[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"similar-safe-graph--graph-adversarial-learning-literature":3,"tool-safe-graph--graph-adversarial-learning-literature":61},[4,18,26,36,44,53],{"id":5,"name":6,"github_repo":7,"description_zh":8,"stars":9,"difficulty_score":10,"last_commit_at":11,"category_tags":12,"status":17},4358,"openclaw","openclaw\u002Fopenclaw","OpenClaw 是一款专为个人打造的本地化 AI 助手,旨在让你在自己的设备上拥有完全可控的智能伙伴。它打破了传统 AI 助手局限于特定网页或应用的束缚,能够直接接入你日常使用的各类通讯渠道,包括微信、WhatsApp、Telegram、Discord、iMessage 等数十种平台。无论你在哪个聊天软件中发送消息,OpenClaw 都能即时响应,甚至支持在 macOS、iOS 和 Android 设备上进行语音交互,并提供实时的画布渲染功能供你操控。\n\n这款工具主要解决了用户对数据隐私、响应速度以及“始终在线”体验的需求。通过将 AI 部署在本地,用户无需依赖云端服务即可享受快速、私密的智能辅助,真正实现了“你的数据,你做主”。其独特的技术亮点在于强大的网关架构,将控制平面与核心助手分离,确保跨平台通信的流畅性与扩展性。\n\nOpenClaw 非常适合希望构建个性化工作流的技术爱好者、开发者,以及注重隐私保护且不愿被单一生态绑定的普通用户。只要具备基础的终端操作能力(支持 macOS、Linux 及 Windows WSL2),即可通过简单的命令行引导完成部署。如果你渴望拥有一个懂你",349277,3,"2026-04-06T06:32:30",[13,14,15,16],"Agent","开发框架","图像","数据工具","ready",{"id":19,"name":20,"github_repo":21,"description_zh":22,"stars":23,"difficulty_score":10,"last_commit_at":24,"category_tags":25,"status":17},3808,"stable-diffusion-webui","AUTOMATIC1111\u002Fstable-diffusion-webui","stable-diffusion-webui 是一个基于 Gradio 构建的网页版操作界面,旨在让用户能够轻松地在本地运行和使用强大的 Stable Diffusion 图像生成模型。它解决了原始模型依赖命令行、操作门槛高且功能分散的痛点,将复杂的 AI 绘图流程整合进一个直观易用的图形化平台。\n\n无论是希望快速上手的普通创作者、需要精细控制画面细节的设计师,还是想要深入探索模型潜力的开发者与研究人员,都能从中获益。其核心亮点在于极高的功能丰富度:不仅支持文生图、图生图、局部重绘(Inpainting)和外绘(Outpainting)等基础模式,还独创了注意力机制调整、提示词矩阵、负向提示词以及“高清修复”等高级功能。此外,它内置了 GFPGAN 和 CodeFormer 等人脸修复工具,支持多种神经网络放大算法,并允许用户通过插件系统无限扩展能力。即使是显存有限的设备,stable-diffusion-webui 也提供了相应的优化选项,让高质量的 AI 艺术创作变得触手可及。",162132,"2026-04-05T11:01:52",[14,15,13],{"id":27,"name":28,"github_repo":29,"description_zh":30,"stars":31,"difficulty_score":32,"last_commit_at":33,"category_tags":34,"status":17},1381,"everything-claude-code","affaan-m\u002Feverything-claude-code","everything-claude-code 是一套专为 AI 编程助手(如 Claude Code、Codex、Cursor 等)打造的高性能优化系统。它不仅仅是一组配置文件,而是一个经过长期实战打磨的完整框架,旨在解决 AI 代理在实际开发中面临的效率低下、记忆丢失、安全隐患及缺乏持续学习能力等核心痛点。\n\n通过引入技能模块化、直觉增强、记忆持久化机制以及内置的安全扫描功能,everything-claude-code 能显著提升 AI 在复杂任务中的表现,帮助开发者构建更稳定、更智能的生产级 AI 代理。其独特的“研究优先”开发理念和针对 Token 消耗的优化策略,使得模型响应更快、成本更低,同时有效防御潜在的攻击向量。\n\n这套工具特别适合软件开发者、AI 研究人员以及希望深度定制 AI 工作流的技术团队使用。无论您是在构建大型代码库,还是需要 AI 协助进行安全审计与自动化测试,everything-claude-code 都能提供强大的底层支持。作为一个曾荣获 Anthropic 黑客大奖的开源项目,它融合了多语言支持与丰富的实战钩子(hooks),让 AI 真正成长为懂上",151918,2,"2026-04-12T11:33:05",[14,13,35],"语言模型",{"id":37,"name":38,"github_repo":39,"description_zh":40,"stars":41,"difficulty_score":32,"last_commit_at":42,"category_tags":43,"status":17},2271,"ComfyUI","Comfy-Org\u002FComfyUI","ComfyUI 是一款功能强大且高度模块化的视觉 AI 引擎,专为设计和执行复杂的 Stable Diffusion 图像生成流程而打造。它摒弃了传统的代码编写模式,采用直观的节点式流程图界面,让用户通过连接不同的功能模块即可构建个性化的生成管线。\n\n这一设计巧妙解决了高级 AI 绘图工作流配置复杂、灵活性不足的痛点。用户无需具备编程背景,也能自由组合模型、调整参数并实时预览效果,轻松实现从基础文生图到多步骤高清修复等各类复杂任务。ComfyUI 拥有极佳的兼容性,不仅支持 Windows、macOS 和 Linux 全平台,还广泛适配 NVIDIA、AMD、Intel 及苹果 Silicon 等多种硬件架构,并率先支持 SDXL、Flux、SD3 等前沿模型。\n\n无论是希望深入探索算法潜力的研究人员和开发者,还是追求极致创作自由度的设计师与资深 AI 绘画爱好者,ComfyUI 都能提供强大的支持。其独特的模块化架构允许社区不断扩展新功能,使其成为当前最灵活、生态最丰富的开源扩散模型工具之一,帮助用户将创意高效转化为现实。",108322,"2026-04-10T11:39:34",[14,15,13],{"id":45,"name":46,"github_repo":47,"description_zh":48,"stars":49,"difficulty_score":32,"last_commit_at":50,"category_tags":51,"status":17},6121,"gemini-cli","google-gemini\u002Fgemini-cli","gemini-cli 是一款由谷歌推出的开源 AI 命令行工具,它将强大的 Gemini 大模型能力直接集成到用户的终端环境中。对于习惯在命令行工作的开发者而言,它提供了一条从输入提示词到获取模型响应的最短路径,无需切换窗口即可享受智能辅助。\n\n这款工具主要解决了开发过程中频繁上下文切换的痛点,让用户能在熟悉的终端界面内直接完成代码理解、生成、调试以及自动化运维任务。无论是查询大型代码库、根据草图生成应用,还是执行复杂的 Git 操作,gemini-cli 都能通过自然语言指令高效处理。\n\n它特别适合广大软件工程师、DevOps 人员及技术研究人员使用。其核心亮点包括支持高达 100 万 token 的超长上下文窗口,具备出色的逻辑推理能力;内置 Google 搜索、文件操作及 Shell 命令执行等实用工具;更独特的是,它支持 MCP(模型上下文协议),允许用户灵活扩展自定义集成,连接如图像生成等外部能力。此外,个人谷歌账号即可享受免费的额度支持,且项目基于 Apache 2.0 协议完全开源,是提升终端工作效率的理想助手。",100752,"2026-04-10T01:20:03",[52,13,15,14],"插件",{"id":54,"name":55,"github_repo":56,"description_zh":57,"stars":58,"difficulty_score":32,"last_commit_at":59,"category_tags":60,"status":17},4721,"markitdown","microsoft\u002Fmarkitdown","MarkItDown 是一款由微软 AutoGen 团队打造的轻量级 Python 工具,专为将各类文件高效转换为 Markdown 格式而设计。它支持 PDF、Word、Excel、PPT、图片(含 OCR)、音频(含语音转录)、HTML 乃至 YouTube 链接等多种格式的解析,能够精准提取文档中的标题、列表、表格和链接等关键结构信息。\n\n在人工智能应用日益普及的今天,大语言模型(LLM)虽擅长处理文本,却难以直接读取复杂的二进制办公文档。MarkItDown 恰好解决了这一痛点,它将非结构化或半结构化的文件转化为模型“原生理解”且 Token 效率极高的 Markdown 格式,成为连接本地文件与 AI 分析 pipeline 的理想桥梁。此外,它还提供了 MCP(模型上下文协议)服务器,可无缝集成到 Claude Desktop 等 LLM 应用中。\n\n这款工具特别适合开发者、数据科学家及 AI 研究人员使用,尤其是那些需要构建文档检索增强生成(RAG)系统、进行批量文本分析或希望让 AI 助手直接“阅读”本地文件的用户。虽然生成的内容也具备一定可读性,但其核心优势在于为机器",93400,"2026-04-06T19:52:38",[52,14],{"id":62,"github_repo":63,"name":64,"description_en":65,"description_zh":66,"ai_summary_zh":67,"readme_en":68,"readme_zh":69,"quickstart_zh":70,"use_case_zh":71,"hero_image_url":72,"owner_login":73,"owner_name":74,"owner_avatar_url":75,"owner_bio":76,"owner_company":77,"owner_location":77,"owner_email":78,"owner_twitter":77,"owner_website":79,"owner_url":80,"languages":77,"stars":81,"forks":82,"last_commit_at":83,"license":77,"difficulty_score":84,"env_os":85,"env_gpu":86,"env_ram":86,"env_deps":87,"category_tags":90,"github_topics":91,"view_count":32,"oss_zip_url":77,"oss_zip_packed_at":77,"status":17,"created_at":104,"updated_at":105,"faqs":106,"releases":137},6983,"safe-graph\u002Fgraph-adversarial-learning-literature","graph-adversarial-learning-literature","A curated list of adversarial attacks and defenses papers on graph-structured data.","graph-adversarial-learning-literature 是一个专注于图结构数据对抗学习的精选论文清单。在人工智能领域,图神经网络虽然强大,却容易受到恶意攻击(如节点篡改、链接欺骗),导致模型判断失误。这个资源库正是为了解决这一安全隐患而生,它系统性地收集并整理了关于图数据“攻击”与“防御”的前沿学术成果,帮助从业者快速掌握如何破坏或保护图模型。\n\n该清单特别适合人工智能研究人员、算法工程师以及高校师生使用。无论是想要深入了解对抗样本生成机制,还是致力于开发更鲁棒的防御算法,用户都能在这里找到极具价值的参考文献。内容按年份倒序排列,涵盖从 2017 年至今的最新进展,并清晰标注了每篇论文的研究任务(如节点分类、假新闻检测)、目标模型(如 GCN、GAT)以及会议来源。\n\n其独特亮点在于不仅提供了详尽的文献索引,还关联了相关的综述文章和开源代码实现,极大地降低了复现论文和跟进技术趋势的门槛。用户可以通过搜索会议名称、任务类型或具体方法名,迅速定位到自己关心的内容。对于希望提升图机器学习模型安全性的团队来说,graph-adversarial-learning-liter","graph-adversarial-learning-literature 是一个专注于图结构数据对抗学习的精选论文清单。在人工智能领域,图神经网络虽然强大,却容易受到恶意攻击(如节点篡改、链接欺骗),导致模型判断失误。这个资源库正是为了解决这一安全隐患而生,它系统性地收集并整理了关于图数据“攻击”与“防御”的前沿学术成果,帮助从业者快速掌握如何破坏或保护图模型。\n\n该清单特别适合人工智能研究人员、算法工程师以及高校师生使用。无论是想要深入了解对抗样本生成机制,还是致力于开发更鲁棒的防御算法,用户都能在这里找到极具价值的参考文献。内容按年份倒序排列,涵盖从 2017 年至今的最新进展,并清晰标注了每篇论文的研究任务(如节点分类、假新闻检测)、目标模型(如 GCN、GAT)以及会议来源。\n\n其独特亮点在于不仅提供了详尽的文献索引,还关联了相关的综述文章和开源代码实现,极大地降低了复现论文和跟进技术趋势的门槛。用户可以通过搜索会议名称、任务类型或具体方法名,迅速定位到自己关心的内容。对于希望提升图机器学习模型安全性的团队来说,graph-adversarial-learning-literature 是一份不可或缺的高效导航工具。","\u003Cdiv align=\"center\">\n \u003Ch1>Awesome Graph Adversarial Learning Literature\u003C\u002Fh1>\n \u003Ca href=\"https:\u002F\u002Fawesome.re\">\u003Cimg src=\"https:\u002F\u002Fawesome.re\u002Fbadge.svg\"\u002F>\u003C\u002Fa>\n \u003Ca href=\"http:\u002F\u002Fmakeapullrequest.com\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FPRs-welcome-brightgreen.svg?style=flat-square\"\u002F>\u003C\u002Fa>\n\u003C\u002Fdiv>\n\nA curated list of adversarial attacks and defenses papers on graph-structured data. \n\nPapers are sorted by their uploaded dates in descending order.\n\nIf you want to add new entries, please make PRs with the same format.\n\nThis list serves as a complement to the survey below.\n\n[**Adversarial Attack and Defense on Graph Data: A Survey** ](https:\u002F\u002Farxiv.org\u002Fabs\u002F1812.10528) **(Updated in Oct 2022. More than 110 papers reviewed).**\n\n- Arxiv Version (Latest)\n\n```bibtex\n@article{sun2018adversarial,\n title={Adversarial Attack and Defense on Graph Data: A Survey},\n author={Sun, Lichao and Dou, Yingtong and Yang, Carl and Kai Zhang and Wang, Ji and Yixin Liu and Yu, Philip S. and He, Lifang and Li, Bo},\n journal={arXiv preprint arXiv:1812.10528},\n year={2018}\n}\n```\n\n- TKDE Version\n\n```bibtex\n@article{sun2022adversarial,\n title={Adversarial attack and defense on graph data: A survey},\n author={Sun, Lichao and Dou, Yingtong and Yang, Carl and Zhang, Kai and Wang, Ji and Philip, S Yu and He, Lifang and Li, Bo},\n journal={IEEE Transactions on Knowledge and Data Engineering},\n year={2022},\n publisher={IEEE}\n}\n```\n\nIf you feel this repo is helpful, please cite the survey above.\n\n## How to Search?\n\nSearch keywords like conference name (e.g., ```NeurIPS```), task name (e.g., ```Link Prediction```), model name (e.g., ```DeepWalk```), or method name (e.g., ```Robust```) over the webpage to quickly locate related papers.\n\n## Quick Links\n\n**Attack papers sorted by year:** | [2023](#attack-papers-2023-back-to-top) | [2022](#attack-papers-2022-back-to-top) | [2021](#attack-papers-2021-back-to-top) | [2020](#attack-papers-2020-back-to-top) | [2019](#attack-papers-2019-back-to-top) | [2018](#attack-papers-2018-back-to-top) | [2017](#attack-papers-2017-back-to-top) |\n\n**Defense papers sorted by year:** | [2023](#defense-papers-2023-back-to-top) | [2022](#defense-papers-2022-back-to-top) | [2021](#defense-papers-2021-back-to-top) | [2020](#defense-papers-2020-back-to-top) | [2019](#defense-papers-2019-back-to-top) | [2018](#defense-papers-2018-back-to-top) |\n\n## Attack\n\n### Attack Papers 2023 [[Back to Top](#graph-adversarial-learning-literature)]\n\n| Year | Title | Type | Target Task | Target Model | Venue | Paper | Code |\n| ---- | ------------------------------------------------------------ | ------ | ----------------------------------------------- | ------------------------------------------------------------ | ------------------------------------------------------- | ------------------------------------------------------------ | ------------------------------------------------------------ |\n | 2023 | **Revisiting Robustness in Graph Machine Learning**| Attack | Node Classification | GCN, SGC, APPNP, GAT, GATv2, GraphSAGE, LP | ICLR'23 | [Link](https:\u002F\u002Farxiv.org\u002Fpdf\u002F2305.00851.pdf) | [Link](https:\u002F\u002Fgithub.com\u002Fsaper0\u002Frevisiting_robustness)|\n | 2023 | **Unnoticeable Backdoor Attacks on Graph Neural Networks**| Attack | Node classification, Graph classification | GCN, GraphSage, and GAT | ArXiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2303.01263) | [Link](https:\u002F\u002Fgithub.com\u002Fventr1c\u002FUGBA)\n | 2023 | **Attacking Fake News Detectors via Manipulating News Social Engagement** | Attack | Fake News Detection| GAT, GCN, and GraphSAGE) | WWW'23 | [Link](https:\u002F\u002Farxiv.org\u002Fpdf\u002F2302.07363.pdf) | [Link](https:\u002F\u002Fgithub.com\u002Fhwang219\u002FAttackFakeNews)\n | 2023 | **HyperAttack: Multi-Gradient-Guided White-box Adversarial Structure Attack of Hypergraph Neural Networks** | Attack | Node Classification | HGNNs | ArXiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2302.12407) | \n | 2023 | **Turning Strengths into Weaknesses: A Certified Robustness Inspired Attack Framework against Graph Neural Networks** | Attack | Node Classification | GCN | CVPR'23 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2303.06199) | \n| 2023 | **Adversary for Social Good: Leveraging Attribute-Obfuscating Attack to Protect User Privacy on Social Networks** | Attack | Attribute Protection On Social Networks | GNNs | SecureComm 2022 | [Link](https:\u002F\u002Flink.springer.com\u002Fchapter\u002F10.1007\u002F978-3-031-25538-0_37) | |\n| 2023 | **Node Injection for Class-specific Network Poisoning** | Attack | Node Classification | GCN | arXiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2301.12277) | [Link](https:\u002F\u002Fgithub.com\u002Frahulk207\u002Fnicki) |\n| 2023 | **GUAP: Graph Universal Attack Through Adversarial Patching** | Attack | Node Classification | GCN | arXiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2301.01731) | [Link](https:\u002F\u002Fanonymous.4open.science\u002Fr\u002Fffd4fad9-367f-4a2a-bc65-1a7fe23d9d7f\u002F) |\n\n### Attack Papers 2022 [[Back to Top](#graph-adversarial-learning-literature)]\n\n| Year | Title | Type | Target Task | Target Model | Venue | Paper | Code |\n| ---- | ------------------------------------------------------------ | ------ | ----------------------------------------------- | ------------------------------------------------------------ | ------------------------------------------------------- | ------------------------------------------------------------ | ------------------------------------------------------------ |\n| 2022 | **GANI: Global Attacks on Graph Neural Networks via Imperceptible Node Injections** | Attack | Node Classification | GCN\u002FSGC\u002FJaccard\u002FSimPGCN | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2210.12598) | |\n| 2022 | **Motif-Backdoor: Rethinking the Backdoor Attack on Graph Neural Networks via Motifs** | Attack | Graph Classification | GCN\u002FSAGPool\u002FGIN\u002F | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2210.13710) | |\n| 2022 | **Towards Reasonable Budget Allocation in Untargeted Graph Structure Attacks via Gradient Debias** | Attack | Node Classification | GCN\u002FGAT\u002FGraphSAGE | NeurIPS 2022 | [Link](https:\u002F\u002Fopenreview.net\u002Fforum?id=vkGk2HI8oOP) | [Link](https:\u002F\u002Fgithub.com\u002FZihan-Liu-00\u002FGraD--NeurIPS22) |\n| 2022 | **Imperceptible Adversarial Attacks on Discrete-Time Dynamic Graph Models** | Attack | Dynamic Link Prediction\u002FNode Classification | GC-LSTM\u002FEVOLVEGCN\u002FDYSAT | NeurIPS 2022 Workshop TGL | [Link](https:\u002F\u002Fopenreview.net\u002Fforum?id=YMrdoXP3x_A) | |\n| 2022 | **A2S2-GNN: Rigging GNN-Based Social Status by Adversarial Attacks in Signed Social Networks** | Attack | Classification in unsigned or undirected graphs | GNNs | IEEE Transactions on Information Forensics and Security | [Link](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F9936655) | |\n| 2022 | **Let Graph be the Go Board: Gradient-free Node Injection Attack for Graph Neural Networks via Reinforcement Learning** | Attack | Node Classification | GCN\u002FSGC\u002FGAT\u002FAPPNP | AAAI23 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2211.10782) | [Link](https:\u002F\u002Fgithub.com\u002Fjumxglhf\u002FG2A2C) |\n| 2022 | **QuerySnout: Automating the Discovery of Attribute Inference Attacks against Query-Based Systems** | Attack | Query-based systems attribute inference | Diffix\u002FTableBuilder\u002FSimpleQBS | CCS 2022 | [Link](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3548606.3560581) | [Link](https:\u002F\u002Fgithub.com\u002Fcomputationalprivacy\u002Fquerysnout) |\n| 2022 | **Are Defenses for Graph Neural Networks Robust?