS](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3567420)*\n+ **应对不均衡性：对基于图的攻防更深入的理解**, *[📝Machine Learning](https:\u002F\u002Flink.springer.com\u002Farticle\u002F10.1007\u002Fs10994-022-06234-4)*\n+ **针对鲁棒图神经网络的成员推断攻击**, *[📝CSS](https:\u002F\u002Flink.springer.com\u002Fchapter\u002F10.1007\u002F978-3-031-18067-5_19)*\n+ **跨组链接注入的对抗攻击会降低图神经网络的公平性**, *[📝ICDM](https:\u002F\u002Farxiv.org\u002Fabs\u002F2209.05957)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fmengcao327\u002Fattack-gnn-fairness)*\n+ **重新审视基于图神经网络的协同过滤中的物品推广：从掩蔽的目标拓扑攻击视角来看**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2208.09979)*\n+ **链接后门：通过节点注入进行链接预测的后门攻击**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2208.06776)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FSeaocn\u002FLink-Backdoor)*\n+ **基于特征解释的私密图提取**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2206.14724)*\n+ **面向保密意识的签名图信任预测对抗攻击**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2206.13104)*\n+ **图神经网络的伪装毒化攻击**, *[📝ICDM](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3512527.3531373)*\n+ **LOKI：一种针对下一物品推荐的实用数据毒化攻击框架**, *[📝TKDE](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F9806383)*\n+ **为社交隐私而战的对抗者：一种通过毒化策略降低用户身份关联性的方法**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2209.00269)*\n+ **针对半监督节点分类的图神经网络探索性对抗攻击**, *[📝Pattern Recognition](https:\u002F\u002Fwww.sciencedirect.com\u002Fscience\u002Farticle\u002Fpii\u002FS0031320322005222)*\n+ **GANI：通过不可察觉的节点注入对图神经网络实施全局攻击**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2210.12598)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Falexfanjn\u002FGANI)*\n+ **基序后门：通过基序重新思考图神经网络的后门攻击**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2210.13710)*\n+ **图神经网络的防御措施是否足够 robust？**, *[📝NeurIPS](https:\u002F\u002Fpublications.cispa.saarland\u002F3812\u002F1\u002Fare_defenses_for_graph_neural_networks_robust.pdf)*, *[:octocat:代码](https:\u002F\u002Fwww.cs.cit.tum.de\u002Fdaml\u002Fare-gnn-defenses-robust\u002F)*\n+ **通过标签传播对图神经网络实施对抗性标签毒化攻击**, *[📝ECCV](https:\u002F\u002Fwww.ecva.net\u002Fpapers\u002Feccv_2022\u002Fpapers_ECCV\u002Fpapers\u002F136650223.pdf)*\n+ **针对离散时间动态图模型的不可察觉对抗攻击**, *[📝NeurIPS](https:\u002F\u002Fopenreview.net\u002Fforum?id=YMrdoXP3x_A)*\n+ **通过梯度去偏见实现非目标图结构攻击中的合理预算分配**, *[📝NeurIPS](https:\u002F\u002Fopenreview.net\u002Fforum?id=vkGk2HI8oOP)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FZihan-Liu-00\u002FGraD--NeurIPS22)*\n+ **为社会公益而战的对抗者：利用属性混淆攻击保护社交网络用户的隐私**, *[📝SecureComm](https:\u002F\u002Flink.springer.com\u002Fchapter\u002F10.1007\u002F978-3-031-25538-0_37)*\n\n## 2021年\n[💨 返回顶部](#table-of-contents)\n\n+ **从图神经网络中窃取链接**, *[📝USENIX Security](https:\u002F\u002Fwww.usenix.org\u002Fsystem\u002Ffiles\u002Fsec21summer_he.pdf)*\n+ **PATHATTACK：攻击复杂网络中的最短路径**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2104.03761)*\n+ **Structack：基于结构的图神经网络对抗攻击**, *[📝ACM Hypertext](https:\u002F\u002Farxiv.org\u002Fabs\u002F2107.11327)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fsqrhussain\u002Fstructack)*\n+ **针对最短路径攻击的最优边权重扰动**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2107.03347)*\n+ **为推荐系统新兴威胁做好准备？一种基于图卷积的生成式刷单攻击**, *[📝Information Sciences](https:\u002F\u002Farxiv.org\u002Fabs\u002F2107.10457)*\n+ **通过重布线进行的图对抗攻击**, *[📝KDD](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3447548.3467416)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Falge24\u002FReWatt)*\n+ **针对图神经网络的成员推理攻击**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2101.06570)*\n+ **图后门**, *[📝USENIX Security](https:\u002F\u002Farxiv.org\u002Fabs\u002F2006.11890)*\n+ **TDGIA：对图神经网络的有效注入攻击**, *[📝KDD](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3447548.3467314)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FTHUDM\u002Ftdgia)*\n+ **知识有限情况下图嵌入模型的对抗攻击框架**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2105.12419)*\n+ **大规模图上的对抗攻击**, *[📝TKDE](https:\u002F\u002Farxiv.org\u002Fabs\u002F2009.03488)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FEdisonLeeeee\u002FSGAttack)*\n+ **图神经网络的黑盒梯度攻击：关于基于图的攻击与防御的更深入洞察**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2104.15061)*\n+ **利用图神经网络联合检测并定位智能电网中的隐蔽虚假数据注入攻击**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2104.11846)*\n+ **可变形形状的通用谱对抗攻击**, *[📝CVPR](https:\u002F\u002Farxiv.org\u002Fabs\u002F2104.03356)*\n+ **SAGE：基于入侵告警的攻击图提取器**, *[📝KDD研讨会](https:\u002F\u002Farxiv.org\u002Fabs\u002F2107.02783)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Ftudelft-cda-lab\u002FSAGE)*\n+ **基于图的交通预测模型上的对抗扩散攻击**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2104.09369)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FLYZ98\u002FAdversarial-Diffusion-Attacks-on-Graph-based-Traffic-Prediction-Models)*\n+ **VIKING：通过监督式网络投毒进行的网络嵌入对抗攻击**, *[📝PAKDD](https:\u002F\u002Farxiv.org\u002Fabs\u002F2102.07164)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fvirresh\u002Fviking)*\n+ **基于可解释性的图神经网络后门攻击**, *[📝WiseML@WiSec](https:\u002F\u002Farxiv.org\u002Fabs\u002F2104.03674)*\n+ **GraphAttacker：一个通用的多任务图攻击框架**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2101.06855)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fhonoluluuuu\u002FGraphAttacker)*\n+ **大规模攻击图神经网络**, *[📝AAAI研讨会](https:\u002F\u002Fwww.dropbox.com\u002Fs\u002Fddrwoswpz3wwx40\u002FRobust_GNNs_at_Scale__AAAI_Workshop_2020_CameraReady.pdf?dl=0)*\n+ **节点级别的图神经网络成员推理攻击**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2102.05429)*\n+ **用于图神经网络数据投毒的强化学习**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2102.06800)*\n+ **DeHiB：通过对抗扰动生成的半监督学习深层隐藏后门攻击**, *[📝AAAI](https:\u002F\u002Fojs.aaai.org\u002Findex.php\u002FAAAI\u002Farticle\u002Fview\u002F17266)*\n+ **Graphfool：针对图嵌入的定向标签对抗攻击**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2102.12284)*\n+ **揭示政治人物社交网络图结构上的并行对抗攻击**, *[📝Security and Communication Networks](https:\u002F\u002Fwww.hindawi.com\u002Fjournals\u002Fscn\u002F2021\u002F6631247)*\n+ **网络嵌入攻击：一种基于欧氏距离的方法**, *[📝MDATA](https:\u002F\u002Flink.springer.com\u002Fchapter\u002F10.1007%2F978-3-030-71590-8_8)*\n+ **保留、促进还是攻击？通过拓扑扰动实现的GNN解释**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2103.12256)*\n+ **联合攻击图神经网络及其解释**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2108.03388)*\n+ **用于半监督学习的图随机神经网络**, *[📝arXiv](https:\u002F\u002Fpapers.nips.cc\u002Fpaper\u002F2020\u002Ffile\u002Fe586a4f55fb43a540c2e9dab45e00f53-Paper.pdf)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FGSNN\u002FGSNN)*\n+ **图神经网络的迭代深度图学习：更好且鲁棒的节点嵌入**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2006.13009)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fhugochan\u002FIDGL)*\n+ **单节点攻击以愚弄图神经网络**, *[📝KDD研讨会](https:\u002F\u002Fdrive.google.com\u002Ffile\u002Fd\u002F12arm9w6UmvSIzGmaoocdH70czx7RVzGr\u002Fview)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fgnnattack\u002FSINGLE)*\n+ **图k-shell结构在对抗攻击下的鲁棒性**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2107.13962)*\n+ **通过关系推理模式污染知识图谱嵌入**, *[📝ACL](https:\u002F\u002Faclanthology.org\u002F2021.acl-long.147)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FPeruBhardwaj\u002FInferenceAttack)*\n+ **针对图神经网络的硬标签黑盒对抗攻击**, *[📝CCS](https:\u002F\u002Farxiv.org\u002Fabs\u002F2108.09513)*\n+ **GNNUnlock：基于图神经网络的无Oracle解锁方案，用于可证明安全的逻辑锁定**, *[📝DATE会议](https:\u002F\u002Farxiv.org\u002Fabs\u002F2104.13012)*\n+ **针对图神经网络的单节点注入攻击**, *[📝CIKM](https:\u002F\u002Farxiv.org\u002Fabs\u002F2108.13049)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FTaoShuchang\u002FG-NIA)*\n+ **针对时空图神经网络的空间聚焦攻击**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2109.04608)*\n+ **无导数优化的图卷积网络对抗攻击**, *[📝PeerJ](https:\u002F\u002Fpeerj.com\u002Farticles\u002Fcs-693)*\n+ **投影排名：一种可迁移的图神经网络规避攻击方法**, *[📝CIKM](https:\u002F\u002Fshiruipan.github.io\u002Fpublication\u002Fcikm-21-zhang\u002Fcikm-21-zhang.pdf)*\n+ **面向动态网络链路预测的时间感知梯度攻击**, *[📝TKDE](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F9531428)*\n+ **Graph-Fraudster：基于图神经网络的垂直联邦学习对抗攻击**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2110.06468)*\n+ **将成员推理攻击适配于图分类的GNN：方法与启示**, *[📝ICDM](https:\u002F\u002Farxiv.org\u002Fabs\u002F2110.08760)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FTrustworthyGNN\u002FMIA-GNN)*\n+ **基于后门攻击的图神经网络水印技术**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2110.11024)*\n+ **大规模下图神经网络的鲁棒性**, *[📝NeurIPS](https:\u002F\u002Farxiv.org\u002Fpdf\u002F2110.14038.pdf)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fsigeisler\u002Frobustness_of_gnns_at_scale)*\n+ **从对抗鲁棒性的视角看神经组合求解器的泛化能力**, *[📝NeurIPS](https:\u002F\u002Farxiv.org\u002Fabs\u002F2110.10942)*\n+ **图通用对抗攻击：少数不良行为者毁掉图学习模型**, *[📝IJCAI](https:\u002F\u002Fwww.ijcai.org\u002Fproceedings\u002F2021\u002F458)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fchisam0217\u002FGraph-Universal-Attack)*\n+ **通过贝叶斯优化对图分类进行对抗攻击**, *[📝NeurIPS](https:\u002F\u002Farxiv.org\u002Fabs\u002F2111.02842)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fxingchenwan\u002Fgrabnel)*\n+ **通过实例归因方法对知识图谱嵌入进行对抗攻击**, *[📝EMNLP](https:\u002F\u002Farxiv.org\u002Fabs\u002F2111.03120)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FPeruBhardwaj\u002FAttributionAttack)*\n+ **COREATTACK：破坏图的核心结构**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2111.15276)*\n+ **UNTANGLE：利用基于图神经网络的链路预测解锁路由与逻辑混淆**, *[📝ICCAD](https:\u002F\u002Farxiv.org\u002Fabs\u002F2111.07062)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Flilasrahis\u002Funtangle)*\n+ **GraphMI：从图神经网络中提取私有图数据**, *[📝IJCAI](https:\u002F\u002Fwww.ijcai.org\u002Fproceedings\u002F2021\u002F516)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fzaixizhang\u002FGraphMI)*\n+ **针对基于图的Android恶意软件检测的结构性攻击**, *[📝CCS](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3460120.3485387)*\n+ **针对跨语言知识图谱对齐的对抗攻击**, *[📝EMNLP](https:\u002F\u002Faclanthology.org\u002F2021.emnlp-main.432)*\n+ **FHA：针对图卷积网络的快速启发式攻击**, *[📝ICDS](https:\u002F\u002Flink.springer.com\u002Fchapter\u002F10.1007\u002F978-3-030-88942-5_12)*\n+ **任务和模型无关的图神经网络对抗攻击**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2112.13267)*\n+ **秘密网络成员如何隐藏其领导者的身份**, *[📝ACM TIST](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Ffull\u002F10.1145\u002F3490462)*\n+ **重新审视用于图分类的图神经网络对抗攻击**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2208.06651)*\n\n## 2020年\n[💨 返回顶部](#table-of-contents)\n\n+ **一种针对隐私保护记录链接的图匹配攻击**, *[📝CIKM](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3340531.3411931)*\n+ **一种针对恶意软件检测图神经网络的语义保持强化学习攻击**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2009.05602)*\n+ **基于GAN的图嵌入自适应对抗攻击**, *[📝SocialSec](https:\u002F\u002Flink.springer.com\u002Fchapter\u002F10.1007\u002F978-981-15-9031-3_7)*\n+ **利用交替方向乘子法对图神经网络进行可扩展的对抗攻击**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2009.10233)*\n+ **基于图神经网络的时空预测中的一点攻击**, *[📝ICLR OpenReview](https:\u002F\u002Fopenreview.net\u002Fforum?id=W0MKrbVOxtd)*\n+ **将图神经网络的近黑盒对抗攻击视为影响力最大化问题**, *[📝ICLR OpenReview](https:\u002F\u002Fopenreview.net\u002Fforum?id=sbyjwhxxT8K)*\n+ **深度图匹配中的对抗攻击**, *[📝NeurIPS](https:\u002F\u002Fpapers.nips.cc\u002Fpaper\u002F2020\u002Ffile\u002Fef126722e64e98d1c33933783e52eafc-Paper.pdf)*\n+ **在不改变现有连接的情况下攻击基于图的分类模型**, *[📝ACSAC](https:\u002F\u002Fcse.sc.edu\u002F~zeng1\u002Fpapers\u002F2020-acsac-graph.pdf)*\n+ **深度图信息最大化的交叉熵攻击**, *[📝IEEE ISCAS](https:\u002F\u002Fieeexplore.ieee.org\u002Fdocument\u002F9180817)*\n+ **通过定向扰动生成欺骗知识图谱增强模型的方法**, *[📝ICLR](https:\u002F\u002Farxiv.org\u002Fabs\u002F2010.12872)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FINK-USC\u002Fdeceive-KG-models)*\n+ **迈向更实用的图神经网络对抗攻击**, *[📝NeurIPS](https:\u002F\u002Farxiv.org\u002Fabs\u002F2006.05057)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FMark12Ding\u002FGNN-Practical-Attack)*\n+ **图神经网络的标签翻转对抗攻击与防御**, *[📝ICDM](http:\u002F\u002Fshichuan.org\u002Fdoc\u002F97.pdf)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FMengmeiZ\u002FLafAK)*\n+ **图神经网络的探索性对抗攻击**, *[📝ICDM](https:\u002F\u002Fieeexplore.ieee.org\u002Fdocument\u002F9338329)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FEpoAtk\u002FEpoAtk)*\n+ **图卷积网络的定向通用攻击**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2011.14365)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FNanyuu\u002FTUA)*\n+ **无需查询的图黑盒对抗攻击**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2012.06757)*\n+ **基于强化学习的黑盒逃避攻击用于动态图中的链接预测**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2009.00163)*\n+ **通过影响力函数实现对图神经网络的有效逃避攻击**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2009.00203)*\n+ **图神经网络的后门攻击**, *[📝SACMAT](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fpdf\u002F10.1145\u002F3450569.3463560)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fzaixizhang\u002Fgraphbackdoor)*\n+ **基于迭代梯度攻击的链接预测对抗攻击**, *[📝IEEE Trans](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F9141291)*\n+ **层次化图池化神经网络的对抗攻击**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2005.11560)*\n+ **通过隐藏个体进行社区发现的对抗攻击**, *[📝WWW](https:\u002F\u002Farxiv.org\u002Fabs\u002F2001.07933)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fhalimiqi\u002FCD-ATTACK)*\n+ **操纵网络中的节点相似性度量**, *[📝AAMAS](https:\u002F\u002Farxiv.org\u002Fabs\u002F1910.11529)*\n+ **一种面向图嵌入模型攻击的受限黑盒对抗框架**, *[📝AAAI](https:\u002F\u002Farxiv.org\u002Fabs\u002F1908.01297)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FSwiftieH\u002FGFAttack)*\n+ **通过毒化邻居节点对图卷积网络实施间接对抗攻击**, *[📝BigData](https:\u002F\u002Farxiv.org\u002Fabs\u002F2002.08012)*\n+ **通过节点注入对图神经网络进行对抗攻击：一种层次化强化学习方法**, *[📝WWW](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002F10.1145\u002F3366423.3380149)*\n+ **一种针对图结构数据的有效对抗攻击**, *[📝IJCAI Workshop](https:\u002F\u002Fwww.aisafetyw.org\u002Fprogramme)*\n+ **图神经网络的实际对抗攻击**, *[📝ICML Workshop](https:\u002F\u002Fgrlplus.github.io\u002Fpapers\u002F8.pdf)*\n+ **图神经网络的对抗攻击：扰动及其模式**, *[📝TKDD](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002F10.1145\u002F3394520)*\n+ **基于图神经网络的链接预测算法的对抗攻击**, *[📝Asia CCS](https:\u002F\u002Fiqua.ece.toronto.edu\u002Fpapers\u002Fwlin-asiaccs20.pdf)*\n+ **通过注入恶意节点对图数据进行可扩展攻击**, *[📝ECML-PKDD](https:\u002F\u002Farxiv.org\u002Fabs\u002F2004.13825)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fwangjh-github\u002FAFGSM)*\n+ **离散数据对抗性逃避攻击的可攻击性刻画**, *[📝KDD](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002F10.1145\u002F3394486.3403194)*\n+ **MGA：网络中的动量梯度攻击**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2002.11320)*\n+ **无标度网络的对抗攻击：测试物理标准的鲁棒性**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2002.01249)*\n+ **网络中意见动态的对抗性扰动**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2003.07010)*\n+ **网络破坏：最大化社交网络中的分歧与极化**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2003.08377)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fmayee107\u002Fnetwork-disruption)*\n+ **针对无标度网络BC分类的对抗攻击**, *[📝AIP Chaos](https:\u002F\u002Faip.scitation.org\u002Fdoi\u002F10.1063\u002F5.0003707)*\n\n## 2019年\n[💨 返回顶部](#table-of-contents)\n\n+ **通过重布线攻击图卷积网络**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F1906.03750)*\n+ **针对网络嵌入的无监督欧几里得距离攻击**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F1905.11015)*\n+ **面向通用实现与更好可解释性的结构化对抗攻击**, *[📝ICLR](https:\u002F\u002Farxiv.org\u002Fabs\u002F1808.01664)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FKaidiXu\u002FStrAttack)*\n+ **基于潜在变量扰动建模的可泛化对抗攻击**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F1905.10864)*\n+ **顶点提名、一致性估计与对抗性修改**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F1905.01776)*\n+ **PeerNets：利用同伴智慧抵御对抗攻击**, *[📝ICLR](https:\u002F\u002Farxiv.org\u002Fabs\u002F1806.00088)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Ftantara\u002FPeerNets-pytorch)*\n+ **网络结构脆弱性：多目标攻击者视角**, *[📝IEEE Trans](https:\u002F\u002Fieeexplore.ieee.org\u002Fdocument\u002F8275029)*\n+ **社区检测的多尺度进化扰动攻击**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F1910.09741)*\n+ **αCyber：增强Android恶意软件检测系统对异构图模型对抗攻击的鲁棒性**, *[📝CIKM](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002F10.1145\u002F3357384.3357875)*\n+ **通过图中毒攻击节点嵌入**, *[📝ICML](https:\u002F\u002Farxiv.org\u002Fabs\u002F1809.01093)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fabojchevski\u002Fnode_embedding_attack)*\n+ **基于遗传算法的社区检测Q-攻击**, *[📝TCSS](https:\u002F\u002Farxiv.org\u002Fabs\u002F1811.00430)*\n+ **针对知识图谱嵌入的数据毒害攻击**, *[📝IJCAI](https:\u002F\u002Farxiv.org\u002Fabs\u002F1904.12052)*\n+ **基于元学习的图神经网络对抗攻击**, *[📝ICLR](https:\u002F\u002Farxiv.org\u002Fabs\u002F1902.08412)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fdanielzuegner\u002Fgnn-meta-attack)*\n+ **图神经网络的拓扑攻击与防御：优化视角**, *[📝IJCAI](https:\u002F\u002Farxiv.org\u002Fabs\u002F1906.04214)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FKaidiXu\u002FGCN_ADV_Train)*\n+ **图数据上的对抗样本：攻防深度洞察**, *[📝IJCAI](https:\u002F\u002Farxiv.org\u002Fabs\u002F1903.01610)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fstellargraph\u002Fstellargraph\u002Ftree\u002Fdevelop\u002Fdemos\u002Finterpretability)*\n+ **面向基于图的半监督学习的数据毒害攻击统一框架**, *[📝NeurIPS](https:\u002F\u002Farxiv.org\u002Fabs\u002F1910.14147)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fxuanqing94\u002FAdvSSL)*\n+ **通过操纵图结构攻击基于图的分类任务**, *[📝CCS](https:\u002F\u002Farxiv.org\u002Fabs\u002F1903.00553)*\n\n## 2018年\n[💨 返回顶部](#table-of-contents)\n\n+ **图卷积网络中的虚假节点攻击**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F1810.10751)*\n+ **针对无监督节点嵌入方法的数据毒害攻击**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F1810.12881)*\n+ **网络嵌入的快速梯度攻击**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F1809.02797)*\n+ **链接预测算法的抗攻击能力：如何在社交网络中隐藏你的关系**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F1809.00152)*\n+ **图数据神经网络的对抗攻击**, *[📝KDD](https:\u002F\u002Farxiv.org\u002Fabs\u002F1805.07984)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fdanielzuegner\u002Fnettack)*\n+ **在社交网络中隐藏个体与社区**, *[📝Nature Human Behavior](https:\u002F\u002Farxiv.org\u002Fabs\u002F1608.00375)*\n+ **攻击社交网络中的基于相似性的链接预测**, *[📝AAMAS](https:\u002F\u002Farxiv.org\u002Fabs\u002F1809.08368)*\n+ **图结构数据的对抗攻击**, *[📝ICML](https:\u002F\u002Farxiv.org\u002Fabs\u002F1806.02371)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FHanjun-Dai\u002Fgraph_adversarial_attack)*\n\n## 2017年\n[💨 返回顶部](#table-of-contents)\n\n+ **针对基于图聚类的实际攻击**, *[📝CCS](https:\u002F\u002Farxiv.org\u002Fabs\u002F1708.09056)*\n+ **用于正则化神经链接预测器的对抗集合**, *[📝UAI](https:\u002F\u002Farxiv.org\u002Fabs\u002F1707.07596)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fuclmr\u002Finferbeddings)*\n\n\n# 🛡防御\n\n## 2023年\n[💨 返回顶部](#table-of-contents)\n\n+ **图神经网络的对抗训练：陷阱、解决方案与新方向**, *[📝NeurIPS](https:\u002F\u002Fopenreview.net\u002Fforum?id=GPtroppvUM)*, *[:octocat:代码](https:\u002F\u002Fwww.cs.cit.tum.de\u002Fdaml\u002Fadversarial-training\u002F)*\n+ **ASGNN：具有自适应结构的图神经网络**, *[📝ICLR OpenReview](https:\u002F\u002Farxiv.org\u002Fabs\u002F2210.01002)*\n+ **通过测试时图变换增强图表示学习**, *[📝ICLR](https:\u002F\u002Farxiv.org\u002Fabs\u002F2210.03561)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FChandlerBang\u002FGTrans)*\n+ **通过噪声治理实现图神经网络的鲁棒训练**, *[📝WSDM](https:\u002F\u002Farxiv.org\u002Fabs\u002F2211.06614)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FGhostQ99\u002FRobustTrainingGNN)*\n+ **图神经网络的自监督图结构精炼**, *[📝WSDM](https:\u002F\u002Farxiv.org\u002Fabs\u002F2211.06545)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FAndyJZhao\u002FWSDM23-GSR)*\n+ **重新审视图机器学习中的鲁棒性**, *[📝ICLR](https:\u002F\u002Fopenreview.net\u002Fforum?id=h1o7Ry9Zctm)*, *[:octocat:代码](https:\u002F\u002Fwww.cs.cit.tum.de\u002Fdaml\u002Frevisiting-robustness\u002F)*\n+ **鲁棒的中间层过滤图卷积网络**, *[📝WWW](https:\u002F\u002Farxiv.org\u002Fabs\u002F2302.08048)*\n+ **通过对抗对比学习迈向鲁棒的图神经网络**, *[📝BigData](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F10021051)*\n\n## 2022\n[💨 返回顶部](#table-of-contents)\n+ **图上的无监督对抗鲁棒表示学习**, *[📝AAAI](https:\u002F\u002Farxiv.org\u002Fabs\u002F2012.02486)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fgalina0217\u002Frobustgraph)*\n+ **面向标签稀疏噪声图的鲁棒图神经网络**, *[📝WSDM](https:\u002F\u002Farxiv.org\u002Fabs\u002F2201.00232)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FEnyanDai\u002FRSGNN)*\n+ **小心你的求解器！关于组合优化的对抗攻击与防御**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2201.004022)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FEnyanDai\u002FRSGNN)*\n+ **通过图对抗对比学习学习鲁棒表示**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2201.13025)*\n+ **GARNET：用于鲁棒且可扩展图神经网络的降秩拓扑学习**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2201.12741)*\n+ **用于局部损坏恢复的图神经网络**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2202.04936)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fbzho3923\u002FMAGnet)*\n+ **对抗攻击下的鲁棒异质图神经网络**, *[📝AAAI](http:\u002F\u002Fshichuan.org\u002Fdoc\u002F132.pdf)*\n+ **贝叶斯噪声自监督如何防御图卷积网络？