** | Attack | Node Classification | GNN, GCN, Jaccard GCN, SVD GCN, GNNGuard, RGCN, ProGNN, GRAND, Soft Median GDC | NeurIPS 2022 | [Link](https:\u002F\u002Fwww.cs.cit.tum.de\u002Fdaml\u002Fare-gnn-defenses-robust\u002F) | [Link](https:\u002F\u002Fgithub.com\u002FLoadingByte\u002Fare-gnn-defenses-robust) |\n| 2022 | **Poisoning GNN-based Recommender Systems with Generative Surrogate-based Attacks** | Attack | Promotion\u002FRecommendation\u002FRe-producing | GNN | ACM TIS | [Link](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3567420) | |\n| 2022 | **Dealing with the unevenness: deeper insights in graph-based attack and defense** | Attack | Set-Cover problem | GCN, RGCN, GCN-Jaccard, Pro-GNN | Machine Learning | [Link](https:\u002F\u002Flink.springer.com\u002Farticle\u002F10.1007\u002Fs10994-022-06234-4) | |\n| 2022 | **Membership Inference Attacks Against Robust Graph Neural Network** | Attack | Membership Inference | GCN | CSS 2022 | [Link](https:\u002F\u002Flink.springer.com\u002Fchapter\u002F10.1007\u002F978-3-031-18067-5_19) | |\n| 2022 | **Sparse Vicious Attacks on Graph Neural Networks** | Attack | Link prediction | GNN | arXiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2209.09688) | [Link](https:\u002F\u002Fgithub.com\u002FGiovanniTRA\u002FSAVAGE) |\n| 2022 | **Model Inversion Attacks against Graph Neural Networks** | Attack | Node Classification | GCN, GAT and GraphSAGE | TKDE | [Link](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F9895303\u002F) | [Link](https:\u002F\u002Fgithub.com\u002Fzaixizhang\u002FGraphMI) |\n| 2022 | **Exploratory Adversarial Attacks on Graph Neural Networks for Semi-Supervised Node Classification** | Attack | Semi-Supervised Node Classification | GNN | Pattern Recognition | [Link](https:\u002F\u002Fwww.sciencedirect.com\u002Fscience\u002Farticle\u002Fpii\u002FS0031320322005222) | |\n| 2022 | **Adversarial Inter-Group Link Injection Degrades the Fairness of Graph Neural Networks** | Attack | node classification | GNN | IEEE ICDM 2022 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2209.05957) | [Link](https:\u002F\u002Fgithub.com\u002Fmengcao327\u002Fattack-gnn-fairness) |\n| 2022 | **Resisting Graph Adversarial Attack via Cooperative Homophilous Augmentation** | Attack | semi-Supervised Node Classification | GNN | ECML PKDD 2022 | [Link](https:\u002F\u002F2022.ecmlpkdd.org\u002Fwp-content\u002Fuploads\u002F2022\u002F09\u002Fsub_938.pdf) | |\n| 2022 | **What Does the Gradient Tell When Attacking the Graph Structure** | Attack | Node Classification | GCN, GraphSage and H2GCN | arXiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2208.12815) | |\n| 2022 | **Robust Node Classification on Graphs: Jointly from Bayesian Label Transition and Topology-based Label Propagation** | Attack | Node Classification | GNNs | CIKM 2022 | [Link](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3511808.3557437) | [Link](https:\u002F\u002Fgithub.com\u002Fjunzhuang-code\u002FLInDT) |\n| 2022 | **Revisiting Item Promotion in GNN-based Collaborative Filtering: A Masked Targeted Topological Attack Perspective** | Attack | Collaborative filtering | LightGCN | arXiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2208.09979) | |\n| 2022 | **Link-Backdoor: Backdoor Attack on Link Prediction via Node Injection** | Attack | Link Prediction | GAE, VGAE, GIC, ARGA, ARVGA | arXiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2208.06776) | [Link](https:\u002F\u002Fgithub.com\u002FSeaocn\u002FLink-Backdoor) |\n| 2022 | **Graph Structural Attack by Perturbing Spectral Distance** | Attack | node classification | two-layer GCN | KDD 2022 | [Link](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3534678.3539435) | |\n| 2022 | **Are Gradients on Graph Structure Reliable in Gray-box Attacks?** | Attack | node classification tasks | GraphSage | CIKM 2022 | [Link](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3511808.3557238) | |\n| 2022 | **Adversarial Camouflage for Node Injection Attack on Graphs** | Attack | semi-supervised information retrieval task | GNNs | arXiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2208.01819) | |\n| 2022 | **CLUSTER ATTACK: Query-based Adversarial Attacks on Graphs with Graph-Dependent Priors** | Attack | node classification | GNNs | IJCAI 2022 | [Link](https:\u002F\u002Fwww.ijcai.org\u002Fproceedings\u002F2022\u002F0108.pdf) | |\n| 2022 | **IoT-based Android Malware Detection Using Graph Neural Network With Adversarial Defense** | Attack | Malware Detection | GNN | IEEE Internet of Things | [Link](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F9814995\u002F) | |\n| 2022 | **Private Graph Extraction via Feature Explanations** | Attack | node classification | 2-layer GCN | arXiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2206.14724) | |\n| 2022 | **Towards Secrecy-Aware Attacks Against Trust Prediction in Signed Graphs** | Attack | trust prediction in signed graphs | SGCN, SNEA | arXiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2206.13104) | |\n| 2022 | **Camouflaged Poisoning Attack on Graph Neural Networks** | Attack | node classification | GCN | ICMR 2022 | [Link](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3512527.3531373) | |\n| 2022 | **LOKI: A Practical Data Poisoning Attack Framework against Next Item Recommendations** | Attack | Next Item Recommendations | BPRMF, FPMC, GRU4REC, TransRec | TKDE 2022 | [Link](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F9806383\u002F) | |\n| 2022 | **Poisoning GNN-based Recommender Systems with Generative Surrogate-based Attacks** | Attack | Promotion\u002FRecommendation\u002FRe-producing | GNNs | ACM Transactions on Information Systems 2022 | [Link](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3567420) | |\n| 2022 | **Transferable Graph Backdoor Attack** | Attack | Graph Classification | GNNs | RAID 2022 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2207.00425) | |\n| 2022 | **Cluster Attack: Query-based Adversarial Attacks on Graphs with Graph-Dependent Priors** | Attack | Node Classification | GNNs | IJCAI 2022 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2109.13069) | [Link](https:\u002F\u002Fgithub.com\u002Fthuwzy\u002FCluster-Attack) |\n| 2022 | **Adversarial Robustness of Graph-based Anomaly Detection** | Attack | Anomaly Detection | GNNs | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2206.08260) | |\n| 2022 | **Adversarial Attack Framework on Graph Embedding Models with Limited Knowledge** | Attack | Node Classification | GNNs | Preprint | [Link](https:\u002F\u002Fwww.researchgate.net\u002Fpublication\u002F351901618_Adversarial_Attack_Framework_on_Graph_Embedding_Models_with_Limited_Knowledge) | |\n| 2022 | **Label specificity attack: Change your label as I want** | Attack | Node Classification | GNNs | IJIS | [Link](https:\u002F\u002Fonlinelibrary.wiley.com\u002Fdoi\u002Ffull\u002F10.1002\u002Fint.22902) | |\n| 2022 | **Bandits for Structure Perturbation-based Black-box Attacks to Graph Neural Networks with Theoretical Guarantees** | Attack | Node Classification | GNNs | CVPR 2022 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2205.03546) | [Link](https:\u002F\u002Fgithub.com\u002FMetaoblivion\u002FBandit_GNN_Attack) |\n| 2022 | **AdverSparse: An Adversarial Attack Framework for Deep Spatial-Temporal Graph Neural Networks** | Attack | Spatial-Temporal Graph Embedding | Deep Spatial-Temporal GNNs | ICASSP 2022 | [Link](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F9747850) | |\n| 2022 | **Projective Ranking-based GNN Evasion Attacks** | Attack | Graph Classification | GNNs | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2202.12993) | |\n| 2022 | **Attacking Community Detectors: Mislead Detectors via Manipulating the Graph Structure** | Attack | Community Detection | Community Detection Algs, GNNs | MobiCASE 2021 | [Link](https:\u002F\u002Flink.springer.com\u002Fchapter\u002F10.1007\u002F978-3-030-99203-3_8) | |\n| 2022 | **A Targeted Universal Attack on Graph Convolutional Network by Using Fake Nodes** | Attack | Node Classification | GCN | Neural Processing Letters | [Link](https:\u002F\u002Flink.springer.com\u002Farticle\u002F10.1007\u002Fs11063-022-10764-2) | [Link](https:\u002F\u002Fgithub.com\u002FNanyuu\u002FTUA) |\n| 2022 | **Surrogate Representation Learning with Isometric Mapping for Gray-box Graph Adversarial Attacks** | Attack | Node Classification | GNNs | WSDM 2022 | [Link](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002F10.1145\u002F3488560.3498481) | |\n| 2022 | **Black-box Node Injection Attack for Graph Neural Networks** | Attack | Node Classification | GCN | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2202.09389) | [Link](https:\u002F\u002Fgithub.com\u002Fjumxglhf\u002FGA2C) |\n| 2022 | **Understanding and Improving Graph Injection Attack by Promoting Unnoticeability** | Attack | Node Classification | GNNs | ICLR 2022 | [Link](https:\u002F\u002Fopenreview.net\u002Fforum?id=wkMG8cdvh7-) | [Link](https:\u002F\u002Fgithub.com\u002FLFhase\u002FGIA-HAO) |\n| 2022 | **Unsupervised Graph Poisoning Attack via Contrastive Loss Back-propagation** | Attack | Node Classification, Link Prediction | GCN | WWW 2022 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2201.07986) | [Link](https:\u002F\u002Fgithub.com\u002FRinneSz\u002FCLGA) |\n| 2022 | **Neighboring Backdoor Attacks on Graph Convolutional Network** | Attack | Node Classification | GCN | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2201.06202) | |\n| 2022 | **Interpretable and Effective Reinforcement Learning for Attacking against Graph-based Rumor Detection** | Attack | Rumor Detection | RGCN | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2201.05819) | |\n\n\n### Attack Papers 2021 [[Back to Top](#graph-adversarial-learning-literature)]\n\n| Year | Title | Type | Target Task | Target Model | Venue | Paper | Code |\n| ---- | ------------------------------------------------------------ | ------ | ---------------------------------------------------------- | ------------------------------------ | ----------------------------------- | ------------------------------------------------------------ | ------------------------------------------------------------ |\n| 2021 | **Task and Model Agnostic Adversarial Attack on Graph Neural Networks** | Attack | Node Classification | GNNs | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2112.13267) | |\n| 2021 | **Model Stealing Attacks Against Inductive Graph Neural Networks** | Attack | Node Classification, Model Stealing | GNNs | IEEE S&P 2022 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2112.08331) | [Link](https:\u002F\u002Fgithub.com\u002Fxinleihe\u002FGNNStealing) |\n| 2021 | **How Members of Covert Networks Conceal the Identities of Their Leaders** | Attack | Covert Network Leader Detection | Centrality Measures | ACM TIST 2021 | [Link](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Ffull\u002F10.1145\u002F3490462) | |\n| 2021 | **Adapting Membership Inference Attacks to GNN for Graph Classification: Approaches and Implications** | Attack | Graph Classification | GNNs | ICDM 2021 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2110.08760) | [Link](https:\u002F\u002Fgithub.com\u002FTrustworthyGNN\u002FMIA-GNN\u002F) |\n| 2021 | **Graph Structural Attack by Spectral Distance** | Attack | Node Classification | GCN | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2111.00684) | |\n| 2021 | **Structural Attack against Graph Based Android Malware Detection** | Attack | Malware Detection | Graph Based Android Malware Detector | CCS 2021 | [Link](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3460120.3485387) | |\n| 2021 | **Adversarial Attacks on Knowledge Graph Embeddings via Instance Attribution Methods** | Attack | Knowledge Graph Embeddings | Knowledge Graph Embedding Models | EMNLP 2021 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2111.03120) | [Link](https:\u002F\u002Fgithub.com\u002FPeruBhardwaj\u002FAttributionAttack) |\n| 2021 | **Adversarial Attack against Cross-lingual Knowledge Graph Alignment** | Attack | Knowledge Graph Alignment | Knowledge Graph Embedding Models | EMNLP 2021 | [Link](https:\u002F\u002Faclanthology.org\u002F2021.emnlp-main.432\u002F) | |\n| 2021 | **Graph Robustness Benchmark: Benchmarking the Adversarial Robustness of Graph Machine Learning** | Attack | Node Classification | GNNs | NeurIPS 2021 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2111.04314) | [Link](https:\u002F\u002Fgithub.com\u002Fthudm\u002Fgrb) |\n| 2021 | **Adversarial Attacks on Graph Classification via Bayesian Optimisation** | Attack | Graph Classification | GNNs | NeurIPS 2021 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2111.02842) | [Link](https:\u002F\u002Fgithub.com\u002Fxingchenwan\u002Fgrabnel) |\n| 2021 | **Robustness of Graph Neural Networks at Scale** | Attack | Node Classification | GNNs | NeurIPS 2021 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2110.14038) | [Link](https:\u002F\u002Fgithub.com\u002Fsigeisler\u002Frobustness_of_gnns_at_scale) |\n| 2021 | **Large-Scale Adversarial Attacks on Graph Neural Networks via Graph Coarsening** | Attack | Node Classification | GNNs | ICLR 2022 OpenReview | [Link](https:\u002F\u002Fopenreview.net\u002Fforum?id=NUzrPpDjWp) | |\n| 2021 | **Mind Your Solver! On Adversarial Attack and Defense for Combinatorial Optimization** | Attack | Combinatorial Optimization | Combinatorial Optimization Solvers | ICLR 2022 OpenReview | [Link](https:\u002F\u002Fopenreview.net\u002Fforum?id=nKZvpGRdJlG) | |\n| 2021 | **Bandits for Black-box Attacks to Graph Neural Networks with Structure Perturbation** | Attack | Node Classification | GNNs | ICLR 2022 OpenReview | [Link](https:\u002F\u002Fopenreview.net\u002Fforum?id=6MFWE6u2b6R) | |\n| 2021 | **Poisoning Attacks against Knowledge Graph-based Recommendation Systems Using Deep Reinforcement Learning** | Attack | Knowledge Graph-based Recommender Systems | GNNs | Neural Computing and Applications | [Link](https:\u002F\u002Flink.springer.com\u002Farticle\u002F10.1007\u002Fs00521-021-06573-8) | |\n| 2021 | **FHA: Fast Heuristic Attack Against Graph Convolutional Networks** | Attack | Node Classification | GNNs | ICDS 2021 | [Link](https:\u002F\u002Flink.springer.com\u002Fchapter\u002F10.1007\u002F978-3-030-88942-5_12) | |\n| 2021 | **Inference Attacks Against Graph Neural Networks** | Attack | Graph\u002FProperty Inference | GNNs | USENIX Security 2022 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2110.02631) | [Link](https:\u002F\u002Fgithub.com\u002FZhangzhk0819\u002FGNN-Embedding-Leaks) |\n| 2021 | **Graph-Fraudster: Adversarial Attacks on Graph Neural Network Based Vertical Federated Learning** | Attack | Node Classification, Federated Learning | GNNs | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2110.06468) | |\n| 2021 | **Query-based Adversarial Attacks on Graph with Fake Nodes** | Attack | Node Classification | GCN | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2109.13069) | |\n| 2021 | **Single Node Injection Attack against Graph Neural Networks** | Attack | Node Classification | GNNs | CIKM 2021 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2108.13049) | [Link](https:\u002F\u002Fgithub.com\u002Ftaoshuchang\u002Fg-nia) |\n| 2021 | **Projective Ranking: A Transferable Evasion Attack Method on Graph Neural Networks** | Attack | Graph Classification | GCN | CIKM 2021 | [Link](https:\u002F\u002Fshiruipan.github.io\u002Fpublication\u002Fcikm-21-zhang\u002Fcikm-21-zhang.pdf) | |\n| 2021 | **Spatially Focused Attack against Spatiotemporal Graph Neural Networks** | Attack | Spatiotemporal Forecasting | GNNs | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2109.04608) | |\n| 2021 | **Derivative-free optimization adversarial attacks for graph convolutional networks** | Attack | Node Classification | GCN | PeerJ Computer Science | [Link](https:\u002F\u002Fpeerj.com\u002Farticles\u002Fcs-693\u002F) | |\n| 2021 | **A Hard Label Black-box Adversarial Attack Against Graph Neural Networks** | Attack | Graph Classification | GNNs | CCS 2021 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2108.09513) | |\n| 2021 | **Single-Node Attack for Fooling Graph Neural Networks** | Attack | Node Classification | GNNs | KDD 2021 Workshop | [Link](https:\u002F\u002Fdrive.google.com\u002Ffile\u002Fd\u002F12arm9w6UmvSIzGmaoocdH70czx7RVzGr\u002Fview) | [Link](https:\u002F\u002Fgithub.com\u002Fgnnattack\u002FSINGLE) |\n| 2021 | **Jointly Attacking Graph Neural Network and its Explanations** | Attack | GNN Explanation | GNNEXPLAINER, PGExplainer | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2108.03388) | |\n| 2021 | **The Robustness of Graph k-shell Structure under Adversarial Attacks** | Attack | K-shell Value | K-shell Decomposition | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2107.13962) | |\n| 2021 | **Poisoning Knowledge Graph Embeddings via Relation Inference Patterns** | Attack | Knowledge Graph Embedding | Knowledge Graph Embedding Models | ACL 2021 | [Link](https:\u002F\u002Faclanthology.org\u002F2021.acl-long.147\u002F) | [Link](https:\u002F\u002Fgithub.com\u002FPeruBhardwaj\u002FInferenceAttack) |\n| 2021 | **Structack: Structure-based Adversarial Attacks on Graph Neural Networks** | Attack | Node Classification | GCN | ACM Hypertext | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2107.11327) | [Link](https:\u002F\u002Fgithub.com\u002Fsqrhussain\u002Fstructack) |\n| 2021 | **Optimal Edge Weight Perturbations to Attack Shortest Paths** | Attack | Shortest Path | Shortest Path Algs | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fpdf\u002F2107.03347.pdf) | |\n| 2021 | **Adversarial Attack on Graph Neural Networks as An Influence Maximization Problem** | Attack | Node Classification | GNNs | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2106.10785) | |\n| 2021 | **BinarizedAttack: Structural Poisoning Attacks to Graph-based Anomaly Detection** | Attack | Anomaly Detection | Graph Anomaly Detection Algs | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2106.09989) | |\n| 2021 | **TDGIA: Effective Injection Attacks on Graph Neural Networks** | Attack | Node Classification | GNNs | KDD 2021 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2106.06663) | |\n| 2021 | **Graph Adversarial Attack via Rewiring** | Attack | Node Classification | GCN | KDD 2021 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F1906.03750) | |\n| 2021 | **Evaluating Graph Vulnerability and Robustness using TIGER** | Attack | Robustness Measure | Robustness Measure | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2006.05648) | [Link](https:\u002F\u002Fgithub.com\u002Fsafreita1\u002FTIGER) |\n| 2021 | **Adversarial Attack Framework on Graph Embedding Models with Limited Knowledge** | Attack | Node Classification | Graph Embedding Models | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2105.12419) | |\n| 2021 | **Attacking Graph Neural Networks at Scale** | Attack | Node Classification | GCN | AAAI 2021 Workshop | [Link](https:\u002F\u002Fwww.dropbox.com\u002Fs\u002Fddrwoswpz3wwx40\u002FRobust_GNNs_at_Scale__AAAI_Workshop_2020_CameraReady.pdf?dl=0) | |\n| 2021 | **Black-box Gradient Attack on Graph Neural Networks: Deeper Insights in Graph-based Attack and Defense** | Attack | Node Classification | GNNs | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2104.15061) | |\n| 2021 | **Enhancing Robustness and Resilience of Multiplex Networks Against Node-Community Cascading Failures** | Attack | Complex Networks Robustness | Complex Networks | IEEE TSMC | [Link](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F9415463\u002Fauthors#authors) | |\n| 2021 | **PATHATTACK: Attacking Shortest Paths in Complex Networks** | Attack | Shortest Path | Shortest Path | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2104.03761) | |\n| 2021 | **Universal Spectral Adversarial Attacks for Deformable Shapes** | Attack | Shape Classification | ChebyNet, PointNet | CVPR 2021 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2104.03356) | |\n| 2021 | **Preserve, Promote, or Attack? GNN Explanation via Topology Perturbation** | Attack | Object Detection | GNNs | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2103.13944) | |\n| 2021 | **Towards Revealing Parallel Adversarial Attack on Politician Socialnet of Graph Structure** | Attack | Node Classification | GCN | Security and Communication Networks | [Link](https:\u002F\u002Fwww.hindawi.com\u002Fjournals\u002Fscn\u002F2021\u002F6631247\u002F) | |\n| 2021 | **Network Embedding Attack: An Euclidean Distance Based Method** | Attack | Node Classification, Community Detection | Network Embedding Methods | MDATA | [Link](https:\u002F\u002Flink.springer.com\u002Fchapter\u002F10.1007%2F978-3-030-71590-8_8) | |\n| 2021 | **Adversarial Attack on Network Embeddings via Supervised Network Poisoning** | Attack | Node Classification, Link Prediction | DeepWalk, Node2vec, LINE, GCN | PAKDD 2021 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2102.07164) | [Link](https:\u002F\u002Fgithub.com\u002Fvirresh\u002Fviking) |\n| 2021 | **GraphAttacker: A General Multi-Task Graph Attack Framework** | Attack | Node Classification, Graph Classification, Link Prediction | GNNs | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2101.06855) | |\n| 2021 | **Membership Inference Attack on Graph Neural Networks** | Attack | Membership Inference | GNNs | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2101.06570) | |\n\n\n### Attack Papers 2020 [[Back to Top](#graph-adversarial-learning-literature)]\n\n| Year | Title | Type | Target Task | Target Model | Venue | Paper | Code |\n| ---- | ------------------------------------------------------------ | ------ | ---------------------------------------- | ----------------------------------------- | -------------------- | ------------------------------------------------------------ | ------------------------------------------------------------ |\n| 2020 | **Adversarial Label-Flipping Attack and Defense for Graph Neural Networks** | Attack | Node Classification | GNNs | ICDM 2020 | [Link](http:\u002F\u002Fshichuan.org\u002Fdoc\u002F97.pdf) | [Link](https:\u002F\u002Fgithub.com\u002FMengmeiZ\u002FLafAK) |\n| 2020 | **Exploratory Adversarial Attacks on Graph Neural Networks** | Attack | Node Classification | GCN | ICDM 2020 | [Link](https:\u002F\u002Fieeexplore.ieee.org\u002Fdocument\u002F9338329) | [Link](https:\u002F\u002Fgithub.com\u002FEpoAtk\u002FEpoAtk) |\n| 2020 | **A Targeted Universal Attack on Graph Convolutional Network** | Attack | Node Classification | GCN | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2011.14365) | [Link](https:\u002F\u002Fgithub.com\u002FNanyuu\u002FTUA) |\n| 2020 | **Attacking Graph-Based Classification without Changing Existing Connections** | Attack | Node Classification | Collective Classification Models | ACSAC 2020 | [Link](https:\u002F\u002Fcse.sc.edu\u002F~zeng1\u002Fpapers\u002F2020-acsac-graph.pdf) | |\n| 2020 | **Learning to Deceive Knowledge Graph Augmented Models via Targeted Perturbation** | Attack | Commonsense Reasoning Recommender System | Knowledge Graph | ICLR 2021 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2010.12872) | [Link](https:\u002F\u002Fgithub.com\u002FINK-USC\u002Fdeceive-KG-models) |\n| 2020 | **One Vertex Attack on Graph Neural Networks-based Spatiotemporal Forecasting** | Attack | Spatiotemporal Forecasting | GNNs | ICLR 2021 OpenReview | [Link](https:\u002F\u002Fopenreview.net\u002Fforum?id=W0MKrbVOxtd) | |\n| 2020 | **Single-Node Attack for Fooling Graph Neural Networks** | Attack | Node Classification | GNNs | ICLR 2021 OpenReview | [Link](https:\u002F\u002Fopenreview.net\u002Fforum?id=u4WfreuXxnk) | |\n| 2020 | **Black-Box Adversarial Attacks on Graph Neural Networks as An Influence Maximization Problem** | Attack | Node Classification | GNNs | ICLR 2021 OpenReview | [Link](https:\u002F\u002Fopenreview.net\u002Fforum?id=sbyjwhxxT8K) | |\n| 2020 | **Adversarial Attacks on Deep Graph Matching** | Attack | Graph Matching | Deep Graph Matching Models | NeurIPS 2020 | [Link](https:\u002F\u002Fpapers.nips.cc\u002Fpaper\u002F2020\u002Ffile\u002Fef126722e64e98d1c33933783e52eafc-Paper.pdf) | |\n| 2020 | **Towards More Practical Adversarial Attacks on Graph Neural Networks** | Attack | Node Classification | GNNs | NeurIPS 2020 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2006.05057) | [Link](https:\u002F\u002Fgithub.com\u002FMark12Ding\u002FGNN-Practical-Attack) |\n| 2020 | **A Graph Matching Attack on Privacy-Preserving Record Linkage** | Attack | Record Linkage | Rrivacy-preserving Record Linkage Methods | CIKM 2020 | [Link](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3340531.3411931) | |\n| 2020 | **Adaptive Adversarial Attack on Graph Embedding via GAN** | Attack | Node Classification | GCN, DeepWalk, LINE | SocialSec | [Link](https:\u002F\u002Flink.springer.com\u002Fchapter\u002F10.1007\u002F978-981-15-9031-3_7) | |\n| 2020 | **Scalable Adversarial Attack on Graph Neural Networks with Alternating Direction Method of Multipliers** | Attack | Node Classification | GNNs | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2009.10233) | |\n| 2020 | **Semantic-preserving Reinforcement Learning Attack Against Graph Neural Networks for Malware Detection** | Attack | Malware Detection | GCN | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2009.05602) | |\n| 2020 | **Adversarial Attack on Large Scale Graph** | Attack | Node Classification | GNN | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2009.03488) | |\n| 2020 | **Efficient Evasion Attacks to Graph Neural Networks via Influence Function** | Attack | Node Classification | GNN | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2009.00203) | |\n| 2020 | **Reinforcement Learning-based Black-Box Evasion Attacks to Link Prediction in Dynamic Graphs** | Attack | Link Prediction | DyGCN | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2009.00163) | |\n| 2020 | **Adversarial attack on BC classification for scale-free networks** | Attack | Broido and Clauset classification | scale-free network | AIP Chaos | [Link](https:\u002F\u002Faip.scitation.org\u002Fdoi\u002Ffull\u002F10.1063\u002F5.0003707) | |\n| 2020 | **Adversarial Attacks on Link Prediction Algorithms Based on Graph Neural Networks** | Attack | Link Prediction | GNN | Asia CCS 2020 | [Link](https:\u002F\u002Fiqua.ece.toronto.edu\u002Fpapers\u002Fwlin-asiaccs20.pdf) | |\n| 2020 | **Practical Adversarial Attacks on Graph Neural Networks** | Attack | Node Classification | GNN | ICML 2020 Workshop | [Link](https:\u002F\u002Fgrlplus.github.io\u002Fpapers\u002F8.pdf) | |\n| 2020 | **Link Prediction Adversarial Attack Via Iterative Gradient Attack** | Attack | Link Prediction | GAE | IEEE TCSS | [Link](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F9141291?casa_token=JY86mKguq68AAAAA:GNbeDZJNuMzzcHFPGOTACf9ihXxgQyAOSjVUnbWhiON6vVG7ap7k8Ey4DCNyJTO0qlSxMyJWSY4B) | |\n| 2020 | **An Efficient Adversarial Attack on Graph Structured Data** | Attack | Node Classification | GCN | IJCAI 2020 Workshop | [Link](https:\u002F\u002Fwww.aisafetyw.org\u002Fprogramme) | |\n| 2020 | **Graph Backdoor** | Attack | Node Classification Graph Classification | GNNs | USENIX Security 2021 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2006.11890) | |\n| 2020 | **Backdoor Attacks to Graph Neural Networks** | Attack | Graph Classification | GNNs | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2006.11165) | |\n| 2020 | **Robust Spammer Detection by Nash Reinforcement Learning** | Attack | Fraud Detection | Graph-based Fraud Detector | KDD 2020 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2006.06069) | [Link](https:\u002F\u002Fgithub.com\u002FYingtongDou\u002FNash-Detect) |\n| 2020 | **Adversarial Attacks on Graph Neural Networks: Perturbations and their Patterns** | Attack | Node Classification | GNN | TKDD | [Link](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002F10.1145\u002F3394520) | |\n| 2020 | **Adversarial Attack on Hierarchical Graph Pooling Neural Networks** | Attack | Graph Classification | GNN | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2005.11560) | |\n| 2020 | **Stealing Links from Graph Neural Networks** | Attack | Inferring Link | GNNs | USENIX Security 2021 | [Link](https:\u002F\u002Fwww.usenix.org\u002Fsystem\u002Ffiles\u002Fsec21summer_he.pdf) | |\n| 2020 | **Scalable Attack on Graph Data by Injecting Vicious Nodes** | Attack | Node Classification | GCN | ECML-PKDD 2020 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2004.13825) | |\n| 2020 | **Network disruption: maximizing disagreement and polarization in social networks** | Attack | Manipulating Opinion | Graph Model, Social Network | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2003.08377) | |\n| 2020 | **Adversarial Perturbations of Opinion Dynamics in Networks** | Attack | Manipulating Opinion | Graph Model | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2003.07010) | |\n| 2020 | **Non-target-specific Node Injection Attacks on Graph Neural Networks: A Hierarchical Reinforcement Learning Approach** | Attack | Node Classification | GCN | WWW 2020 | [Link](https:\u002F\u002Ffaculty.ist.psu.edu\u002Fvhonavar\u002FPapers\u002Fwww20.pdf) | |\n| 2020 | **MGA: Momentum Gradient Attack on Network** | Attack | Node Classification, Community Detection | GCN, DeepWalk, node2vec | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2002.11320) | |\n| 2020 | **Indirect Adversarial Attacks via Poisoning Neighbors for Graph Convolutional Networks** | Attack | Node Classification | GCN | BigData 2019 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2002.08012) | |\n| 2020 | **Graph Universal Adversarial Attacks: A Few Bad Actors Ruin Graph Learning Models** | Attack | Node Classification | GCN | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2002.04784) | [Link](https:\u002F\u002Fgithub.com\u002Fchisam0217\u002FGraph-Universal-Attack) |\n| 2020 | **Adversarial Attacks to Scale-Free Networks: Testing the Robustness of Physical Criteria** | Attack | Network Structure | Physical Criteria | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2002.01249) | |\n| 2020 | **Adversarial Attack on Community Detection by Hiding Individuals** | Attack | Community Detection | GCN | WWW 2020 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2001.07933) | [Link](https:\u002F\u002Fgithub.com\u002Fhalimiqi\u002FCD-ATTACK) |\n\n### Attack Papers 2019 [[Back to Top](#graph-adversarial-learning-literature)]\n\n| Year | Title | Type | Target Task | Target Model | Venue | Paper | Code |\n| ---- | ------------------------------------------------------------ | ------ | ---------------------------------------- | ------------------------------------------------------------ | ------------ | ---------------------------------------------------------- | ------------------------------------------------------------ |\n| 2019 | **How Robust Are Graph Neural Networks to Structural Noise?** | Attack | Node Structural Identity Prediction | GIN | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F1912.10206) | |\n| 2019 | **Time-aware Gradient Attack on Dynamic Network Link Prediction** | Attack | Link Prediction | Dynamic Network Embedding Algs | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F1911.10561) | |\n| 2019 | **All You Need is Low (Rank): Defending Against Adversarial Attacks on Graphs** | Attack | Node Classification | GCN, Tensor Embedding | WSDM 2020 | [Link](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3336191.3371789) | [Link](https:\u002F\u002Fgithub.com\u002FDSE-MSU\u002FDeepRobust) |\n| 2019 | **αCyber: Enhancing Robustness of Android Malware Detection System against Adversarial Attacks on Heterogeneous Graph based Model** | Attack | Malware Detection | HIN | CIKM 2019 | [Link](https:\u002F\u002Fdl.acm.org\u002Fcitation.cfm?id=3357875) | |\n| 2019 | **A Unified Framework for Data Poisoning Attack to Graph-based Semi-supervised Learning** | Attack | Semi-supervised Learning | Label Propagation | NeurIPS 2019 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F1910.14147) | |\n| 2019 | **Manipulating Node Similarity Measures in Networks** | Attack | Node Similarity | Node Similarity Measures | AAMAS 2020 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F1910.11529) | |\n| 2019 | **Multiscale Evolutionary Perturbation Attack on Community Detection** | Attack | Community Detection | Community Metrics | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F1910.09741) | |\n| 2019 | **Attacking Graph Convolutional Networks via Rewiring** | Attack | Node Classification | GCN | Openreview | [Link](https:\u002F\u002Fopenreview.net\u002Fpdf?id=B1eXygBFPH) | |\n| 2019 | **Node Injection Attacks on Graphs via Reinforcement Learning** | Attack | Node Classification | GCN | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F1909.06543) | |\n| 2019 | **A Restricted Black-box Adversarial Framework Towards Attacking Graph Embedding Models** | Attack | Node Classification | GCN, SGC | AAAI 2020 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F1908.01297) | [Link](https:\u002F\u002Fgithub.com\u002FSwiftieH\u002FGFAttack) |\n| 2019 | **Topology Attack and Defense for Graph Neural Networks: An Optimization Perspective** | Attack | Node Classification | GNN | IJCAI 2019 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F1906.04214) | [Link](https:\u002F\u002Fgithub.com\u002FKaidiXu\u002FGCN_ADV_Train) |\n| 2019 | **Unsupervised Euclidean Distance Attack on Network Embedding** | Attack | Node Embedding | GCN | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F1905.11015) | |\n| 2019 | **Generalizable Adversarial Attacks Using Generative Models** | Attack | Node Classification | GCN | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F1905.10864) | |\n| 2019 | **Vertex Nomination, Consistent Estimation, and Adversarial Modification** | Attack | Vertex Nomination | VN Scheme | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F1905.01776) | |\n| 2019 | **Data Poisoning Attack against Knowledge Graph Embedding** | Attack | Fact Plausibility Prediction | TransE, TransR | IJCAI 2019 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F1904.12052) | |\n| 2019 | **Adversarial Examples on Graph Data: Deep Insights into Attack and Defense** | Attack | Node Classification | GCN | IJCAI 2019 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F1903.01610) | [Link](https:\u002F\u002Fgithub.com\u002FDSE-MSU\u002FDeepRobust) |\n| 2019 | **Adversarial Attacks on Node Embeddings via Graph Poisoning** | Attack | Node Classification, Community Detection | node2vec, DeepWalk, GCN, Spectral Embedding, Label Propagation | ICML 2019 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F1809.01093#) | [Link](https:\u002F\u002Fgithub.com\u002Fabojchevski\u002Fnode_embedding_attack) |\n| 2019 | **Attacking Graph-based Classification via Manipulating the Graph Structure** | Attack | Node Classification | Belief Propagation, GCN | CCS 2019 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F1903.00553) | |\n| 2019 | **Adversarial Attacks on Graph Neural Networks via Meta Learning** | Attack | Node Classification | GCN, CLN, DeepWalk | ICLR 2019 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F1902.08412) | [Link](https:\u002F\u002Fgithub.com\u002Fdanielzuegner\u002Fgnn-meta-attack) |\n\n### Attack Papers 2018 [[Back to Top](#graph-adversarial-learning-literature)]\n\n| Year | Title | Type | Target Task | Target Model | Venue | Paper | Code |\n| ---- | ------------------------------------------------------------ | ------ | ----------------------------------------- | ----------------------------------- | --------------------- | ------------------------------------------------------------ | ------------------------------------------------------------ |\n| 2018 | **Poisoning Attacks to Graph-Based Recommender Systems** | Attack | Recommender System | Graph-based Recommendation Algs | ACSAC 2018 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F1809.04127) | |\n| 2018 | **GA Based Q-Attack on Community Detection** | Attack | Community Detection | Modularity, Community Detection Alg | IEEE TCSS | [Link](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F8714065) | |\n| 2018 | **Data Poisoning Attack against Unsupervised Node Embedding Methods** | Attack | Link Prediction | LINE, DeepWalk | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F1810.12881) | |\n| 2018 | **Attack Graph Convolutional Networks by Adding Fake Nodes** | Attack | Node Classification | GCN | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F1810.10751) | |\n| 2018 | **Link Prediction Adversarial Attack** | Attack | Link Prediction | GAE, GCN | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F1810.01110) | |\n| 2018 | **Attack Tolerance of Link Prediction Algorithms: How to Hide Your Relations in a Social Network** | Attack | Link Prediction | Traditional Link Prediction Algs | Scientific Reports | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F1809.00152) | |\n| 2018 | **Attacking Similarity-Based Link Prediction in Social Networks** | Attack | Link Prediction | local&global similarity metrics | AAMAS 2019 | [Link](https:\u002F\u002Fdl.acm.org\u002Fcitation.cfm?id=3306127.3331707) | |\n| 2018 | **Fast Gradient Attack on Network Embedding** | Attack | Node Classification | GCN | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F1809.02797) | |\n| 2018 | **Adversarial Attack on Graph Structured Data** | Attack | Node Classification, Graph Classification | GNN, GCN | ICML 2018 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F1806.02371) | [Link](https:\u002F\u002Fgithub.com\u002FHanjun-Dai\u002Fgraph_adversarial_attack) |\n| 2018 | **Adversarial Attacks on Neural Networks for Graph Data** | Attack | Node Classification | GCN | KDD 2018 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F1805.07984) | [Link](https:\u002F\u002Fgithub.com\u002Fdanielzuegner\u002Fnettack) |\n| 2018 | **Hiding individuals and communities in a social network** | Attack | Community Detection | Community Detection Algs | Nature Human Behavior | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F1608.00375) | [Link](https:\u002F\u002Fgithub.com\u002FDSE-MSU\u002FDeepRobust) |\n\n### Attack Papers 2017 [[Back to Top](#graph-adversarial-learning-literature)]\n\n| Year | Title | Type | Target Task | Target Model | Venue | Paper | Code |\n| ---- | ------------------------------------------------------------ | ------ | ---------------- | -------------------------------------- | -------- | ---------------------------------------- | ---------------------------------------------- |\n| 2017 | **Practical Attacks Against Graph-based Clustering** | Attack | Graph Clustering | SVD, node2vec, Community Detection Alg | CCS 2017 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F1708.09056) | |\n| 2017 | **Adversarial Sets for Regularising Neural Link Predictors** | Attack | Link Prediction | Knowledge Graph Embeddings | UAI 2017 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F1707.07596) | [Link](https:\u002F\u002Fgithub.com\u002Fuclmr\u002Finferbeddings) |\n\n## Defense\n\n### Defense Papers 2023 [[Back to Top](#graph-adversarial-learning-literature)]\n\n| Year | Title | Type | Target Task | Target Model | Venue | Paper | Code |\n| ---- | ------------------------------------------------------------ | ------- | --------------------------------------------------------- | ------------------------------------------------------------ | ------------------------------------------------- | ------------------------------------------------------------ | ------------------------------------------------------------ |\n | 2023 | **Revisiting Robustness in Graph Machine Learning**| Defense | Node Classification | GCN, SGC, APPNP, GAT, GATv2, GraphSAGE, LP | ICLR'23 | [Link](https:\u002F\u002Farxiv.org\u002Fpdf\u002F2305.00851.pdf) | [Link](https:\u002F\u002Fgithub.com\u002Fsaper0\u002Frevisiting_robustness)|\n| 2023 | **Empowering Graph Representation Learning with Test-Time Graph Transformation** | Defense | Node Classification | GCN | ICLR | [Link](https:\u002F\u002Fopenreview.net\u002Fforum?id=Lnxl5pr018) | [Link](https:\u002F\u002Fgithub.com\u002FChandlerBang\u002FGTrans)|\n| 2023 | **Adversarial Danger Identification on Temporally Dynamic Graph** | Defense | Temporally Dynamic Graphs | Hybrid GNN-based time series classifier | IEEE Transactions on Neural Networks and Learning Systems | [Link](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F10068359) | \n\n### Defense Papers 2022 [[Back to Top](#graph-adversarial-learning-literature)]\n\n| Year | Title | Type | Target Task | Target Model | Venue | Paper | Code |\n| ---- | ------------------------------------------------------------ | ------- | --------------------------------------------------------- | ------------------------------------------------------------ | ------------------------------------------------- | ------------------------------------------------------------ | ------------------------------------------------------------ |\n| 2022 | **Privacy Protection for Marginal-Sensitive Community Individuals Against Adversarial Community Detection Attacks** | Defense | Community Detection | DICE, Random Target Attack (RTA) | IEEE Transactions on Computational Social Systems | [Link](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F9997230\u002F) | |\n| 2022 | **DeepInsight: Topology Changes Assisting Detection of Adversarial Samples on Graphs** | Defense | Node Classification | Two-layer GCNs | IEEE Transactions on Computational Social Systems | [Link](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F9931416) | |\n| 2022 | **ERGCN: Data enhancement-based robust graph convolutional network against adversarial attacks** | Defense | Information Sciences | Node Classification | GCN\u002FGCN-Jaccard\u002FRGGCN\u002FPro-GNN\u002FSimP-GCN\u002FEGCN | [Link](https:\u002F\u002Fwww.sciencedirect.com\u002Fscience\u002Farticle\u002Fpii\u002FS0020025522012415) | [Link](https:\u002F\u002Fgithub.com\u002Fstar4455\u002FERGCN) |\n| 2022 | **On the Vulnerability of Graph Learning based Collaborative Filtering** | Defense | Graph Learning based Collaborative Filtering | NGCF\u002FLightGCN | ACM Transactions on Information Systems | [Link](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3572834) | |\n| 2022 | **FocusedCleaner: Sanitizing Poisoned Graphs for Robust GNN-based Node Classification** | Defense | Node Classification | GNN-Jaccard\u002FProGNN\u002FRGCN\u002FMedianGNN\u002FSimPGCN\u002FGNNGUARD\u002FElasticGNN\u002FAirGNNGASOLINE\u002FmaskGVAE | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2210.13815) | |\n| 2022 | **Robust cross-network