**, *[📝Neural Processing Letters](https:\u002F\u002Flink.springer.com\u002Farticle\u002F10.1007\u002Fs11063-022-10750-8)*\n+ **通过贝叶斯自监督防御图卷积网络免受动态图扰动的影响**, *[📝AAAI](https:\u002F\u002Farxiv.org\u002Fabs\u002F2203.03762)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fjunzhuang-code\u002FGraphSS)*\n+ **SimGRACE：一种无需数据增强的简单图对比学习框架**, *[📝WWW](https:\u002F\u002Farxiv.org\u002Fabs\u002F2202.03104)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fjunxia97\u002FSimGRACE)*\n+ **探索高阶结构以实现鲁棒的图结构学习**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2203.11492)*\n+ **GUARD：图通用对抗防御**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2204.09803)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FEdisonLeeeee\u002FGUARD)*\n+ **检测针对图神经网络的拓扑攻击**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2204.10072)*\n+ **LPGNet：用于节点分类的链接隐私图网络**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2205.03105)*\n+ **EvenNet：忽略奇数跳邻居可提升图神经网络的鲁棒性**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2205.13892)*\n+ **贝叶斯鲁棒图对比学习**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2205.14109)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FBRGCL-code\u002FBRGCL-code)*\n+ **可靠的表示带来更强的防御者：用于鲁棒GNN的无监督结构精炼**, *[📝KDD](https:\u002F\u002Farxiv.org\u002Fabs\u002F2207.00012)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Flikuanppd\u002FSTABLE)*\n+ **用于局部损坏恢复的鲁棒图表示学习**, *[📝ICML研讨会](https:\u002F\u002Fyuguangwang.github.io\u002Fpapers\u002FL_p_graph_regularizer_ICML%20TAG%202022.pdf)*\n+ **外观与结构感知的鲁棒深度视觉图匹配：攻击、防御及更多**, *[📝CVPR](https:\u002F\u002Fopenaccess.thecvf.com\u002Fcontent\u002FCVPR2022\u002Fhtml\u002FRen_Appearance_and_Structure_Aware_Robust_Deep_Visual_Graph_Matching_Attack_CVPR_2022_paper.html)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FThinklab-SJTU\u002FRobustMatch)*\n+ **大规模隐私保护网络嵌入，抵御隐私链接推断攻击**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2205.14440)*\n+ **基于集成学习的鲁棒图神经网络**, *[📝Mathematics](https:\u002F\u002Fwww.mdpi.com\u002F2227-7390\u002F10\u002F8\u002F1300\u002Fhtml)*\n+ **AN-GCN：一种抵御边扰动攻击的匿名图卷积网络**, *[📝IEEE TNNLS](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F9775013)*\n+ **异质性如何影响图神经网络的鲁棒性？理论联系与实践启示**, *[📝KDD](https:\u002F\u002Farxiv.org\u002Fabs\u002F2106.07767)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FGemsLab\u002FHeteRobust)*\n+ **使用加权图拉普拉斯算子的鲁棒图神经网络**, *[📝SPCOM](https:\u002F\u002Farxiv.org\u002Fabs\u002F2208.01853)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FBharat-Runwal\u002FRWL-GNN)*\n+ **ARIEL：对抗图对比学习**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2208.06956)*\n+ **基于T-SVD的图增强实现鲁棒张量图卷积网络**, *[📝KDD](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3534678.3539436)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FGTML-LAB\u002FRT-GCN)*\n+ **NOSMOG：在图上学习抗噪且结构感知的MLP**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2208.10010)*\n+ **图上的鲁棒节点分类：结合贝叶斯标签转移与基于拓扑的标签传播**, *[📝CIKM](https:\u002F\u002Farxiv.org\u002Fabs\u002F2208.09779)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fjunzhuang-code\u002FLInDT)*\n+ **图神经扩散对拓扑扰动的鲁棒性研究**, *[📝NeurIPS](https:\u002F\u002Farxiv.org\u002Fabs\u002F2209.07754)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fzknus\u002FRobustness-of-Graph-Neural-Diffusion)*\n+ **基于物联网和图神经网络并结合对抗防御的Android恶意软件检测**, *[📝IEEE IOT](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F9814995)*\n+ **通过约束图互信息实现跨网络鲁棒节点分类**, *[📝KBS](https:\u002F\u002Fwww.sciencedirect.com\u002Fscience\u002Farticle\u002Fpii\u002FS0950705122009455)*\n+ **利用可解释性防御图神经网络中的后门攻击**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2209.02902)*\n+ **迈向鲁棒半监督节点分类的最佳非对称图结构**, *[📝KDD](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3534678.3539332)*\n+ **FocusedCleaner：净化中毒图以实现鲁棒的GNN节点分类**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2210.13815)*\n+ **EvenNet：忽略奇数跳邻居可提升图神经网络的鲁棒性**, *[📝NeurIPS](https:\u002F\u002Farxiv.org\u002Fabs\u002F2205.13892)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FLeirunlin\u002FEvenNet)*\n+ **通过合作同质性增强抵御图对抗攻击**, *[📝ECML-PKDD](https:\u002F\u002Farxiv.org\u002Fabs\u002F2211.08068)*\n+ **用于鲁棒图神经网络的谱对抗训练**, *[📝TKDE](https:\u002F\u002Farxiv.org\u002Fabs\u002F2211.10896)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FEdisonLeeeee\u002FSAT)*\n+ **基于图学习的协同过滤的脆弱性研究**, *[📝TIS](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3572834)*\n+ **GARNET：用于鲁棒且可扩展图神经网络的降秩拓扑学习**, *[📝LoG](https:\u002F\u002Fopenreview.net\u002Fforum?id=kvwWjYQtmw)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fcornell-zhang\u002FGARNET)*\n+ **完全不训练权重也能拥有更好的图神经网络：寻找未训练GNN的“入场券”**, *[📝LoG](https:\u002F\u002Fopenreview.net\u002Fforum?id=dF6aEW3_62O)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FTienjinHuang\u002FUGTs-LoG)*\n+ **通过预测编码实现鲁棒图表示学习**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2212.04656)*\n+ **FocusedCleaner：净化中毒图以实现鲁棒的GNN节点分类**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2210.13815)*\n\n## 2021年\n[💨 返回顶部](#table-of-contents)\n\n+ **Learning to Drop: Robust Graph Neural Network via Topological Denoising**, *[📝WSDM](https:\u002F\u002Farxiv.org\u002Fabs\u002F2011.07057)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fflyingdoog\u002FPTDNet)*\n+ **图神经网络在社交网络数据欺诈检测中的有效性如何？**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2105.14568)*\n+ **图清洗及其在节点分类中的应用**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2105.09384)*\n+ **理解图卷积网络的结构脆弱性**, *[📝IJCAI](https:\u002F\u002Fwww.ijcai.org\u002Fproceedings\u002F2021\u002F310)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FEdisonLeeeee\u002FMedianGCN)*\n+ **一种鲁棒且通用的对抗性图嵌入框架**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2105.10651)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FRingBDStack\u002FAGE)*\n+ **面向弹性图匹配的集成防御机制**, *[📝ICML](http:\u002F\u002Fproceedings.mlr.press\u002Fv139\u002Fren21c\u002Fren21c.pdf)*\n+ **基于随机采样与共识的图异常节点检测方法**, *[📝ICASSP](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F9414953)*\n+ **通过攻击信号缩放与对抗扰动消除实现鲁棒的网络对齐**, *[📝WWW](http:\u002F\u002Feng.auburn.edu\u002Fusers\u002Fyangzhou\u002Fpapers\u002FRNA.pdf)*\n+ **图神经网络的信息混淆技术**, *[📝ICML](https:\u002F\u002Farxiv.org\u002Fpdf\u002F2009.13504.pdf)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fliaopeiyuan\u002FGAL)*\n+ **受异质性启发的设计提升图神经网络的鲁棒性**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2106.07767)*\n+ **关于具有对抗训练的图自编码器泛化能力的研究**, *[📝ECML](https:\u002F\u002Farxiv.org\u002Fabs\u002F2107.02658)*\n+ **DeepInsight：辅助解释性的图对抗样本检测方法**, *[📝ECML](https:\u002F\u002Farxiv.org\u002Fabs\u002F2106.09501)*\n+ **弹性图神经网络**, *[📝ICML](http:\u002F\u002Fproceedings.mlr.press\u002Fv139\u002Fliu21k\u002Fliu21k.pdf)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Flxiaorui\u002FElasticGNN)*\n+ **图神经网络的鲁棒反事实解释**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2107.04086)*\n+ **保持节点相似性的图卷积网络**, *[📝WSDM](https:\u002F\u002Farxiv.org\u002Fabs\u002F2011.09643)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FChandlerBang\u002FSimP-GCN)*\n+ **增强多层网络在节点—社区级联失效下的鲁棒性和韧性**, *[📝IEEE TSMC](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F9415463)*\n+ **NetFense：针对图数据神经网络的隐私攻击防御机制**, *[📝TKDE](https:\u002F\u002Farxiv.org\u002Fabs\u002F2106.11865)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FICHproject\u002FNetFense)*\n+ **Wasserstein不确定性下的鲁棒图学习**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2105.04210)*\n+ **迈向鲁棒的图对比学习**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2102.13085)*\n+ **具有表达力的1-Lipschitz神经网络用于抵御对抗攻击的鲁棒多图学习**, *[📝ICML](http:\u002F\u002Fproceedings.mlr.press\u002Fv139\u002Fzhao21e.html)*\n+ **UAG：基于不确定性感知注意力的图神经网络以防御对抗攻击**, *[📝AAAI](https:\u002F\u002Farxiv.org\u002Fabs\u002F2009.10235)*\n+ **基于不确定性匹配的图神经网络以防御中毒攻击**, *[📝AAAI](https:\u002F\u002Farxiv.org\u002Fabs\u002F2009.14455)*\n+ **Power up！