node classification via constrained graph mutual information** | Defense | cross-network node classification | GNNs | Knowledge-Based Systems | [Link](https:\u002F\u002Fwww.sciencedirect.com\u002Fscience\u002Farticle\u002Fpii\u002FS0950705122009455) | |\n| 2022 | **On the Robustness of Graph Neural Diffusion to Topology Perturbations** | Defense | Node Classification | GAT, GraphSAGE, GIN, APPNP | arXiv preprint | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2209.07754) | [Link](https:\u002F\u002Fgithub.com\u002Fzknus\u002FRobustness-of-Graph-Neural-Diffusion) |\n| 2022 | **Defending Against Backdoor Attack on Graph Nerual Network by Explainability** | Defense | graph classification task | GraphConv, GIN | arXiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2209.02902) | |\n| 2022 | **Adversarial for Social Privacy: A Poisoning Strategy to Degrade User Identity Linkage** | Defense | user identity linkage | GCNs | arXiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2209.00269) | |\n| 2022 | **Towards an Optimal Asymmetric Graph Structure for Robust Semi-supervised Node Classification** | Defense | semi-supervised node classification | GCN | KDD 2022 | [Link](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3534678.3539332) | |\n| 2022 | **Reliable Representations Make A Stronger Defender: Unsupervised Structure Refinement for Robust GNN** | Defense | Node Classification | GNNs | KDD 2022 | [Link](https:\u002F\u002Fponderly.github.io\u002Fpub\u002FSTABLE_KDD2022.pdf) | |\n| 2022 | **Robust Graph Representation Learning for Local Corruption Recovery** | Defense | Node Attribute Recovery | GNNs | ICML 2022 Workshop | [Link](https:\u002F\u002Fyuguangwang.github.io\u002Fpapers\u002FL_p_graph_regularizer_ICML%20TAG%202022.pdf) | |\n| 2022 | **Appearance and Structure Aware Robust Deep Visual Graph Matching: Attack, Defense and Beyond** | Defense | Graph Matching | Graph Matching Algs | CVPR 2022 | [Link](https:\u002F\u002Fopenaccess.thecvf.com\u002Fcontent\u002FCVPR2022\u002Fhtml\u002FRen_Appearance_and_Structure_Aware_Robust_Deep_Visual_Graph_Matching_Attack_CVPR_2022_paper.html) | [Link](https:\u002F\u002Fgithub.com\u002FThinklab-SJTU\u002FRobustMatch) |\n| 2022 | **Large-Scale Privacy-Preserving Network Embedding against Private Link Inference Attacks** | Defense | Privacy Protection | Network Embedding Algs | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2205.14440) | |\n| 2022 | **Detecting Topology Attacks against Graph Neural Networks** | Defense | Node Classification | GNNs | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2204.10072) | |\n| 2022 | **GUARD: Graph Universal Adversarial Defense** | Defense | Node Classification | GNNs | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2204.09803) | [Link](https:\u002F\u002Fgithub.com\u002FEdisonLeeeee\u002FGUARD) |\n| 2022 | **Robust Graph Neural Networks via Ensemble Learning** | Defense | Node Classification | GNNs | Mathematics | [Link](https:\u002F\u002Fwww.mdpi.com\u002F2227-7390\u002F10\u002F8\u002F1300\u002Fhtm) | |\n| 2022 | **AN-GCN: An Anonymous Graph Convolutional Network Against Edge-Perturbing Attacks** | Defense | Node Classification | GNNs | IEEE TNNLS | [Link](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F9775013) | |\n| 2022 | **Exploring High-Order Structure for Robust Graph Structure Learning** | Defense | Node Classification | GNNs | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2203.11492) | |\n| 2022 | **Defending Graph Convolutional Networks against Dynamic Graph Perturbations via Bayesian Self-supervision** | Defense | Node Classification | GNNs | AAAI 2022 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2203.03762) | [Link](https:\u002F\u002Fgithub.com\u002Fjunzhuang-code\u002FGraphSS) |\n| 2022 | **Graph alternate learning for robust graph neural networks in node classification** | Defense | Node Classification | GNNs | Neural Computing and Applications | [Link](https:\u002F\u002Flink.springer.com\u002Farticle\u002F10.1007\u002Fs00521-021-06863-1) | |\n| 2022 | **Robust Heterogeneous Graph Neural Networks against Adversarial Attacks** | Defense | Node Classification | Heterogeneous GNNs | AAAI 2022 | [Link](http:\u002F\u002Fshichuan.org\u002Fdoc\u002F132.pdf) | |\n| 2022 | **How Does Bayesian Noisy Self-Supervision Defend Graph Convolutional Networks?** | Defense | Node Classification | GNNs | Neural Processing Letters | [Link](https:\u002F\u002Flink.springer.com\u002Farticle\u002F10.1007\u002Fs11063-022-10750-8) | |\n| 2022 | **GARNET: Reduced-Rank Topology Learning for Robust and Scalable Graph Neural Networks** | Defense | Node Classification | GNNs | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2201.12741) | |\n| 2022 | **Mind Your Solver! On Adversarial Attack and Defense for Combinatorial Optimization** | Defense | Combinatorial Optimization | Combinatorial Optimization Methods | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2201.00402) | |\n| 2022 | **Unsupervised Adversarially Robust Representation Learning on Graphs** | Defense | Node Classification, Link Prediction, Community Detection | GNNs | AAAI 2022 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2012.02486) | |\n\n### Defense Papers 2021 [[Back to Top](#graph-adversarial-learning-literature)]\n\n| Year | Title | Type | Target Task | Target Model | Venue | Paper | Code |\n| ---- | ------------------------------------------------------------ | ------- | ------------------------------------------------------ | --------------------------------------- | -------------------- | ------------------------------------------------------------ | ------------------------------------------------- |\n| 2021 | **Mind Your Solver! On Adversarial Attack and Defense for Combinatorial Optimization** | Defense | Combinatorial Optimization | Combinatorial Optimization Methods | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2201.00402) | |\n| 2021 | **Robust Graph Neural Networks via Probabilistic Lipschitz Constraints** | Defense | Decentralized Control | GNNs | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2112.07575) | |\n| 2021 | **Graph-based Adversarial Online Kernel Learning with Adaptive Embedding** | Defense | Node Classification | Kernel Learning Models | ICDM 2021 | | |\n| 2021 | **Not All Low-Pass Filters are Robust in Graph Convolutional Networks** | Defense | Node Classification | GCN | NeurIPS 2021 | [Link](https:\u002F\u002Fopenreview.net\u002Fforum?id=bDdfxLQITtu) | |\n| 2021 | **Graph Neural Networks with Adaptive Residual** | Defense | Node Classification, Abnormal Features | GNNs | NeurIPS 2021 | [Link](https:\u002F\u002Fopenreview.net\u002Fpdf?id=hfkER_KJiNw) | |\n| 2021 | **Generalization of Neural Combinatorial Solvers Through the Lens of Adversarial Robustness** | Defense | Combinatorial Optimization | Combinatorial Solvers | NeurIPS 2021 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2110.10942) | |\n| 2021 | **Defending Graph Neural Networks via Tensor-Based Robust Graph Aggregation** | Defense | Node Classification | GNNs | ICLR 2022 OpenReview | [Link](https:\u002F\u002Fopenreview.net\u002Fforum?id=BrfHcL-99sy) | |\n| 2021 | **Robust Graph Data Learning with Latent Graph Convolutional Representation** | Defense | Node Classification, Node Clustering | GNNs | ICLR 2022 OpenReview | [Link](https:\u002F\u002Fopenreview.net\u002Fforum?id=krQLTdel74N) | |\n| 2021 | **Edge Rewiring Goes Neural: Boosting Network Resilience via Policy Gradient** | Defense | Graph Resilience | GNNs | ICLR 2022 OpenReview | [Link](https:\u002F\u002Fopenreview.net\u002Fforum?id=eVzy-BWKY6Z) | |\n| 2021 | **On the Relationship between Heterophily and Robustness of Graph Neural Networks** | Defense | Node Classification | GNNs | ICLR 2022 OpenReview | [Link](https:\u002F\u002Fopenreview.net\u002Fforum?id=Nus6fOfh1HW) | |\n| 2021 | **A General Unified Graph Neural Network Framework Against Adversarial Attacks** | Defense | Node Classification | GNNs | ICLR 2022 OpenReview | [Link](https:\u002F\u002Fopenreview.net\u002Fforum?id=bpUHBc9HCU8) | |\n| 2021 | **Node Copying: A Random Graph Model for Effective Graph Sampling** | Defense | Node Classification | GNNs | Signal Processing | [Link](https:\u002F\u002Fwww.sciencedirect.com\u002Fscience\u002Farticle\u002Fpii\u002FS0165168421003728) | |\n| 2021 | **Node Feature Kernels Increase Graph Convolutional Robustness** | Defense | Node Classification | GNNs | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2109.01785) | [Link](https:\u002F\u002Fgithub.com\u002FChangminWu\u002FRobustGCN) |\n| 2021 | **Speedup Robust Graph Structure Learning with Low-Rank Information** | Defense | Node Classification | GNNs | CIKM 2021 | [Link](http:\u002F\u002Fxiangliyao.cn\u002Fpapers\u002Fcikm21-hui.pdf) | |\n| 2021 | **A Lightweight Metric Defence Strategy for Graph Neural Networks Against Poisoning Attacks** | Defense | Node Classification | GNNs | ICICS 2021 | [Link](https:\u002F\u002Flink.springer.com\u002Fchapter\u002F10.1007\u002F978-3-030-88052-1_4) | [Link](https:\u002F\u002Fgithub.com\u002Flizi-learner\u002FMD-GNN) |\n| 2021 | **CoG: a Two-View Co-training Framework for Defending Adversarial Attacks on Graph** | Defense | Node Classification | GCN | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2109.05558) | |\n| 2021 | **Robust Counterfactual Explanations on Graph Neural Networks** | Defense | Link Prediction | Probabilistic Network Embedding Models | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2107.01936) | |\n| 2021 | **Elastic Graph Neural Networks** | Defense | Node classification | GNNs | ICML 2021 | [Link](http:\u002F\u002Fproceedings.mlr.press\u002Fv139\u002Fliu21k\u002Fliu21k.pdf) | [Link](https:\u002F\u002Fgithub.com\u002Flxiaorui\u002FElasticGNN) |\n| 2021 | **Expressive 1-Lipschitz Neural Networks for Robust Multiple Graph Learning against Adversarial Attacks** | Defense | Graph Classification, Graph Matching | GNNs | ICML 2021 | [Link](http:\u002F\u002Fproceedings.mlr.press\u002Fv139\u002Fzhao21e.html) | |\n| 2021 | **Integrated Defense for Resilient Graph Matching** | Defense | Graph Matching | Graph Matching Algs | ICML 2021 | [Link](http:\u002F\u002Fproceedings.mlr.press\u002Fv139\u002Fren21c\u002Fren21c.pdf) | |\n| 2021 | **NetFense: Adversarial Defenses against Privacy Attacks on Neural Networks for Graph Data** | Defense | Privacy Protection | GNNs | TKDE | [Link](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F9448513) | |\n| 2021 | **Stability of graph convolutional neural networks to stochastic perturbations** | Defense | Robustness Certification | GNNs | Signal Processing | [Link](https:\u002F\u002Fwww.sciencedirect.com\u002Fscience\u002Farticle\u002Fabs\u002Fpii\u002FS0165168421002541) | |\n| 2021 | **DeepInsight: Interpretability Assisting Detection of Adversarial Samples on Graphs** | Defense | Node Classification | GNNs | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2106.09501) | |\n| 2021 | **Improving Robustness of Graph Neural Networks with Heterophily-Inspired Designs** | Defense | Node Classification | GNNs | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2106.07767) | |\n| 2021 | **Understanding Structural Vulnerability in Graph Convolutional Networks** | Defense | Node Classification | GNNs | IJCAI 2021 | [Link](cs.emory.edu\u002F~jyang71\u002Ffiles\u002Frpgcn.pdf) | [Link](https:\u002F\u002Fgithub.com\u002FEdisonLeeeee\u002FMedianGCN) |\n| 2021 | **Certified Robustness of Graph Neural Networks against Adversarial Structural Perturbation** | Defense | Robustness Certification | GNNs | KDD 2021 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2008.10715) | |\n| 2021 | **Unveiling Anomalous Nodes Via Random Sampling and Consensus on Graphs** | Defense | Anomaly Detection | Anomaly Detection Algs | ICASSP 2021 | [Link](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F9414953) | |\n| 2021 | **Graph Sanitation with Application to Node Classification** | Defense | Node Classification | GNNs | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fpdf\u002F2105.09384.pdf) | |\n| 2021 | **Robust Network Alignment via Attack Signal Scaling and Adversarial Perturbation Elimination** | Defense | Network Alignment | Network Alignment Algorithms | WWW 2021 | [Link](http:\u002F\u002Feng.auburn.edu\u002Fusers\u002Fyangzhou\u002Fpapers\u002FRNA.pdf) | |\n| 2021 | **Information Obfuscation of Graph Neural Networks** | Defense | Recommender System, Knowledge Graph, Quantum Chemistry | GNNs | ICML 2021 | [Link](https:\u002F\u002Farxiv.org\u002Fpdf\u002F2009.13504.pdf) | [Link](https:\u002F\u002Fgithub.com\u002Fliaopeiyuan\u002FGAL) |\n| 2021 | **Graph Embedding for Recommendation against Attribute Inference Attacks** | Defense | Recommender System | GCN | WWW 2021 | [Link](https:\u002F\u002Farxiv.org\u002Fpdf\u002F2101.12549.pdf) | |\n| 2021 | **Spatio-Temporal Sparsification for General Robust Graph Convolution Networks** | Defense | Node Classification | GCN | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2103.12256) | |\n| 2021 | **Detection and Defense of Topological Adversarial Attacks on Graphs** | Defense | Node Classification | GCN | AISTATS 2021 | [Link](http:\u002F\u002Fproceedings.mlr.press\u002Fv130\u002Fzhang21i.html) | |\n| 2021 | **Robust graph convolutional networks with directional graph adversarial training** | Defense | Node Classification | GCN | Applied Intelligence | [Link](https:\u002F\u002Flink.springer.com\u002Farticle\u002F10.1007\u002Fs10489-021-02272-y) | |\n| 2021 | **Interpretable Stability Bounds for Spectral Graph Filters** | Defense | Robustness Certification | Spectral Graph Filter | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2102.09587) | |\n| 2021 | **Personalized privacy protection in social networks through adversarial modeling** | Defense | Privacy Protection | GCN | AAAI 2021 | [Link](https:\u002F\u002Fwww.cs.uic.edu\u002F~elena\u002Fpubs\u002Fbiradar-ppai21.pdf) | |\n| 2021 | **Node Similarity Preserving Graph Convolutional Networks** | Defense | Node Classification | GNNs | WSDM 2021 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2011.09643) | [Link](https:\u002F\u002Fgithub.com\u002FChandlerBang\u002FSimP-GCN) |\n\n### Defense Papers 2020 [[Back to Top](#graph-adversarial-learning-literature)]\n\n| Year | Title | Type | Target Task | Target Model | Venue | Paper | Code |\n| ---- | ------------------------------------------------------------ | ------- | ---------------------------------------- | ------------------------------------------- | -------------------- | ------------------------------------------------------------ | ------------------------------------------------------------ |\n| 2020 | **Graph Stochastic Neural Networks for Semi-supervised Learning** | Defense | Node Classification | GNNs | NeurIPS 2020 | [Link](https:\u002F\u002Fpapers.nips.cc\u002Fpaper\u002F2020\u002Ffile\u002Fe586a4f55fb43a540c2e9dab45e00f53-Paper.pdf) | [Link](https:\u002F\u002Fgithub.com\u002FGSNN\u002FGSNN) |\n| 2020 | **Smoothing Adversarial Training for GNN** | Defense | Node Classification, Community Detection | GCN | IEEE TCSS | [Link](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F9305289?casa_token=fTXIL3hT1yIAAAAA:I4fn-GlF0PIwzPRC87SayRi5_pi2ZDDuSancEsY96A4O4bUBEsp0hSYMNJVGVzMgBWxycYN9qu6D) | |\n| 2020 | **Unsupervised Adversarially-Robust Representation Learning on Graphs** | Defense | Node Classification | GNNs | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2012.02486) | |\n| 2020 | **AANE: Anomaly Aware Network Embedding For Anomalous Link Detection** | Defense | Node Classification | GNNs | ICDM 2020 | [Link](https:\u002F\u002Fieeexplore.ieee.org\u002Fdocument\u002F9338406) | |\n| 2020 | **Provably Robust Node Classification via Low-Pass Message Passing** | Defense | Anomaly Detection | GNNs | ICDM 2020 | [Link](https:\u002F\u002Fshenghua-liu.github.io\u002Fpapers\u002Ficdm2020-provablerobust.pdf) | |\n| 2020 | **Learning to Drop: Robust Graph Neural Network via Topological Denoising** | Defense | Node Classification | GNNs | WSDM 2021 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2011.07057) | [Link](https:\u002F\u002Fgithub.com\u002Fflyingdoog\u002FPTDNet) |\n| 2020 | **Robust Android Malware Detection Based on Attributed Heterogenous Graph Embedding** | Defense | Malware Detection | Heterogeneous Information Network Embedding | FCS 2020 | [Link](https:\u002F\u002Flink.springer.com\u002Fchapter\u002F10.1007\u002F978-981-15-9739-8_33) | |\n| 2020 | **Adversarial Detection on Graph Structured Data** | Defense | Graph Classification | GNNs | PPMLP 2020 | [Link](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3411501.3419424) | |\n| 2020 | **On the Stability of Graph Convolutional Neural Networks under Edge Rewiring** | Defense | Robustness Certification | GNNs | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2010.13747) | |\n| 2020 | **Collective Robustness Certificates** | Defense | Robustness Certification | GNNs | ICLR 2021 | [Link](https:\u002F\u002Fopenreview.net\u002Fforum?id=ULQdiUTHe3y) | |\n| 2020 | **Towards Robust Graph Neural Networks against Label Noise** | Defense | Node Classification | GNNs | ICLR 2021 OpenReview | [Link](https:\u002F\u002Fopenreview.net\u002Fforum?id=H38f_9b90BO) | |\n| 2020 | **Certifying Robustness of Graph Laplacian Based Semi-Supervised Learning** | Defense | Robustness Certification | GNNs | ICLR 2021 OpenReview | [Link](https:\u002F\u002Fopenreview.net\u002Fforum?id=cQyybLUoXxc) | |\n| 2020 | **Graph Adversarial Networks: Protecting Information against Adversarial Attacks** | Defense | Node Attribute Inference | GNNs | ICLR 2021 OpenReview | [Link](https:\u002F\u002Fopenreview.net\u002Fforum?id=Q8ZdJahesWe) | |\n| 2020 | **Ricci-GNN: Defending Against Structural Attacks Through a Geometric Approach** | Defense | Node Classification | GNNs | ICLR 2021 OpenReview | [Link](https:\u002F\u002Fopenreview.net\u002Fforum?id=_qoQkWNEhS) | |\n| 2020 | **Graph Contrastive Learning with Augmentations** | Defense | Node Classification | GNNs | NeurIPS 2020 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2010.13902) | [Link](https:\u002F\u002Fgithub.com\u002FShen-Lab\u002FGraphCL) |\n| 2020 | **Graph Information Bottleneck** | Defense | Node Classification | GNNs | NeurIPS 2020 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2010.12811) | [Link](https:\u002F\u002Fgithub.com\u002Fsnap-stanford\u002FGIB) |\n| 2020 | **Certified Robustness of Graph Convolution Networks for Graph Classification under Topological Attacks** | Defense | Graph Classification | GCN | NeurIPS 2020 | [Link](https:\u002F\u002Fwww.cs.uic.edu\u002F~zhangx\u002Fpapers\u002FJinetal20.pdf) | [Link](https:\u002F\u002Fgithub.com\u002FRobustGraph\u002FRoboGraph) |\n| 2020 | **Reliable Graph Neural Networks via Robust Aggregation** | Defense | Node Classification | GNNs | NeurIPS 2020 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2010.15651) | [Link](https:\u002F\u002Fgithub.com\u002Fsigeisler\u002Freliable_gnn_via_robust_aggregation) |\n| 2020 | **Graph Random Neural Networks for Semi-Supervised Learning on Graphs** | Defense | Node Classification | GCN | NeurIPS 2020 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2005.11079) | [Link](https:\u002F\u002Fgithub.com\u002FGrand20\u002Fgrand) |\n| 2020 | **Variational Inference for Graph Convolutional Networks in the Absence of Graph Data and Adversarial Settings** | Defense | Node Classification | GCN | NeurIPS 2020 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F1906.01852) | [Link](https:\u002F\u002Fgithub.com\u002Febonilla\u002FVGCN) |\n| 2020 | **GNNGuard: Defending Graph Neural Networks against Adversarial Attacks** | Defense | Node Classification | GNNs | NeurIPS 2020 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2006.08149) | [Link](https:\u002F\u002Fgithub.com\u002Fmims-harvard\u002FGNNGuard) |\n| 2020 | **A Feature-Importance-Aware and Robust Aggregator for GCN** | Defense | Node Classification Graph Classification | GNNs | CIKM 2020 | [Link](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3340531.3411983) | [Link](https:\u002F\u002Fgithub.com\u002FLiZhang-github\u002FLA-GCN) |\n| 2020 | **Uncertainty-Matching Graph Neural Networks to Defend Against Poisoning Attacks** | Defense | Node Classification | GNNs | AAAI 2021 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2009.14455) | |\n| 2020 | **Cross Entropy Attack on Deep Graph Infomax** | Defense | Node Classification | DGI | IEEE ISCAS | [Link](https:\u002F\u002Fieeexplore.ieee.org\u002Fdocument\u002F9180817) | |\n| 2020 | **RoGAT: a robust GNN combined revised GAT with adjusted graphs** | Defense | Node Classification | GNNs | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2009.13038) | |\n| 2020 | **A Novel Defending Scheme for Graph-Based Classification Against Graph Structure Manipulating Attack** | Defense | Node Classification | MRF | SocialSec | [Link](https:\u002F\u002Flink.springer.com\u002Fchapter\u002F10.1007\u002F978-981-15-9031-3_26) | |\n| 2020 | **Uncertainty-aware Attention Graph Neural Network for Defending Adversarial Attacks** | Defense | Node Classification | GNNs | AAAI 2021 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2009.10235) | |\n| 2020 | **Certified Robustness of Graph Classification against Topology Attack with Randomized Smoothing** | Defense | Graph Classification | GCB | IEEE GLOBECOM 2020 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2009.05872) | |\n| 2020 | **Adversarial Immunization for Improving Certifiable Robustness on Graphs** | Defense | Node Classification | GNNs | WSDM 2021 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2007.09647) | |\n| 2020 | **Robust Collective Classification against Structural Attacks** | Defense | Node Classification | Associative Markov Networks | UAI 2020 | [Link](http:\u002F\u002Fwww.auai.org\u002Fuai2020\u002Fproceedings\u002F119_main_paper.pdf) | |\n| 2020 | **Enhancing Robustness of Graph Convolutional Networks via Dropping Graph Connections** | Defense | Node Classification | GCN | Preprint | [Link](https:\u002F\u002Ffaculty.ist.psu.edu\u002Fwu\u002Fpapers\u002FDropCONN.pdf) | |\n| 2020 | **Robust Training of Graph Convolutional Networks via Latent Perturbation** | Defense | Node Classification | GCN | ECML-PKDD 2020 | [Link](https:\u002F\u002Fwww.cs.uic.edu\u002F~zhangx\u002Fpapers\u002FJinZha20.pdf) | |\n| 2020 | **Backdoor Attacks to Graph Neural Networks** | Defense | Graph Classification | GNNs | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2006.11165) | |\n| 2020 | **DefenseVGAE: Defending against Adversarial Attacks on Graph Data via a Variational Graph Autoencoder** | Defense | Node Classification | GNNs | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2006.08900) | [Link](https:\u002F\u002Fgithub.com\u002Fzhangao520\u002Fdefense-vgae) |\n| 2020 | **Robust Spammer Detection by Nash Reinforcement Learning** | Defense | Fraud Detection | Graph-based Fraud Detector | KDD 2020 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2006.06069) | [Link](https:\u002F\u002Fgithub.com\u002FYingtongDou\u002FNash-Detect) |\n| 2020 | **Certifiable Robustness of Graph Convolutional Networks under Structure Perturbations** | Defense | Robustness Certification | GCN | KDD 2020 | [Link](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3394486.3403217) | [Link](https:\u002F\u002Fgithub.com\u002Fdanielzuegner\u002Frobust-gcn-structure) |\n| 2020 | **Efficient Robustness Certificates for Discrete Data: Sparsity-Aware Randomized Smoothing for Graphs, Images and More** | Defense | Robustness Certification | GNN | ICML 2020 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2008.12952) | [Link](https:\u002F\u002Fgithub.com\u002Fabojchevski\u002Fsparse_smoothing) |\n| 2020 | **Robust Graph Representation Learning via Neural Sparsification** | Defense | Node Classification | GNN | ICML 2020 | [Link](https:\u002F\u002Fproceedings.icml.cc\u002Fstatic\u002Fpaper_files\u002Ficml\u002F2020\u002F2611-Paper.pdf) | |\n| 2020 | **Graph Structure Learning for Robust Graph Neural Networks** | Defense | Node Classification | GCN | KDD 2020 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2005.10203) | [Link](https:\u002F\u002Fgithub.com\u002FDSE-MSU\u002FDeepRobust) |\n| 2020 | **GCN-Based User Representation Learning for Unifying Robust Recommendation and Fraudster Detection** | Defense | Recommender System | GCN | SIGIR 2020 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2005.10150) | |\n| 2020 | **Anonymized GCN: A Novel Robust Graph Embedding Method via Hiding Node Position in Noise** | Defense | Node Classification | GCN | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2005.03482) | |\n| 2020 | **A Robust Hierarchical Graph Convolutional Network Model for Collaborative Filtering** | Defense | Recommender System | GCN | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2004.14734) | |\n| 2020 | **On The Stability of Polynomial Spectral Graph Filters** | Defense | Graph Property | Spectral Graph Filter | ICASSP 2020 | [Link](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F9054072) | [Link](https:\u002F\u002Fgithub.com\u002Fhenrykenlay\u002Fspgf) |\n| 2020 | **On the Robustness of Cascade Diffusion under Node Attacks** | Defense | Influence Maximization | IC Model | WWW 2020 Workshop | [Link](https:\u002F\u002Fwww.cs.au.dk\u002F~karras\u002FrobustIC.pdf) | [Link](https:\u002F\u002Fgithub.com\u002Fallogn\u002Frobustness) |\n| 2020 | **Friend or Faux: Graph-Based Early Detection of Fake Accounts on Social Networks** | Defense | Fraud Detection | Graph-based Fraud Detectors | WWW 2020 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2004.04834) | |\n| 2020 | **Tensor Graph Convolutional Networks for Multi-relational and Robust Learning** | Defense | Node Classification | GCN | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2003.07729) | |\n| 2020 | **Adversary for Social Good: Protecting Familial Privacy through Joint Adversarial Attacks** | Defense | Node Classification | Privacy Protection | AAAI 2020 | [Link](https:\u002F\u002Fojs.aaai.org\u002F\u002Findex.php\u002FAAAI\u002Farticle\u002Fview\u002F6791) | |\n| 2020 | **Improving the Robustness of Wasserstein Embedding by Adversarial PAC-Bayesian Learning** | Defense | Robustness Certification | Wasserstein Embedding | AAAI 2020 | [Link](http:\u002F\u002Fstaff.ustc.edu.cn\u002F~hexn\u002Fpapers\u002Faaai20-adversarial-embedding.pdf) | |\n| 2020 | **Adversarial Perturbations of Opinion Dynamics in Networks** | Defense | Manipulating Opinion | Graph Model | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2003.07010) | |\n| 2020 | **Topological Effects on Attacks Against Vertex Classification** | Defense | Node Classification | GCN | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2003.05822) | |\n| 2020 | **Towards an Efficient and General Framework of Robust Training for Graph Neural Networks** | Defense | Node Classification | GCN | ICASSP 2020 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2002.10947) | |\n| 2020 | **Certified Robustness of Community Detection against Adversarial Structural Perturbation via Randomized Smoothing** | Defense | Community Detection | Community Detection Algs | WWW 2020 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F2002.03421) | |\n| 2020 | **Data Poisoning Attacks on Graph Convolutional Matrix Completion** | Defense | Recommender System | GCMC | ICA3PP 2019 | [Link](https:\u002F\u002Flink.springer.com\u002Fchapter\u002F10.1007\u002F978-3-030-38961-1_38) | |\n\n### Defense Papers 2019 [[Back to Top](#graph-adversarial-learning-literature)]\n\n| Year | Title | Type | Target Task | Target Model | Venue | Paper | Code |\n| ---- | ------------------------------------------------------------ | ------- | ----------------------------------- | ------------------------- | ----------------- | ------------------------------------------------------------ | ------------------------------------------------------------ |\n| 2019 | **How Robust Are Graph Neural Networks to Structural Noise?