基于图幂运算的鲁棒图卷积网络以抵御逃避攻击**, *[📝AAAI](https:\u002F\u002Farxiv.org\u002Fabs\u002F1905.10029)*, *[:octocat:代码](https:\u002F\u002Fwww.dropbox.com\u002Fsh\u002Fp36pzx1ock2iamo\u002FAABEr7FtM5nqwC4i9nICLIsta?dl=0)*\n+ **通过对抗建模实现社交网络中的个性化隐私保护**, *[📝AAAI](https:\u002F\u002Fwww.cs.uic.edu\u002F~elena\u002Fpubs\u002Fbiradar-ppai21.pdf)*\n+ **谱图滤波器的可解释稳定性界**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2102.09587)*\n+ **随机生成对抗感知的虚假知识图谱以打击知识产权盗窃**, *[📝AAAI](http:\u002F\u002F34.94.61.102\u002Fpaper_AAAI-9475.html)*\n+ **面向标签噪声的图神经网络统一鲁棒训练**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2103.03414)*\n+ **鲁棒图卷积网络导论**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2103.14807)*\n+ **E-GraphSAGE：基于图神经网络的入侵检测系统**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2103.16329)*\n+ **面向通用鲁棒图卷积网络的空间—时间稀疏化**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2103.12256)*\n+ **采用方向图对抗训练的鲁棒图卷积网络**, *[📝Applied Intelligence](https:\u002F\u002Flink.springer.com\u002Farticle\u002F10.1007\u002Fs10489-021-02272-y)*\n+ **图上的拓扑对抗攻击检测与防御**, *[📝AISTATS](http:\u002F\u002Fproceedings.mlr.press\u002Fv130\u002Fzhang21i.html)*\n+ **揭示图神经网络在鲁棒入侵检测中的潜力**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2107.14747)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FBNN-UPC\u002FGNN-NIDS)*\n+ **概率网络嵌入在链接预测任务中的对抗鲁棒性**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2107.01936)*\n+ **EGC2：通过简易图压缩提升图分类性能**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2107.07737)*\n+ **LinkTeller：基于影响力分析从图神经网络中恢复私有边信息**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2108.06504)*\n+ **基于信息瓶颈的结构感知层次化图池化**, *[📝IJCNN ](https:\u002F\u002Farxiv.org\u002Fabs\u002F2104.13012)*\n+ **Mal2GCN：一种使用非负权重深度图卷积网络的鲁棒恶意软件检测方法**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2108.12473)*\n+ **CoG：一种双视角协同训练框架，用于防御图上的对抗攻击**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2109.05558)*\n+ **带有差分隐私保证的图神经网络发布**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2109.08907)*\n+ **利用低秩信息加速鲁棒图结构学习**, *[📝CIKM](http:\u002F\u002Fxiangliyao.cn\u002Fpapers\u002Fcikm21-hui.pdf)*\n+ **一种轻量级的图神经网络中毒攻击防御策略**, *[📝ICICS](https:\u002F\u002Flink.springer.com\u002Fchapter\u002F10.1007\u002F978-3-030-88052-1_4)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Flizi-learner\u002FMD-GNN)*\n+ **节点特征核函数提升图卷积网络的鲁棒性**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2109.01785)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FChangminWu\u002FRobustGCN)*\n+ **关于异质性与图神经网络鲁棒性的关系研究**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2106.07767)*\n+ **分布鲁棒的半监督图学习**, *[📝ICLR](https:\u002F\u002Farxiv.org\u002Fabs\u002F2110.10582)*\n+ **大规模图神经网络的鲁棒性**, *[📝NeurIPS](https:\u002F\u002Farxiv.org\u002Fpdf\u002F2110.14038.pdf)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fsigeisler\u002Frobustness_of_gnns_at_scale)*\n+ **图移植：基于节点显著性引导的图混合并保留局部结构**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2111.05639)*\n+ **并非所有低通滤波器在图卷积网络中都具有鲁棒性**, *[📝NeurIPS](https:\u002F\u002Fopenreview.net\u002Fforum?id=bDdfxLQITtu)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FSwiftieH\u002FLFR)*\n+ **迈向知识图谱上的鲁棒推理**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2110.14693)*\n+ **基于概率Lipschitz约束的鲁棒图神经网络**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2112.07575)*\n+ **具有自适应残差的图神经网络**, *[📝NeurIPS](https:\u002F\u002Fopenreview.net\u002Fforum?id=hfkER_KJiNw)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Flxiaorui\u002FAirGNN)*\n+ **基于图的对抗在线核学习与自适应嵌入**, *[📝ICDM]()*\n+ **图后验网络：用于节点分类的贝叶斯预测不确定性**, *[📝NeurIPS](https:\u002F\u002Farxiv.org\u002Fpdf\u002F2110.14012.pdf)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fstadlmax\u002FGraph-Posterior-Network)*\n+ **具有特征与结构感知随机游走的图神经网络**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2111.10102)*\n+ **图上的拓扑关系学习**, *[📝NeurIPS](https:\u002F\u002Farxiv.org\u002Fabs\u002F2110.15529)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Ftri-gnn\u002Ftri-gnn)*\n\n## 2020年\n[💨 返回顶部](#table-of-contents)\n\n+ **Ricci-GNN：通过几何方法防御结构攻击**, *[📝ICLR OpenReview](https:\u002F\u002Fopenreview.net\u002Fforum?id=_qoQkWNEhS)*\n+ **加权图中可证明的重叠社区检测**, *[📝NeurIPS](https:\u002F\u002Farxiv.org\u002Fabs\u002F2004.07150)*\n+ **在缺乏图数据和对抗性场景下的图卷积网络变分推断**, *[📝NeurIPS](https:\u002F\u002Farxiv.org\u002Fabs\u002F1906.01852)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Febonilla\u002FVGCN)*\n+ **用于图上半监督学习的图随机神经网络**, *[📝NeurIPS](https:\u002F\u002Farxiv.org\u002Fabs\u002F2005.11079)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FGrand20\u002Fgrand)*\n+ **通过鲁棒聚合实现可靠的图神经网络**, *[📝NeurIPS](https:\u002F\u002Farxiv.org\u002Fabs\u002F2010.15651)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fsigeisler\u002Freliable_gnn_via_robust_aggregation)*\n+ **面向标签噪声的鲁棒图神经网络研究**, *[📝ICLR OpenReview](https:\u002F\u002Fopenreview.net\u002Fforum?id=H38f_9b90BO)*\n+ **图对抗网络：保护信息免受对抗攻击**, *[📝ICLR OpenReview](https:\u002F\u002Fopenreview.net\u002Fforum?id=Q8ZdJahesWe)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fliaopeiyuan\u002FGAL)*\n+ **一种针对图结构操纵攻击的新型图分类防御方案**, *[📝SocialSec](https:\u002F\u002Flink.springer.com\u002Fchapter\u002F10.1007\u002F978-981-15-9031-3_26)*\n+ **图神经网络的迭代深度图学习：更优且鲁棒的节点嵌入**, *[📝NeurIPS](https:\u002F\u002Farxiv.org\u002Fabs\u002F2006.13009)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fhugochan\u002FIDGL)*\n+ **节点复制法用于防御图神经网络拓扑攻击**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2007.06704)*\n+ **基于动态贝叶斯海森矩阵的稀疏时变图社区检测**, *[📝NeurIPS](https:\u002F\u002Farxiv.org\u002Fabs\u002F2006.04510)*\n+ **一种特征重要性感知且鲁棒的GCN聚合器**, *[📝CIKM](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3340531.3411983)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FLiZhang-github\u002FLA-GCN)*\n+ **通过图标签转移对抗在线社交网络的扰动**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2010.14121)*\n+ **图信息瓶颈**, *[📝NeurIPS](https:\u002F\u002Farxiv.org\u002Fabs\u002F2010.12811)*, *[:octocat:代码](http:\u002F\u002Fsnap.stanford.edu\u002Fgib\u002F)*\n+ **图结构数据上的对抗检测**, *[📝PPMLP](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3411501.3419424)*\n+ **基于增强的图对比学习**, *[📝NeurIPS](https:\u002F\u002Farxiv.org\u002Fabs\u002F2010.13902)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FShen-Lab\u002FGraphCL)*\n+ **利用对抗训练方法学习图嵌入**, *[📝IEEE Transactions on Cybernetics](https:\u002F\u002Farxiv.org\u002Fabs\u002F1901.01250)*\n+ **I-GCN：基于影响力机制的鲁棒图卷积网络**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2012.06110)*\n+ **为社会公益而战：通过联合对抗攻击保护家庭隐私**, *[📝AAAI](https:\u002F\u002Fojs.aaai.org\u002F\u002Findex.php\u002FAAAI\u002Farticle\u002Fview\u002F6791)*\n+ **GNN的平滑对抗训练**, *[📝IEEE TCSS](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F9305289?casa_token=fTXIL3hT1yIAAAAA:I4fn-GlF0PIwzPRC87SayRi5_pi2ZDDuSancEsY96A4O4bUBEsp0hSYMNJVGVzMgBWxycYN9qu6D)*\n+ **针对图神经网络对抗攻击的图结构重塑**, *[📝无](None)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FGraphReshape\u002FGraphReshape)*\n+ **RoGAT：结合修正GAT与调整图的鲁棒GNN**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2009.13038)*\n+ **ResGCN：基于注意力的深度残差模型，用于属性化网络的异常检测**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2009.14738)*\n+ **网络中意见动态的对抗性扰动**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2003.07010)*\n+ **抵御推理攻击的隐私保护图嵌入**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2008.13072)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FuJ62JHD\u002FPrivacy-Preserving-Social-Network-Embedding)*\n+ **从噪声数据中进行鲁棒图学习**, *[📝IEEE Trans](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F8605364)*\n+ **GNNGuard：防御图神经网络对抗攻击**, *[📝NeurIPS](https:\u002F\u002Farxiv.org\u002Fabs\u002F2006.08149)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fmims-harvard\u002FGNNGuard)*\n+ **图神经网络对中毒攻击的鲁棒性迁移**, *[📝WSDM](https:\u002F\u002Farxiv.org\u002Fabs\u002F1908.07558)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Ftangxianfeng\u002FPA-GNN)*\n+ **低秩就够了：防御图上的对抗攻击**, *[📝WSDM](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3336191.3371789)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FDSE-MSU\u002FDeepRobust)*\n+ **图神经网络对结构噪声有多鲁棒？