** | Defense | Node Structural Identity Prediction | GIN | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F1912.10206) | |\n| 2019 | **GraphDefense: Towards Robust Graph Convolutional Networks** | Defense | Node Classification | GCN | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F1911.04429) | |\n| 2019 | **All You Need is Low (Rank): Defending Against Adversarial Attacks on Graphs** | Defense | Node Classification | GCN, Tensor Embedding | WSDM 2020 | [Link](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3336191.3371789) | [Link](https:\u002F\u002Fgithub.com\u002FDSE-MSU\u002FDeepRobust) |\n| 2019 | **αCyber: Enhancing Robustness of Android Malware Detection System against Adversarial Attacks on Heterogeneous Graph based Model** | Defense | Malware Detection | HIN | CIKM 2019 | [Link](https:\u002F\u002Fdl.acm.org\u002Fcitation.cfm?id=3357875) | |\n| 2019 | **Edge Dithering for Robust Adaptive Graph Convolutional Networks** | Defense | Node Classification | GCN | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F1910.09590) | |\n| 2019 | **GraphSAC: Detecting anomalies in large-scale graphs** | Defense | Anomaly Detection | Anomaly Detection Algs | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F1910.09589) | |\n| 2019 | **Certifiable Robustness to Graph Perturbations** | Defense | Robustness Certification | GNN | NeurIPS 2019 | [Link](https:\u002F\u002Fpapers.nips.cc\u002Fpaper\u002F9041-certifiable-robustness-to-graph-perturbations.pdf) | [Link](https:\u002F\u002Fgithub.com\u002Fabojchevski\u002Fgraph_cert) |\n| 2019 | **Power up! Robust Graph Convolutional Network based on Graph Powering** | Defense | Node Classification | GCN | Openreview | [Link](https:\u002F\u002Fopenreview.net\u002Fpdf?id=BkxDxJHFDr) | [Link](https:\u002F\u002Fwww.dropbox.com\u002Fsh\u002Fp36pzx1ock2iamo\u002FAABEr7FtM5nqwC4i9nICLIsta?dl=0) |\n| 2019 | **Adversarial Robustness of Similarity-Based Link Prediction** | Defense | Link Prediction | Local Similarity Metrics | ICDM 2019 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F1909.01432) | |\n| 2019 | **Adversarial Training Methods for Network Embedding** | Defense | Node Classification | DeepWalk | WWW 2019 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F1908.11514) | [Link](https:\u002F\u002Fgithub.com\u002Fwonniu\u002FAdvT4NE_WWW2019) |\n| 2019 | **Transferring Robustness for Graph Neural Network Against Poisoning Attacks** | Defense | Node Classification | GNN | WSDM 2020 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F1908.07558) | [Link](https:\u002F\u002Fgithub.com\u002Ftangxianfeng\u002FPA-GNN) |\n| 2019 | **Improving Robustness to Attacks Against Vertex Classification** | Defense | Node Classification | GCN | KDD Workshop 2019 | [Link](http:\u002F\u002Feliassi.org\u002Fpapers\u002Fbenmiller-mlg2019.pdf) | |\n| 2019 | **Target Defense Against Link-Prediction-Based Attacks via Evolutionary Perturbations** | Defense | Link Prediction | Link Prediction Algs | TKDE | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F1809.05912) | |\n| 2019 | **Latent Adversarial Training of Graph Convolution Networks** | Defense | Node Classification | GCN | LRGSD@ICML | [Link](https:\u002F\u002Fgraphreason.github.io\u002Fpapers\u002F35.pdf) | |\n| 2019 | **Certifiable Robustness and Robust Training for Graph Convolutional Networks** | Defense | Robustness Certification | GCN | KDD 2019 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F1906.12269) | [Link](https:\u002F\u002Fgithub.com\u002Fdanielzuegner\u002Frobust-gcn) |\n| 2019 | **Topology Attack and Defense for Graph Neural Networks: An Optimization Perspective** | Defense | Node Classification | GNN | IJCAI 2019 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F1906.04214) | [Link](https:\u002F\u002Fgithub.com\u002FKaidiXu\u002FGCN_ADV_Train) |\n| 2019 | **Adversarial Examples on Graph Data: Deep Insights into Attack and Defense** | Defense | Node Classification | GCN | IJCAI 2019 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F1903.01610) | [Link](https:\u002F\u002Fgithub.com\u002FDSE-MSU\u002FDeepRobust) |\n| 2019 | **Adversarial Defense Framework for Graph Neural Network** | Defense | Node Classification | GCN, GraphSAGE | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F1905.03679) | |\n| 2019 | **Investigating Robustness and Interpretability of Link Prediction via Adversarial Modifications** | Defense | Link Prediction | Knowledge Graph Embedding | NAACL 2019 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F1905.00563) | |\n| 2019 | **Robust Graph Convolutional Networks Against Adversarial Attacks** | Defense | Node Classification | GCN | KDD 2019 | [Link](http:\u002F\u002Fpengcui.thumedialab.com\u002Fpapers\u002FRGCN.pdf) | [Link](https:\u002F\u002Fgithub.com\u002FDSE-MSU\u002FDeepRobust) |\n| 2019 | **Can Adversarial Network Attack be Defended?** | Defense | Node Classification | GNN | Arxiv | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F1903.05994) | |\n| 2019 | **Virtual Adversarial Training on Graph Convolutional Networks in Node Classification** | Defense | Node Classification | GCN | PRCV 2019 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F1902.11045) | |\n| 2019 | **Batch Virtual Adversarial Training for Graph Convolutional Networks** | Defense | Node Classification | GCN | LRGSD@ICML | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F1902.09192) | |\n| 2019 | **Comparing and Detecting Adversarial Attacks for Graph Deep Learning** | Defense | Node Classification | GCN, GAT, Nettack | RLGM@ICLR 2019 | [Link](https:\u002F\u002Frlgm.github.io\u002Fpapers\u002F57.pdf) | |\n| 2019 | **Graph Adversarial Training: Dynamically Regularizing Based on Graph Structure** | Defense | Node Classification | GCN | TKDE | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F1902.08226) | [Link](https:\u002F\u002Fgithub.com\u002Ffulifeng\u002FGraphAT) |\n\n### Defense Papers 2018 [[Back to Top](#graph-adversarial-learning-literature)]\n\n| Year | Title | Type | Target Task | Target Model | Venue | Paper | Code |\n| ---- | ------------------------------------------------------------ | ------- | -------------------- | ------------- | ---------- | -------------------------------------------------- | ---- |\n| 2018 | **Characterizing Malicious Edges targeting on Graph Neural Networks** | Defense | Detected Added Edges | GNN, GCN | OpenReview | [Link](https:\u002F\u002Fopenreview.net\u002Fforum?id=HJxdAoCcYX) | |\n| 2018 | **PeerNets: Exploiting Peer Wisdom Against Adversarial Attacks** | Defense | Image Classification | LeNet, ResNet | ICLR 2019 | [Link](https:\u002F\u002Farxiv.org\u002Fabs\u002F1806.00088) | |\n\n","\u003Cdiv align=\"center\">\n \u003Ch1>超棒的图对抗学习文献列表\u003C\u002Fh1>\n \u003Ca href=\"https:\u002F\u002Fawesome.re\">\u003Cimg src=\"https:\u002F\u002Fawesome.re\u002Fbadge.svg\"\u002F>\u003C\u002Fa>\n \u003Ca href=\"http:\u002F\u002Fmakeapullrequest.com\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FPRs-welcome-brightgreen.svg?style=flat-square\"\u002F>\u003C\u002Fa>\n\u003C\u002Fdiv>\n\n这是一份精心整理的关于图结构数据上对抗攻击与防御相关论文的列表。\n\n论文按照上传日期降序排列。\n\n如果您想添加新的条目,请遵循相同格式提交 Pull Request。\n\n本列表是对下方综述文章的补充。\n\n[**图数据上的对抗攻击与防御:综述** ](https:\u002F\u002Farxiv.org\u002Fabs\u002F1812.10528) **(2022年10月更新,已回顾超过110篇论文)。**\n\n- ArXiv版本(最新)\n\n```bibtex\n@article{sun2018adversarial,\n title={Adversarial Attack and Defense on Graph Data: A Survey},\n author={Sun, Lichao and Dou, Yingtong and Yang, Carl and Kai Zhang and Wang, Ji and Yixin Liu and Yu, Philip S. and He, Lifang and Li, Bo},\n journal={arXiv preprint arXiv:1812.10528},\n year={2018}\n}\n```\n\n- TKDE版本\n\n```bibtex\n@article{sun2022adversarial,\n title={Adversarial attack and defense on graph data: A survey},\n author={Sun, Lichao and Dou, Yingtong and Yang, Carl and Zhang, Kai and Wang, Ji and Philip, S Yu and He, Lifang and Li, Bo},\n journal={IEEE Transactions on Knowledge and Data Engineering},\n year={2022},\n publisher={IEEE}\n}\n```\n\n如果您觉得这个仓库很有帮助,请引用上述综述文章。\n\n## 如何搜索?\n\n您可以在网页中搜索会议名称(如 ```NeurIPS```)、任务名称(如 ```链接预测```)、模型名称(如 ```DeepWalk```)或方法名称(如 ```鲁棒性```)等关键词,以快速找到相关论文。\n\n## 快速链接\n\n**按年份排序的攻击论文:** | [2023年](#attack-papers-2023-back-to-top) | [2022年](#attack-papers-2022-back-to-top) | [2021年](#attack-papers-2021-back-to-top) | [2020年](#attack-papers-2020-back-to-top) | [2019年](#attack-papers-2019-back-to-top) | [2018年](#attack-papers-2018-back-to-top) | [2017年](#attack-papers-2017-back-to-top) |\n\n**按年份排序的防御论文:** | [2023年](#defense-papers-2023-back-to-top) | [2022年](#defense-papers-2022-back-to-top) | [2021年](#defense-papers-2021-back-to-top) | [2020年](#defense-papers-2020-back-to-top) | [2019年](#defense-papers-2019-back-to-top) | [2018年](#defense-papers-2018-back-to-top) |\n\n## 攻击\n\n### 2023年攻击论文 [[回到顶部](#graph-adversarial-learning-literature)]\n\n| 年份 | 标题 | 类型 | 目标任务 | 目标模型 | 出处 | 论文 | 代码 |\n| ---- | ------------------------------------------------------------ | ------ | ----------------------------------------------- | ------------------------------------------------------------ | ------------------------------------------------------- | ------------------------------------------------------------ | ------------------------------------------------------------ |\n | 2023 | **重新审视图机器学习中的鲁棒性**| 攻击 | 节点分类 | GCN、SGC、APPNP、GAT、GATv2、GraphSAGE、LP | ICLR'23 | [链接](https:\u002F\u002Farxiv.org\u002Fpdf\u002F2305.00851.pdf) | [链接](https:\u002F\u002Fgithub.com\u002Fsaper0\u002Frevisiting_robustness)|\n | 2023 | **针对图神经网络的隐蔽后门攻击**| 攻击 | 节点分类、图分类 | GCN、GraphSage 和 GAT | ArXiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2303.01263) | [链接](https:\u002F\u002Fgithub.com\u002Fventr1c\u002FUGBA)\n | 2023 | **通过操纵新闻社交互动攻击假新闻检测器** | 攻击 | 假新闻检测| GAT、GCN 和 GraphSAGE) | WWW'23 | [链接](https:\u002F\u002Farxiv.org\u002Fpdf\u002F2302.07363.pdf) | [链接](https:\u002F\u002Fgithub.com\u002Fhwang219\u002FAttackFakeNews)\n | 2023 | **HyperAttack:基于多梯度引导的白盒超图神经网络对抗结构攻击** | 攻击 | 节点分类 | HGNNs | ArXiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2302.12407) | \n | 2023 | **化优势为劣势:一种受认证鲁棒性启发的图神经网络对抗框架** | 攻击 | 节点分类 | GCN | CVPR'23 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2303.06199) | \n| 2023 | **社会公益的对手方:利用属性混淆攻击保护社交网络用户隐私** | 攻击 | 社交网络中的属性保护 | GNNs | SecureComm 2022 | [链接](https:\u002F\u002Flink.springer.com\u002Fchapter\u002F10.1007\u002F978-3-031-25538-0_37) | |\n| 2023 | **节点注入用于特定类别的网络投毒** | 攻击 | 节点分类 | GCN | arXiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2301.12277) | [链接](https:\u002F\u002Fgithub.com\u002Frahulk207\u002Fnicki) |\n| 2023 | **GUAP:通过对抗补丁进行的图通用攻击** | 攻击 | 节点分类 | GCN | arXiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2301.01731) | [链接](https:\u002F\u002Fanonymous.4open.science\u002Fr\u002Fffd4fad9-367f-4a2a-bc65-1a7fe23d9d7f\u002F) |\n\n### 2022年攻击论文 [[回到顶部](#graph-adversarial-learning-literature)]\n\n| 年份 | 标题 | 类型 | 目标任务 | 目标模型 | 场所 | 论文 | 代码 |\n| ---- | ------------------------------------------------------------ | ------ | ----------------------------------------------- | ------------------------------------------------------------ | ------------------------------------------------------- | ------------------------------------------------------------ | ------------------------------------------------------------ |\n| 2022 | **GANI:通过不可察觉的节点注入对图神经网络的全局攻击** | 攻击 | 节点分类 | GCN\u002FSGC\u002FJaccard\u002FSimPGCN | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2210.12598) | |\n| 2022 | **基元后门:通过基元重新思考图神经网络上的后门攻击** | 攻击 | 图分类 | GCN\u002FSAGPool\u002FGIN\u002F | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2210.13710) | |\n| 2022 | **通过梯度去偏实现无目标图结构攻击中的合理预算分配** | 攻击 | 节点分类 | GCN\u002FGAT\u002FGraphSAGE | NeurIPS 2022 | [链接](https:\u002F\u002Fopenreview.net\u002Fforum?id=vkGk2HI8oOP) | [链接](https:\u002F\u002Fgithub.com\u002FZihan-Liu-00\u002FGraD--NeurIPS22) |\n| 2022 | **针对离散时间动态图模型的不可察觉对抗攻击** | 攻击 | 动态链接预测\u002F节点分类 | GC-LSTM\u002FEVOLVEGCN\u002FDYSAT | NeurIPS 2022 Workshop TGL | [链接](https:\u002F\u002Fopenreview.net\u002Fforum?id=YMrdoXP3x_A) | |\n| 2022 | **A2S2-GNN:通过有向社交网络中的对抗攻击操纵基于GNN的社会地位** | 攻击 | 无符号或无向图中的分类 | GNNs | IEEE信息安全与取证汇刊 | [链接](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F9936655) | |\n| 2022 | **让图成为围棋棋盘:基于强化学习的无梯度节点注入攻击用于图神经网络** | 攻击 | 节点分类 | GCN\u002FSGC\u002FGAT\u002FAPPNP | AAAI23 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2211.10782) | [链接](https:\u002F\u002Fgithub.com\u002Fjumxglhf\u002FG2A2C) |\n| 2022 | **QuerySnout:自动化发现针对基于查询系统的属性推断攻击** | 攻击 | 基于查询系统的属性推断 | Diffix\u002FTableBuilder\u002FSimpleQBS | CCS 2022 | [链接](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3548606.3560581) | [链接](https:\u002F\u002Fgithub.com\u002Fcomputationalprivacy\u002Fquerysnout) |\n| 2022 | **图神经网络的防御措施是否鲁棒?** | 攻击 | 节点分类 | GNN、GCN、Jaccard GCN、SVD GCN、GNNGuard、RGCN、ProGNN、GRAND、Soft Median GDC | NeurIPS 2022 | [链接](https:\u002F\u002Fwww.cs.cit.tum.de\u002Fdaml\u002Fare-gnn-defenses-robust\u002F) | [链接](https:\u002F\u002Fgithub.com\u002FLoadingByte\u002Fare-gnn-defenses-robust) |\n| 2022 | **利用生成式代理攻击毒害基于GNN的推荐系统** | 攻击 | 推广\u002F推荐\u002F再生产 | GNN | ACM TIS | [链接](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3567420) | |\n| 2022 | **应对不均衡性:关于图基攻击与防御的更深入见解** | 攻击 | 集合覆盖问题 | GCN、RGCN、GCN-Jaccard、Pro-GNN | 机器学习 | [链接](https:\u002F\u002Flink.springer.com\u002Farticle\u002F10.1007\u002Fs10994-022-06234-4) | |\n| 2022 | **针对鲁棒图神经网络的成员推理攻击** | 攻击 | 成员推理 | GCN | CSS 2022 | [链接](https:\u002F\u002Flink.springer.com\u002Fchapter\u002F10.1007\u002F978-3-031-18067-5_19) | |\n| 2022 | **图神经网络的稀疏恶性攻击** | 攻击 | 链接预测 | GNN | arXiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2209.09688) | [链接](https:\u002F\u002Fgithub.com\u002FGiovanniTRA\u002FSAVAGE) |\n| 2022 | **针对图神经网络的模型反演攻击** | 攻击 | 节点分类 | GCN、GAT和GraphSAGE | TKDE | [链接](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F9895303\u002F) | [链接](https:\u002F\u002Fgithub.com\u002Fzaixizhang\u002FGraphMI) |\n| 2022 | **面向半监督节点分类的图神经网络探索性对抗攻击** | 攻击 | 半监督节点分类 | GNN | 模式识别 | [链接](https:\u002F\u002Fwww.sciencedirect.com\u002Fscience\u002Farticle\u002Fpii\u002FS0031320322005222) | |\n| 2022 | **组间链接注入对抗攻击降低图神经网络的公平性** | 攻击 | 节点分类 | GNN | IEEE ICDM 2022 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2209.05957) | [链接](https:\u002F\u002Fgithub.com\u002Fmengcao327\u002Fattack-gnn-fairness) |\n| 2022 | **通过合作同质性增强抵御图对抗攻击** | 攻击 | 半监督节点分类 | GNN | ECML PKDD 2022 | [链接](https:\u002F\u002F2022.ecmlpkdd.org\u002Fwp-content\u002Fuploads\u002F2022\u002F09\u002Fsub_938.pdf) | |\n| 2022 | **在攻击图结构时,梯度能告诉我们什么** | 攻击 | 节点分类 | GCN、GraphSage和H2GCN | arXiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2208.12815) | |\n| 2022 | **图上的鲁棒节点分类:结合贝叶斯标签转移与拓扑标签传播** | 攻击 | 节点分类 | GNNs | CIKM 2022 | [链接](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3511808.3557437) | [链接](https:\u002F\u002Fgithub.com\u002Fjunzhuang-code\u002FLInDT) |\n| 2022 | **重新审视基于GNN的协同过滤中的物品推广:一种掩码式定向拓扑攻击视角** | 攻击 | 协同过滤 | LightGCN | arXiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2208.09979) | |\n| 2022 | **链接后门:通过节点注入进行的链接预测后门攻击** | 攻击 | 链接预测 | GAE、VGAE、GIC、ARGA、ARVGA | arXiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2208.06776) | [链接](https:\u002F\u002Fgithub.com\u002FSeaocn\u002FLink-Backdoor) |\n| 2022 | **通过扰动谱距离进行图结构攻击** | 攻击 | 节点分类 | 双层GCN | KDD 2022 | [链接](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3534678.3539435) | |\n| 2022 | **在灰盒攻击中,图结构上的梯度是否可靠?