**, *[📝DLGMA](https:\u002F\u002Farxiv.org\u002Fabs\u002F1912.10206)*\n+ **基于纳什强化学习的自适应垃圾信息发送者鲁棒检测**, *[📝KDD](https:\u002F\u002Farxiv.org\u002Fabs\u002F2006.06069)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FYingtongDou\u002FNash-Detect)*\n+ **面向鲁棒图神经网络的图结构学习**, *[📝KDD](https:\u002F\u002Farxiv.org\u002Fabs\u002F2005.10203)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FDSE-MSU\u002FDeepRobust)*\n+ **关于多项式频谱图滤波器的稳定性**, *[📝ICASSP](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F9054072)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fhenrykenlay\u002Fspgf)*\n+ **节点攻击下级联扩散的鲁棒性研究**, *[📝WWW](https:\u002F\u002Fwww.cs.au.dk\u002F~karras\u002FrobustIC.pdf)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fallogn\u002Frobustness)*\n+ **朋友还是假友：基于图的社交网络虚假账号早期检测**, *[📝WWW](https:\u002F\u002Farxiv.org\u002Fabs\u002F2004.04834)*\n+ **迈向高效通用的图神经网络鲁棒训练框架**, *[📝ICASSP](https:\u002F\u002Farxiv.org\u002Fabs\u002F2002.10947)*\n+ **通过神经稀疏化进行鲁棒图表示学习**, *[📝ICML](https:\u002F\u002Fproceedings.icml.cc\u002Fstatic\u002Fpaper_files\u002Ficml\u002F2020\u002F2611-Paper.pdf)*\n+ **通过潜在扰动生成鲁棒的图卷积网络训练**, *[📝ECML-PKDD](https:\u002F\u002Fwww.cs.uic.edu\u002F~zhangx\u002Fpapers\u002FJinZha20.pdf)*\n+ **抵御结构攻击的鲁棒集体分类**, *[📝预印本](http:\u002F\u002Fwww.auai.org\u002Fuai2020\u002Fproceedings\u002F119_main_paper.pdf)*\n+ **提升基于图神经网络的欺诈检测器对伪装欺诈者的识别能力**, *[📝CIKM](https:\u002F\u002Farxiv.org\u002Fabs\u002F2008.08692)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fsafe-graph\u002FDGFraud)*\n+ **顶点分类攻击中的拓扑效应**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2003.05822)*\n+ **用于多关系及鲁棒学习的张量图卷积网络**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2003.07729)*\n+ **DefenseVGAE：通过变分图自编码器防御图数据上的对抗攻击**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2006.08900)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fzhangao520\u002Fdefense-vgae)*\n+ **基于动态知识图谱的对话生成与改进的对抗元学习**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F2004.08833)*\n+ **AANE：面向异常链接检测的异常感知网络嵌入**, *[📝ICDM](https:\u002F\u002Fieeexplore.ieee.org\u002Fdocument\u002F9338406)*\n+ **通过低通消息传递实现可证明的鲁棒节点分类**, *[📝ICDM](https:\u002F\u002Fshenghua-liu.github.io\u002Fpapers\u002Ficdm2020-provablerobust.pdf)*\n+ **图修订卷积网络**, *[📝ECML-PKDD](https:\u002F\u002Farxiv.org\u002Fabs\u002F1911.07123)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FPlusRoss\u002FGRCN)*\n\n## 2019年\n[💨 返回顶部](#table-of-contents)\n\n+ **图对抗训练：基于图结构的动态正则化**, *[📝TKDE](https:\u002F\u002Farxiv.org\u002Fabs\u002F1902.08226)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Ffulifeng\u002FGraphAT)*\n+ **用于半监督分类的贝叶斯图卷积神经网络**, *[📝AAAI](https:\u002F\u002Farxiv.org\u002Fabs\u002F1811.11103)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fhuawei-noah\u002FBGCN)*\n+ **通过进化扰动防御基于链接预测的攻击**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F1809.05912)*\n+ **针对基于图的物联网恶意软件检测系统的对抗学习研究**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F1902.04416)*\n+ **对抗嵌入：一种鲁棒且难以察觉的隐写术与水印技术**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F1912.01487)*\n+ **图插值激活在数据高效深度学习中同时提升自然准确率和鲁棒性**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F1907.06800)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FBaoWangMath\u002FDNN-DataDependentActivation)*\n+ **图神经网络的对抗防御框架**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F1905.03679)*\n+ **GraphSAC：大规模图中的异常检测**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F1910.09589)*\n+ **用于鲁棒自适应图卷积网络的边抖动技术**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F1910.09590)*\n+ **能否防御对抗性网络攻击？**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F1903.05994)*\n+ **GraphDefense：迈向鲁棒的图卷积网络**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F1911.04429)*\n+ **网络嵌入的对抗训练方法**, *[📝WWW](https:\u002F\u002Farxiv.org\u002Fabs\u002F1908.11514)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fwonniu\u002FAdvT4NE_WWW2019)*\n+ **图数据上的对抗样本：对攻击与防御的深入洞察**, *[📝IJCAI](https:\u002F\u002Farxiv.org\u002Fabs\u002F1903.01610)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FDSE-MSU\u002FDeepRobust)*\n+ **提升顶点分类对抗攻击的鲁棒性**, *[📝MLG@KDD](http:\u002F\u002Feliassi.org\u002Fpapers\u002Fbenmiller-mlg2019.pdf)*\n+ **基于相似度的链接预测的对抗鲁棒性**, *[📝ICDM](https:\u002F\u002Farxiv.org\u002Fabs\u002F1909.01432)*\n+ **αCyber：增强异构图模型驱动的安卓恶意软件检测系统对抗攻击的鲁棒性**, *[📝CIKM](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002F10.1145\u002F3357384.3357875)*\n+ **图卷积网络的批量虚拟对抗训练**, *[📝ICML](https:\u002F\u002Farxiv.org\u002Fabs\u002F1902.09192)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fthudzj\u002FBVAT)*\n+ **图卷积网络的潜在对抗训练**, *[📝LRGSD@ICML](https:\u002F\u002Fgraphreason.github.io\u002Fpapers\u002F35.pdf)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fcshjin\u002FLATGCN)*\n+ **面向图神经网络的恶意边特征分析**, *[📝ICLR OpenReview](https:\u002F\u002Farxiv.org\u002Fabs\u002F1906.04214)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FKaidiXu\u002FGCN_ADV_Train)*\n+ **图深度学习中对抗攻击的比较与检测**, *[📝RLGM@ICLR](https:\u002F\u002Frlgm.github.io\u002Fpapers\u002F57.pdf)*\n+ **节点分类任务中图卷积网络的虚拟对抗训练**, *[📝PRCV](https:\u002F\u002Farxiv.org\u002Fabs\u002F1902.11045)*\n+ **对抗攻击下的鲁棒图卷积网络**, *[📝KDD](http:\u002F\u002Fpengcui.thumedialab.com\u002Fpapers\u002FRGCN.pdf)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fthumanlab\u002Fnrlweb\u002Fblob\u002Fmaster\u002Fstatic\u002Fassets\u002Fdownload\u002FRGCN.zip)*\n+ **通过对抗性修改探究链接预测的鲁棒性和可解释性**, *[📝NAACL](https:\u002F\u002Farxiv.org\u002Fabs\u002F1905.00563)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fpouyapez\u002Fcriage)*\n+ **图神经网络的拓扑攻击与防御：优化视角**, *[📝IJCAI](https:\u002F\u002Farxiv.org\u002Fabs\u002F1906.04214)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FKaidiXu\u002FGCN_ADV_Train)*\n+ **基于潜在图卷积表示的鲁棒图数据学习**, *[📝arXiv](https:\u002F\u002Farxiv.org\u002Fabs\u002F1904.11883)*\n\n## 2018年\n[💨 返回顶部](#table-of-contents)\n\n+ **推荐系统的对抗性个性化排序**, *[📝SIGIR](https:\u002F\u002Fdl.acm.org\u002Fcitation.cfm?id=3209981)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fhexiangnan\u002Fadversarial_personalized_ranking)*\n\n## 2017年\n[💨 返回顶部](#table-of-contents)\n\n+ **用于正则化神经链接预测器的对抗集合**, *[📝UAI](https:\u002F\u002Farxiv.org\u002Fabs\u002F1707.07596)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fuclmr\u002Finferbeddings)*\n\n# 🔐认证\n[💨 返回顶部](#table-of-contents)\n\n+ **层次化随机平滑**, *[📝NeurIPS'2023](https:\u002F\u002Fopenreview.net\u002Fforum?id=6IhNHKyuJO)*, *[:octocat:代码](https:\u002F\u002Fwww.cs.cit.tum.de\u002Fdaml\u002Fhierarchical-smoothing)*\n+ **（可证明的）群等变任务的对抗鲁棒性：图、点云、分子等**, *[📝NeurIPS'2023](https:\u002F\u002Fopenreview.net\u002Fforum?id=mLe63bAYc7)*, *[:octocat:代码](https:\u002F\u002Fwww.cs.cit.tum.de\u002Fdaml\u002Fequivariance-robustness\u002F)*\n+ **用于集体鲁棒性认证的局部化随机平滑**, *[📝ICLR'2023](https:\u002F\u002Fopenreview.net\u002Fforum?id=-k7Lvk0GpBl)*\n+ **用于可认证鲁棒性的图对抗免疫**, *[📝arXiv'2023](https:\u002F\u002Farxiv.org\u002Fabs\u002F2302.08051)*\n+ **随机消息拦截平滑：面向图神经网络的灰盒证书**, *[📝NeurIPS'2022](https:\u002F\u002Fopenreview.net\u002Fforum?id=t0VbBTw-o8)*, *[:octocat:代码](https:\u002F\u002Fwww.cs.cit.tum.de\u002Fdaml\u002Finterception-smoothing)*\n+ **图神经网络在面对对抗性结构扰动时的可认证鲁棒性**, *[📝KDD'2021](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3447548.3467295)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fbinghuiwang\u002FCertifyGNN)*\n+ **集体鲁棒性证书：利用图神经网络中的相互依赖性**, *[📝ICLR'2021](https:\u002F\u002Fopenreview.net\u002Fforum?id=ULQdiUTHe3y)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fjan-schuchardt\u002Fcollective_robustness)*\n+ **通过对抗免疫提升图上的可认证鲁棒性**, *[📝WSDM'2021](https:\u002F\u002Farxiv.org\u002Fabs\u002F2007.09647)*\n+ **基于图拉普拉斯算子的半监督学习的鲁棒性认证**, *[📝ICLR OpenReview'2021](https:\u002F\u002Fopenreview.net\u002Fforum?id=cQyybLUoXxc)*\n+ **几何图上拉普拉斯学习的鲁棒认证**, *[📝MSML’2021](https:\u002F\u002Farxiv.org\u002Fabs\u002F2104.10837)*\n+ **通过对抗 PAC-Bayesian 学习提升 Wasserstein 嵌入的鲁棒性**, *[📝AAAI'2020](http:\u002F\u002Fstaff.ustc.edu.cn\u002F~hexn\u002Fpapers\u002Faaai20-adversarial-embedding.pdf)*\n+ **拓扑攻击下图卷积网络在图分类任务中的可认证鲁棒性**, *[📝NeurIPS'2020](https:\u002F\u002Fwww.cs.uic.edu\u002F~zhangx\u002Fpapers\u002FJinetal20.pdf)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FRobustGraph\u002FRoboGraph)*\n+ **通过随机平滑实现社区发现对对抗性结构扰动的可认证鲁棒性**, *[📝WWW'2020](https:\u002F\u002Farxiv.org\u002Fabs\u002F2002.03421)*\n+ **离散数据的高效鲁棒性证书：面向图、图像等的稀疏感知随机平滑**, *[📝ICML'2020](https:\u002F\u002Fproceedings.icml.cc\u002Fbook\u002F2020\u002Ffile\u002F4f7b884f2445ef08da9bbc77b028722c-Paper.pdf)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fabojchevski\u002Fsparse_smoothing)*\n+ **基于抽象解释的图卷积网络鲁棒性认证**, *[📝ECAI'2020](http:\u002F\u002Fecai2020.eu\u002Fpapers\u002F31_paper.pdf)*\n+ **结构扰动下图卷积网络的可认证鲁棒性**, *[📝KDD'2020](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002F10.1145\u002F3394486.3403217)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fdanielzuegner\u002Frobust-gcn-structure)*\n+ **使用随机平滑实现图分类对拓扑攻击的可认证鲁棒性**, *[📝GLOBECOM'2020](https:\u002F\u002Farxiv.org\u002Fabs\u002F2009.05872)*\n+ **图卷积网络的可认证鲁棒性和鲁棒训练**, *[📝KDD'2019](https:\u002F\u002Farxiv.org\u002Fabs\u002F1906.12269)*, *[:octocat:代码](https:\u002F\u002Fwww.kdd.in.tum.de\u002Fresearch\u002Frobust-gcn\u002F)*\n+ **针对图扰动的可认证鲁棒性**, *[📝NeurIPS'2019](http:\u002F\u002Fpapers.nips.cc\u002Fpaper\u002F9041-certifiable-robustness-to-graph-perturbations)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fabojchevski\u002Fgraph_cert)*\n\n\n\n# ⚖稳定性\n[💨 返回顶部](#table-of-contents)\n\n+ **关于图神经网络的预测不稳定问题**, *[📝arXiv'2022](https:\u002F\u002Farxiv.org\u002Fabs\u002F2205.10070)*\n+ **消息传递型图神经网络的稳定性和泛化能力**, *[📝arXiv'2022](https:\u002F\u002Farxiv.org\u002Fabs\u002F2202.00645)*\n+ **迈向公平且稳定的图表示学习统一框架**, *[📝UAI'2021](https:\u002F\u002Farxiv.org\u002Fabs\u002F2102.13186)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fchirag126\u002Fnifty)*\n+ **通过约束学习训练稳定的图神经网络**, *[📝arXiv'2021](https:\u002F\u002Farxiv.org\u002Fabs\u002F2110.03576)*\n+ **抗偏移 GNN：克服局部化图训练数据的局限性**, *[📝NeurIPS'2021](https:\u002F\u002Farxiv.org\u002Fabs\u002F2108.01099)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FGentleZhu\u002FShift-Robust-GNNs)*\n+ **图卷积神经网络对随机扰动的稳定性**, *[📝arXiv'2021](https:\u002F\u002Farxiv.org\u002Fabs\u002F2106.10526)*\n+ **图与图核神经网络的稳定性**, *[📝arXiv'2020](https:\u002F\u002Farxiv.org\u002Fabs\u002F2008.01767)*\n+ **关于图卷积神经网络在边重连情况下的稳定性**, *[📝arXiv'2020](https:\u002F\u002Farxiv.org\u002Fabs\u002F2010.13747)*\n+ **图神经网络对相对扰动的稳定性**, *[📝ICASSP'2020](https:\u002F\u002Fieeexplore.ieee.org\u002Fdocument\u002F9054341)*\n+ **图神经网络：架构、稳定性和迁移性**, *[📝arXiv'2020](https:\u002F\u002Farxiv.org\u002Fabs\u002F2008.01767)*\n+ **图卷积是否应信任邻居？一种简单的因果推断方法**, *[📝arXiv'2020](https:\u002F\u002Farxiv.org\u002Fabs\u002F2010.11797)*\n+ **GNN 何时有效：理解并改进邻域聚合**, *[📝IJCAI 研讨会'2019](https:\u002F\u002Fwww.ijcai.org\u002FProceedings\u002F2020\u002F181)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fraspberryice\u002Fala-gcn)*\n+ **图神经网络的稳定性特性**, *[📝arXiv'2019](https:\u002F\u002Farxiv.org\u002Fabs\u002F1905.04497)*\n+ **图卷积神经网络的稳定性和泛化能力**, *[📝KDD'2019](https:\u002F\u002Farxiv.org\u002Fabs\u002F1905.01004)*\n\n# 🚀其他\n[💨 返回顶部](#table-of-contents)\n\n+ **在结构分布偏移下评估图模型的鲁棒性和不确定性**, *[📝arXiv‘2023](https:\u002F\u002Farxiv.org\u002Fabs\u002F2302.13875)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fyandex-research\u002Fstructural-graph-shifts)*\n+ **我们无法保证安全性：图神经网络验证的不可判定性**, *[📝arXiv'2022](https:\u002F\u002Farxiv.org\u002Fabs\u002F2206.05070)*\n+ **节点嵌入鲁棒性的系统性评估**, *[📝LoG‘2022](https:\u002F\u002Fopenreview.net\u002Fforum?id=oxjVVBNrG-)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Faida-ugent\u002FEvalNE-robustness)*\n**使用图神经网络生成对抗样本**, *[📝UAI'2021](https:\u002F\u002Farxiv.org\u002Fabs\u002F2105.14644)*\n+ **SIGL：通过深度图学习保障软件安装安全**, *[📝USENIX'2021](https:\u002F\u002Fwww.usenix.org\u002Fsystem\u002Ffiles\u002Fsec21summer_han-xueyuan.pdf)*\n+ **FLAG：面向图神经网络的对抗数据增强**, *[📝arXiv'2020](https:\u002F\u002Farxiv.org\u002Fabs\u002F2010.09891)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002Fdevnkong\u002FFLAG)*\n+ **基于动态知识图谱与改进的对抗元学习的对话生成**, *[📝arXiv'2020](https:\u002F\u002Farxiv.org\u002Fabs\u002F2004.08833)*\n+ **利用随机图对图神经网络进行水印标记**, *[📝arXiv'2020](https:\u002F\u002Farxiv.org\u002Fabs\u002F2011.00512)*\n+ **通过施加利普希茨常数约束训练鲁棒的图神经网络**, *[📝CentraleSupélec'2020](https:\u002F\u002Fgithub.com\u002FSJTUzhou\u002FLipschitz_gnn\u002Fblob\u002Fmain\u002FGNN_Robust_report.pdf)*, *[:octocat:代码](https:\u002F\u002Fgithub.com\u002FSJTUzhou\u002FLipschitz_gnn)*\n+ **CAP：针对权重和特征的协同对抗扰动，以提升图神经网络的泛化能力**, *[📝arXiv'2021](https:\u002F\u002Farxiv.org\u002Fabs\u002F2110.14855)*\n+ **自监督学习何时有助于图卷积网络？**, *[📝ICML'2020](https:\u002F\u002Farxiv.org\u002Fabs\u002F2006.09136)*\n+ **图神经网络的扰动敏感性**, *[📝cs224w'2019](http:\u002F\u002Fsnap.stanford.edu\u002Fclass\u002Fcs224w-2019\u002Fproject\u002F26424139.pdf)*\n\n# 📃综述\n[💨 返回顶部](#table-of-contents)\n\n+ **图的脆弱性与鲁棒性：综述**, *[📝TKDE'2022](https:\u002F\u002Farxiv.org\u002Fabs\u002F2105.00419)*\n+ **可信图神经网络的全面综述：隐私、鲁棒性、公平性与可解释性**, *[📝arXiv'2022](https:\u002F\u002Farxiv.org\u002Fabs\u002F2204.08570)*\n+ **可信图神经网络：方面、方法与趋势**, *[📝arXiv'2022](https:\u002F\u002Farxiv.org\u002Fabs\u002F2205.07424)*\n+ **可信图学习综述：可靠性、可解释性与隐私保护**, *[📝arXiv'2022](https:\u002F\u002Farxiv.org\u002Fabs\u002F2205.10014)*\n+ **面向结构性噪声的鲁棒图神经网络比较研究**, *[📝AAAI DLG'2022](https:\u002F\u002Farxiv.org\u002Fabs\u002F2112.06070)*\n+ **用于鲁棒表示的深度图结构学习：综述**, *[📝arXiv'2021](https:\u002F\u002Farxiv.org\u002Fabs\u002F2103.03036)*\n+ **图上深度学习模型的鲁棒性：综述**, *[📝AI Open'2021](https:\u002F\u002Farxiv.org\u002Fabs\u002F1812.04202)*\n+ **图神经网络的方法、应用与机遇**, *[📝arXiv'2021](https:\u002F\u002Farxiv.org\u002Fabs\u002F2108.10733)*\n+ **图上的对抗攻击与防御：回顾、工具与实证研究**, *[📝SIGKDD Explorations'2021](https:\u002F\u002Farxiv.org\u002Fabs\u002F2003.00653)*\n+ **图上对抗学习综述**, *[📝arXiv'2020](https:\u002F\u002Farxiv.org\u002Fabs\u002F2003.05730)*\n+ **图神经网络分类、进展与趋势**, *[📝arXiv'2020](https:\u002F\u002Farxiv.org\u002Fabs\u002F2012.08752)*\n+ **可靠深度图学习的最新进展：固有噪声、分布偏移与对抗攻击**, *[📝arXiv'2022](https:\u002F\u002Farxiv.org\u002Fabs\u002F2202.07114)*\n+ **图像、图和文本中的对抗攻击与防御：综述**, *[📝arXiv'2019](https:\u002F\u002Farxiv.org\u002Fabs\u002F1909.08072)*\n+ **图上的深度学习：综述**, *[📝arXiv'2018](https:\u002F\u002Farxiv.org\u002Fabs\u002F1812.04202)*\n+ **图数据上的对抗攻击与防御：综述**, *[📝arXiv'2018](https:\u002F\u002Farxiv.org\u002Fabs\u002F1812.10528)*\n\n# ⚙工具箱\n[💨 返回顶部](#table-of-contents)\n\n+ **DeepRobust：一个用于对抗攻击与防御的平台**, *[📝AAAI’2021](https:\u002F\u002Fojs.aaai.org\u002Findex.php\u002FAAAI\u002Farticle\u002Fview\u002F18017)*, [**:octocat:DeepRobust**](https:\u002F\u002Fgithub.com\u002FDSE-MSU\u002FDeepRobust)\n+ **GreatX：基于PyTorch和PyTorch Geometric的图可靠性工具箱**, *[📝arXiv’2022]()*, [**:octocat:GreatX**](https:\u002F\u002Fgithub.com\u002FEdisonLeeeee\u002FGreatX)\n+ **使用TIGER评估图的脆弱性和鲁棒性**, *[📝arXiv‘2021](https:\u002F\u002Farxiv.org\u002Fabs\u002F2006.05648)*, [**:octocat:TIGER**](https:\u002F\u002Fgithub.com\u002Fsafreita1\u002FTIGER)\n+ **图鲁棒性基准测试：重新思考并基准化图神经网络的对抗鲁棒性**, *[📝NeurIPS'2021](https:\u002F\u002Fopenreview.net\u002Fforum?id=pBwQ82pYha)*, [**:octocat:图鲁棒性基准测试 (GRB)**](https:\u002F\u002Fgithub.com\u002Fthudm\u002Fgrb)\n\n# 🔗资源\n[💨 返回顶部](#table-of-contents)\n\n+ **推荐系统上的优秀对抗学习资源** [:octocat:链接](https:\u002F\u002Fgithub.com\u002FEdisonLeeeee\u002FRS-Adversarial-Learning)\n+ **优秀的图攻击与防御论文集** [:octocat:链接](https:\u002F\u002Fgithub.com\u002FChandlerBang\u002Fawesome-graph-attack-papers)\n+ **图对抗学习文献** [:octocat:链接](https:\u002F\u002Fgithub.com\u002Fsafe-graph\u002Fgraph-adversarial-learning-literature)\n+ **所有（arXiv）对抗样本论文的完整列表** [🌐链接](https:\u002F\u002Fnicholas.carlini.com\u002Fwriting\u002F2019\u002Fall-adversarial-example-papers.html)\n+ **对抗攻击与防御的前沿、进展与实践**, *KDD'20教程*, [🌐链接](https:\u002F\u002Fsites.google.com\u002Fview\u002Fkdd-2020-attack-and-defense)\n+ **可信图学习：可靠性、可解释性与隐私保护**, *KDD'22教程*, [🌐链接](https:\u002F\u002Fai.tencent.com\u002Failab\u002Fml\u002Ftwgl\u002F)\n+ **知识图谱表示学习的对抗鲁棒性**, *都柏林三一学院博士论文*, [📝链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2210.00122)","# Graph-Adversarial-Learning 快速上手指南\n\n本仓库是一个关于**图对抗学习**（Graph Adversarial Learning）的论文与资源汇总清单，涵盖了攻击（Attack）、防御（Defense）、鲁棒性认证（Certification）等方向的最新研究成果。它本身不是一个单一的 Python 包，而是一个包含大量独立项目链接的索引库。\n\n以下指南将帮助您快速浏览资源、获取代码并复现相关研究。\n\n## 环境准备\n\n由于本仓库包含多个不同年份和会议的优秀工作，每个具体项目的依赖可能略有不同。建议准备一个通用的深度学习开发环境。\n\n*   **操作系统**: Linux (推荐 Ubuntu 18.04\u002F20.04) 或 macOS\n*   **Python 版本**: 3.7 - 3.9 (大多数图神经网络项目在此范围兼容性好)\n*   **核心依赖**:\n    *   PyTorch (>= 1.8.0)\n    *   DGL 或 PyG (PyTorch Geometric) - 根据具体论文代码选择\n    *   NumPy, SciPy, Pandas\n*   **硬件要求**: 建议配备 NVIDIA GPU (CUDA 11.0+) 以加速模型训练和攻击生成。\n\n**前置依赖安装命令**：\n```bash\n# 创建虚拟环境\nconda create -n graph_adv python=3.8\nconda activate graph_adv\n\n# 安装基础科学计算库\npip install numpy scipy pandas scikit-learn\n\n# 安装 PyTorch (推荐使用国内清华源加速)\npip install torch torchvision torchaudio --index-url https:\u002F\u002Fdownload.pytorch.org\u002Fwhl\u002Fcu118\n\n# 安装图神经网络库 (按需选择其一，或根据具体项目要求安装)\npip install dgl-cu118 -f https:\u002F\u002Fdata.dgl.ai\u002Fwheels\u002Fcu118\u002Frepo.html\n# 或者\npip install torch-geometric\n```\n\n## 安装步骤\n\n本仓库主要作为**资源索引**，没有统一的 `pip install` 命令。使用流程通常为：**查找论文\u002F代码 -> 克隆具体项目 -> 安装该项目依赖**。\n\n### 1. 克隆本资源仓库\n首先获取论文列表和分类索引：\n```bash\ngit clone https:\u002F\u002Fgithub.com\u002FEdisonLeeeee\u002FAwesome-Graph-Adversarial-Learning.git\ncd Awesome-Graph-Adversarial-Learning\n```\n\n### 2. 获取具体算法代码\n在仓库的 `README.md` 或 `Categorized\u002Fpapers_with_code.md` 中找到您感兴趣的论文（例如 2023 年的 **UGBA** 或 2022 年的 **GIA-HAO**），点击对应的 `[:octocat:Code]` 链接进入具体项目页面。\n\n以复现 **UGBA **(Unnoticeable Backdoor Attacks) 为例：\n```bash\n# 克隆具体项目代码\ngit clone https:\u002F\u002Fgithub.com\u002Fventr1c\u002FUGBA.git\ncd UGBA\n\n# 安装该项目特定依赖 (通常项目根目录有 requirements.txt)\npip install -r requirements.txt\n```\n\n> **提示**：部分老旧项目可能需要特定版本的 `torch` 或 `dgl`，请优先参考具体项目仓库中的 `README` 说明。\n\n## 基本使用\n\n由于这是论文合集，\"使用\"通常指**运行特定攻击或防御算法的演示脚本**。以下以典型的图对抗攻击流程为例，展示如何在一个具体的项目中运行攻击。\n\n### 示例：运行图节点注入攻击 (Node Injection Attack)\n\n假设您已进入某个具体项目目录（如 `G2A2C` 或 `UGBA`），典型的运行步骤如下：\n\n1.  **准备数据集**\n    大多数项目会自动下载标准数据集（如 Cora, Citeseer, Pubmed）。如需手动指定：\n    ```bash\n    # 示例：下载数据到 data 目录\n    mkdir data\n    # (具体下载命令视项目而定，通常运行脚本时会自动处理)\n    ```\n\n2.  **执行攻击脚本**\n    运行主程序文件，指定攻击类型、目标模型和数据集。\n    ```bash\n    # 通用运行模式示例 (参数需根据具体项目调整)\n    python main.py --dataset cora --attack_type node_injection --model gcn --epochs 200\n    \n    # 如果项目支持配置文件\n    python run_attack.py --config configs\u002Fugba_cora.json\n    ```\n\n3.  **查看结果**\n    运行结束后，终端通常会输出攻击成功率（ASR, Attack Success Rate）和干净样本准确率（CA, Clean Accuracy）。结果文件通常保存在 `results\u002F` 或 `logs\u002F` 目录下。\n    ```bash\n    cat results\u002Fattack_log.txt\n    ```\n\n### 快速查找最新论文\n若您想快速浏览最近 30 天更新的论文或带代码的论文，可直接查看仓库内的分类文件：\n```bash\n# 查看带代码的论文列表\ncat Categorized\u002Fpapers_with_code.md\n\n# 查看最近更新的论文\ncat Categorized\u002Frecent.md\n```\n\n---\n**引用说明**：\n如果您在研究中使用了本仓库整理的资源，请引用以下综述论文：\n*   *A Survey of Adversarial Learning on Graph*, arXiv'20.","某金融风控团队正在构建基于图神经网络（GNN）的反欺诈系统，旨在通过用户交易关系网识别潜在的洗钱团伙。\n\n### 没有 Graph-Adversarial-Learning 时\n- **防御盲区大**：团队仅依赖常规训练数据，完全不知道攻击者可以通过微调几条边或注入虚假节点（如 README 中提到的 Node Injection Attack）就能轻易欺骗模型。\n- **复现成本极高**：想要测试系统鲁棒性，需从零阅读数百篇分散的学术论文（如 ICLR、AAAI 等顶会文章），难以快速找到对应的攻击代码进行验证。\n- **缺乏评估标准**：面对新型对抗样本，团队无法判断模型是偶然失效还是存在结构性漏洞，更无从知晓业界最新的防御策略（Defense）和鲁棒性认证（Certification）方法。\n- **响应滞后**：当线上出现异常误判时，由于缺乏系统的对抗学习知识库，排查问题往往需要数周时间，导致风控策略更新严重滞后。\n\n### 使用 Graph-Adversarial-Learning 后\n- **主动模拟攻击**：利用库中整理的 400+ 篇论文及对应代码（如 G2A2C、UGBA 等），团队迅速复现了多种节点注入和后台攻击场景，提前发现了模型在特定拓扑结构下的脆弱点。\n- **研发效率倍增**：直接调用按年份、会议分类的攻击与防御算法清单，将原本数月的文献调研缩短为几天，快速构建了包含最新攻击手段的测试集。\n- **防御体系升级**：参考库中的防御（Defense）和稳定性（Stability）章节，引入了针对性的对抗训练机制，显著提升了模型对恶意扰动的抵抗力。\n- **闭环验证能力**：建立了从“攻击复现”到“防御加固”再到“鲁棒性认证”的完整工作流，确保新上线的风控模型在发布前已通过严格的对抗压力测试。\n\nGraph-Adversarial-Learning 将分散的学术成果转化为实战武器，帮助团队从被动修补漏洞转变为主动构建高鲁棒性的图智能防线。","https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FEdisonLeeeee_Graph-Adversarial-Learning_70dcd3e6.png","EdisonLeeeee","Jintang Li","https:\u002F\u002Foss.gittoolsai.com\u002Favatars\u002FEdisonLeeeee_46063746.jpg","Assistant Professor - Xiamen University - PyG-team.","Xiamen University","Xiamen, China","edisonlee@xmu.edu.cn",null,"https:\u002F\u002Fedisonleeeee.github.io\u002F","https:\u002F\u002Fgithub.com\u002FEdisonLeeeee",[86],{"name":87,"color":88,"percentage":89},"Python","#3572A5",100,583,77,"2026-04-01T12:37:29","GPL-3.0",4,"","未说明",{"notes":98,"python":96,"dependencies":99},"该仓库是一个图对抗学习领域的论文和资源列表（Awesome List），并非一个可直接运行的单一软件工具或代码库。README 中列出了大量不同研究论文的链接及其对应的独立代码仓库地址，因此没有统一的运行环境、依赖库或硬件需求。用户需根据具体想要复现的某篇论文，前往其对应的子项目仓库查看具体的环境配置要求。",[],[13,51],[102,103,104,105,106,107,108,109,110],"graph-adversarial-learning","graph-data","machine-learning","semi-supervised-learning","adversarial-attack","defense","survey","awesome","resources","2026-03-27T02:49:30.150509","2026-04-06T06:44:27.082670",[],[]]