** | 攻击 | 节点分类任务 | GraphSage | CIKM 2022 | [链接](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3511808.3557238) | |\n| 2022 | **图上节点注入攻击的对抗伪装** | 攻击 | 半监督信息检索任务 | GNNs | arXiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2208.01819) | |\n| 2022 | **CLUSTER ATTACK:基于图依赖先验的图上查询式对抗攻击** | 攻击 | 节点分类 | GNNs | IJCAI 2022 | [链接](https:\u002F\u002Fwww.ijcai.org\u002Fproceedings\u002F2022\u002F0108.pdf) | |\n| 2022 | **使用具有对抗防御的图神经网络进行基于物联网的安卓恶意软件检测** | 攻击 | 恶意软件检测 | GNN | IEEE物联网期刊 | [链接](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F9814995\u002F) | |\n| 2022 | **通过特征解释进行私密图提取** | 攻击 | 节点分类 | 两层GCN | arXiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2206.14724) | |\n| 2022 | **面向签名图中信任预测的秘密感知攻击** | 攻击 | 签名图中的信任预测 | SGCN、SNEA | arXiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2206.13104) | |\n| 2022 | **图神经网络上的伪装中毒攻击** | 攻击 | 节点分类 | GCN | ICMR 2022 | [链接](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3512527.3531373) | |\n| 2022 | **LOKI:针对下一项推荐的实用数据毒害攻击框架** | 攻击 | 下一项推荐 | BPRMF、FPMC、GRU4REC、TransRec | TKDE 2022 | [链接](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F9806383\u002F) | |\n| 2022 | **利用生成式代理攻击毒害基于GNN的推荐系统** | 攻击 | 推广\u002F推荐\u002F再生产 | GNNs | ACM信息系统汇刊 2022 | [链接](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3567420) | |\n| 2022 | **可迁移的图后门攻击** | 攻击 | 图分类 | GNNs | RAID 2022 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2207.00425) | |\n| 2022 | **集群攻击:基于图依赖先验的图上查询式对抗攻击** | 攻击 | 节点分类 | GNNs | IJCAI 2022 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2109.13069) | [链接](https:\u002F\u002Fgithub.com\u002Fthuwzy\u002FCluster-Attack) |\n| 2022 | **基于图的异常检测的对抗鲁棒性** | 攻击 | 异常检测 | GNNs | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2206.08260) | |\n| 2022 | **知识有限条件下图嵌入模型的对抗攻击框架** | 攻击 | 节点分类 | GNNs | 预印本 | [链接](https:\u002F\u002Fwww.researchgate.net\u002Fpublication\u002F351901618_Adversarial_Attack_Framework_on_Graph_Embedding_Models_with_Limited_Knowledge) | |\n| 2022 | **标签特异性攻击:按我的意愿更改你的标签** | 攻击 | 节点分类 | GNNs | IJIS | [链接](https:\u002F\u002Fonlinelibrary.wiley.com\u002Fdoi\u002Ffull\u002F10.1002\u002Fint.22902) | |\n| 2022 | **为基于结构扰动的黑盒图神经网络攻击提供理论保证的带兵法** | 攻击 | 节点分类 | GNNs | CVPR 2022 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2205.03546) | [链接](https:\u002F\u002Fgithub.com\u002FMetaoblivion\u002FBandit_GNN_Attack) |\n| 2022 | **AdverSparse:深度时空图神经网络的对抗攻击框架** | 攻击 | 时空图嵌入 | 深度时空GNNs | ICASSP 2022 | [链接](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F9747850) | |\n| 2022 | **基于投影排名的GNN规避攻击** | 攻击 | 图分类 | GNNs | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2202.12993) | |\n| 2022 | **攻击社区检测器:通过操纵图结构误导检测器** | 攻击 | 社区检测 | 社区检测算法、GNNs | MobiCASE 2021 | [链接](https:\u002F\u002Flink.springer.com\u002Fchapter\u002F10.1007\u002F978-3-030-99203-3_8) | |\n| 2022 | **利用假节点对图卷积网络的定向通用攻击** | 攻击 | 节点分类 | GCN | Neural Processing Letters | [链接](https:\u002F\u002Flink.springer.com\u002Farticle\u002F10.1007\u002Fs11063-022-10764-2) | [链接](https:\u002F\u002Fgithub.com\u002FNanyuu\u002FTUA) |\n| 2022 | **为灰盒图对抗攻击采用等距映射的代理表示学习** | 攻击 | 节点分类 | GNNs | WSDM 2022 | [链接](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002F10.1145\u002F3488560.3498481) | |\n| 2022 | **图神经网络的黑盒节点注入攻击** | 攻击 | 节点分类 | GCN | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2202.09389) | [链接](https:\u002F\u002Fgithub.com\u002Fjumxglhf\u002FGA2C) |\n| 2022 | **通过提升隐蔽性来理解与改进图注入攻击** | 攻击 | 节点分类 | GNNs | ICLR 2022 | [链接](https:\u002F\u002Fopenreview.net\u002Fforum?id=wkMG8cdvh7-) | [链接](https:\u002F\u002Fgithub.com\u002FLFhase\u002FGIA-HAO) |\n| 2022 | **通过对比损失反向传播进行无监督图毒害攻击** | 攻击 | 节点分类、链接预测 | GCN | WWW 2022 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2201.07986) | [链接](https:\u002F\u002Fgithub.com\u002FRinneSz\u002FCLGA) |\n| 2022 | **图卷积网络的邻近后门攻击** | 攻击 | 节点分类 | GCN | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2201.06202) | |\n| 2022 | **针对基于图的谣言检测的可解释且有效的强化学习攻击** | 攻击 | 谣言检测 | RGCN | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2201.05819) | |\n\n### 2021年攻击相关论文 [[返回顶部](#图神经网络对抗学习文献)]\n\n| 年份 | 标题 | 类型 | 目标任务 | 目标模型 | 会议\u002F期刊名称 | 论文 | 代码 |\n| ---- | ------------------------------------------------------------ | ------ | ---------------------------------------------------------- | ------------------------------------ | ----------------------------------- | ------------------------------------------------------------ | ------------------------------------------------------------ |\n| 2021 | **与任务和模型无关的图神经网络对抗攻击** | 攻击 | 节点分类 | 图神经网络 | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2112.13267) | |\n| 2021 | **针对归纳式图神经网络的模型窃取攻击** | 攻击 | 节点分类、模型窃取 | 图神经网络 | IEEE S&P 2022 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2112.08331) | [链接](https:\u002F\u002Fgithub.com\u002Fxinleihe\u002FGNNStealing) |\n| 2021 | **隐秘网络成员如何隐藏其领导者的身份** | 攻击 | 隐秘网络领导者检测 | 中心性度量 | ACM TIST 2021 | [链接](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Ffull\u002F10.1145\u002F3490462) | |\n| 2021 | **将成员推理攻击适配到用于图分类的图神经网络:方法与影响** | 攻击 | 图分类 | 图神经网络 | ICDM 2021 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2110.08760) | [链接](https:\u002F\u002Fgithub.com\u002FTrustworthyGNN\u002FMIA-GNN\u002F) |\n| 2021 | **基于谱距离的图结构攻击** | 攻击 | 节点分类 | GCN | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2111.00684) | |\n| 2021 | **针对基于图的安卓恶意软件检测的结构攻击** | 攻击 | 恶意软件检测 | 基于图的安卓恶意软件检测器 | CCS 2021 | [链接](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3460120.3485387) | |\n| 2021 | **通过实例归因方法对知识图嵌入的对抗攻击** | 攻击 | 知识图嵌入 | 知识图嵌入模型 | EMNLP 2021 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2111.03120) | [链接](https:\u002F\u002Fgithub.com\u002FPeruBhardwaj\u002FAttributionAttack) |\n| 2021 | **针对跨语言知识图对齐的对抗攻击** | 攻击 | 知识图对齐 | 知识图嵌入模型 | EMNLP 2021 | [链接](https:\u002F\u002Faclanthology.org\u002F2021.emnlp-main.432\u002F) | |\n| 2021 | **图鲁棒性基准测试:评估图机器学习的对抗鲁棒性** | 攻击 | 节点分类 | 图神经网络 | NeurIPS 2021 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2111.04314) | [链接](https:\u002F\u002Fgithub.com\u002Fthudm\u002Fgrb) |\n| 2021 | **基于贝叶斯优化的图分类对抗攻击** | 攻击 | 图分类 | 图神经网络 | NeurIPS 2021 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2111.02842) | [链接](https:\u002F\u002Fgithub.com\u002Fxingchenwan\u002Fgrabnel) |\n| 2021 | **大规模图神经网络的鲁棒性** | 攻击 | 节点分类 | 图神经网络 | NeurIPS 2021 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2110.14038) | [链接](https:\u002F\u002Fgithub.com\u002Fsigeisler\u002Frobustness_of_gnns_at_scale) |\n| 2021 | **通过图粗化进行的大规模图神经网络对抗攻击** | 攻击 | 节点分类 | 图神经网络 | ICLR 2022 OpenReview | [链接](https:\u002F\u002Fopenreview.net\u002Fforum?id=NUzrPpDjWp) | |\n| 2021 | **小心你的求解器!关于组合优化的对抗攻击与防御** | 攻击 | 组合优化 | 组合优化求解器 | ICLR 2022 OpenReview | [链接](https:\u002F\u002Fopenreview.net\u002Fforum?id=nKZvpGRdJlG) | |\n| 2021 | **基于bandit算法的黑盒图神经网络结构扰动攻击** | 攻击 | 节点分类 | 图神经网络 | ICLR 2022 OpenReview | [链接](https:\u002F\u002Fopenreview.net\u002Fforum?id=6MFWE6u2b6R) | |\n| 2021 | **利用深度强化学习对基于知识图的推荐系统进行投毒攻击** | 攻击 | 基于知识图的推荐系统 | 图神经网络 | Neural Computing and Applications | [链接](https:\u002F\u002Flink.springer.com\u002Farticle\u002F10.1007\u002Fs00521-021-06573-8) | |\n| 2021 | **FHA:快速启发式攻击对抗图卷积网络** | 攻击 | 节点分类 | 图神经网络 | ICDS 2021 | [链接](https:\u002F\u002Flink.springer.com\u002Fchapter\u002F10.1007\u002F978-3-030-88942-5_12) | |\n| 2021 | **针对图神经网络的推断攻击** | 攻击 | 图\u002F属性推断 | 图神经网络 | USENIX Security 2022 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2110.02631) | [链接](https:\u002F\u002Fgithub.com\u002FZhangzhk0819\u002FGNN-Embedding-Leaks) |\n| 2021 | **Graph-Fraudster:针对基于图神经网络的垂直联邦学习的对抗攻击** | 攻击 | 节点分类、联邦学习 | 图神经网络 | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2110.06468) | |\n| 2021 | **基于查询的图对抗攻击:使用假节点** | 攻击 | 节点分类 | GCN | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2109.13069) | |\n| 2021 | **针对图神经网络的单节点注入攻击** | 攻击 | 节点分类 | 图神经网络 | CIKM 2021 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2108.13049) | [链接](https:\u002F\u002Fgithub.com\u002Ftaoshuchang\u002Fg-nia) |\n| 2021 | **投影排名:一种可迁移的图神经网络规避攻击方法** | 攻击 | 图分类 | GCN | CIKM 2021 | [链接](https:\u002F\u002Fshiruipan.github.io\u002Fpublication\u002Fcikm-21-zhang\u002Fcikm-21-zhang.pdf) | |\n| 2021 | **针对时空图神经网络的空间聚焦攻击** | 攻击 | 时空预测 | 图神经网络 | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2109.04608) | |\n| 2021 | **无导数优化的图卷积网络对抗攻击** | 攻击 | 节点分类 | GCN | PeerJ Computer Science | [链接](https:\u002F\u002Fpeerj.com\u002Farticles\u002Fcs-693\u002F) | |\n| 2021 | **针对图神经网络的硬标签黑盒对抗攻击** | 攻击 | 图分类 | 图神经网络 | CCS 2021 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2108.09513) | |\n| 2021 | **愚弄图神经网络的单节点攻击** | 攻击 | 节点分类 | 图神经网络 | KDD 2021 Workshop | [链接](https:\u002F\u002Fdrive.google.com\u002Ffile\u002Fd\u002F12arm9w6UmvSIzGmaoocdH70czx7RVzGr\u002Fview) | [链接](https:\u002F\u002Fgithub.com\u002Fgnnattack\u002FSINGLE) |\n| 2021 | **联合攻击图神经网络及其解释** | 攻击 | 图神经网络解释 | GNNEXPLAINER、PGExplainer | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2108.03388) | |\n| 2021 | **图k-shell结构在对抗攻击下的鲁棒性** | 攻击 | k-shell值 | k-shell分解 | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2107.13962) | |\n| 2021 | **通过关系推理模式投毒知识图嵌入** | 攻击 | 知识图嵌入 | 知识图嵌入模型 | ACL 2021 | [链接](https:\u002F\u002Faclanthology.org\u002F2021.acl-long.147\u002F) | [链接](https:\u002F\u002Fgithub.com\u002FPeruBhardwaj\u002FInferenceAttack) |\n| 2021 | **Structack:基于结构的图神经网络对抗攻击** | 攻击 | 节点分类 | GCN | ACM Hypertext | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2107.11327) | [链接](https:\u002F\u002Fgithub.com\u002Fsqrhussain\u002Fstructack) |\n| 2021 | **攻击最短路径的最优边权重扰动** | 攻击 | 最短路径 | 最短路径算法 | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fpdf\u002F2107.03347.pdf) | |\n| 2021 | **将图神经网络对抗攻击视为影响力最大化问题** | 攻击 | 节点分类 | 图神经网络 | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2106.10785) | |\n| 2021 | **BinarizedAttack:针对基于图的异常检测的结构投毒攻击** | 攻击 | 异常检测 | 图异常检测算法 | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2106.09989) | |\n| 2021 | **TDGIA:有效的图神经网络注入攻击** | 攻击 | 节点分类 | 图神经网络 | KDD 2021 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2106.06663) | |\n| 2021 | **通过重布线进行的图对抗攻击** | 攻击 | 节点分类 | GCN | KDD 2021 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F1906.03750) | |\n| 2021 | **使用TIGER评估图的脆弱性和鲁棒性** | 攻击 | 路径鲁棒性测量 | 路径鲁棒性测量 | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2006.05648) | [链接](https:\u002F\u002Fgithub.com\u002Fsafreita1\u002FTIGER) |\n| 2021 | **知识有限条件下针对图嵌入模型的对抗攻击框架** | 攻击 | 节点分类 | 图嵌入模型 | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2105.12419) | |\n| 2021 | **大规模攻击图神经网络** | 攻击 | 节点分类 | GCN | AAAI 2021 Workshop | [链接](https:\u002F\u002Fwww.dropbox.com\u002Fs\u002Fddrwoswpz3wwx40\u002FRobust_GNNs_at_Scale__AAAI_Workshop_2020_CameraReady.pdf?dl=0) | |\n| 2021 | **图神经网络的黑盒梯度攻击:对图对抗与防御的深入洞察** | 攻击 | 节点分类 | 图神经网络 | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2104.15061) | |\n| 2021 | **增强复用网络抵御节点-社区级连锁故障的鲁棒性和韧性** | 攻击 | 复杂网络鲁棒性 | 复杂网络 | IEEE TSMC | [链接](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F9415463\u002Fauthors#authors) | |\n| 2021 | **PATHATTACK:攻击复杂网络中的最短路径** | 攻击 | 最短路径 | 最短路径 | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2104.03761) | |\n| 2021 | **适用于可变形形状的通用谱对抗攻击** | 攻击 | 形状分类 | ChebyNet、PointNet | CVPR 2021 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2104.03356) | |\n| 2021 | **保留、促进还是攻击?通过拓扑扰动进行的图神经网络解释** | 攻击 | 目标检测 | 图神经网络 | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2103.13944) | |\n| 2021 | **迈向揭示政治家社交网络图结构上的并行对抗攻击** | 攻击 | 节点分类 | GCN | Security and Communication Networks | [链接](https:\u002F\u002Fwww.hindawi.com\u002Fjournals\u002Fscn\u002F2021\u002F6631247\u002F) | |\n| 2021 | **网络嵌入攻击:一种基于欧氏距离的方法** | 攻击 | 节点分类、社区检测 | 网络嵌入方法 | MDATA | [链接](https:\u002F\u002Flink.springer.com\u002Fchapter\u002F10.1007%2F978-3-030-71590-8_8) | |\n| 2021 | **通过监督式网络投毒对网络嵌入的对抗攻击** | 攻击 | 节点分类、链接预测 | DeepWalk、Node2vec、LINE、GCN | PAKDD 2021 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2102.07164) | [链接](https:\u002F\u002Fgithub.com\u002Fvirresh\u002Fviking) |\n| 2021 | **GraphAttacker:一个通用的多任务图攻击框架** | 攻击 | 节点分类、图分类、链接预测 | 图神经网络 | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2101.06855) | |\n| 2021 | **图神经网络的成员推理攻击** | 攻击 | 成员推理 | 图神经网络 | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2101.06570) | |\n\n### 2020年攻击相关论文 [[返回顶部](#图神经网络对抗学习文献)]\n\n| 年份 | 标题 | 类型 | 目标任务 | 目标模型 | 会议\u002F发表地 | 论文 | 代码 |\n| ---- | ------------------------------------------------------------ | ------ | ---------------------------------------- | ----------------------------------------- | -------------------- | ------------------------------------------------------------ | ------------------------------------------------------------ |\n| 2020 | **图神经网络的对抗性标签翻转攻击与防御** | 攻击 | 节点分类 | 图神经网络 | ICDM 2020 | [链接](http:\u002F\u002Fshichuan.org\u002Fdoc\u002F97.pdf) | [链接](https:\u002F\u002Fgithub.com\u002FMengmeiZ\u002FLafAK) |\n| 2020 | **图神经网络的探索性对抗攻击** | 攻击 | 节点分类 | 图卷积网络 | ICDM 2020 | [链接](https:\u002F\u002Fieeexplore.ieee.org\u002Fdocument\u002F9338329) | [链接](https:\u002F\u002Fgithub.com\u002FEpoAtk\u002FEpoAtk) |\n| 2020 | **针对图卷积网络的定向通用攻击** | 攻击 | 节点分类 | 图卷积网络 | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2011.14365) | [链接](https:\u002F\u002Fgithub.com\u002FNanyuu\u002FTUA) |\n| 2020 | **在不改变现有连接的情况下攻击基于图的分类** | 攻击 | 节点分类 | 集体分类模型 | ACSAC 2020 | [链接](https:\u002F\u002Fcse.sc.edu\u002F~zeng1\u002Fpapers\u002F2020-acsac-graph.pdf) | |\n| 2020 | **通过定向扰动学习欺骗知识图谱增强模型** | 攻击 | 常识推理推荐系统 | 知识图谱 | ICLR 2021 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2010.12872) | [链接](https:\u002F\u002Fgithub.com\u002FINK-USC\u002Fdeceive-KG-models) |\n| 2020 | **基于图神经网络的时空预测的一顶点攻击** | 攻击 | 时空预测 | 图神经网络 | ICLR 2021 OpenReview | [链接](https:\u002F\u002Fopenreview.net\u002Fforum?id=W0MKrbVOxtd) | |\n| 2020 | **愚弄图神经网络的单节点攻击** | 攻击 | 节点分类 | 图神经网络 | ICLR 2021 OpenReview | [链接](https:\u002F\u002Fopenreview.net\u002Fforum?id=u4WfreuXxnk) | |\n| 2020 | **将图神经网络的黑盒对抗攻击视为影响力最大化问题** | 攻击 | 节点分类 | 图神经网络 | ICLR 2021 OpenReview | [链接](https:\u002F\u002Fopenreview.net\u002Fforum?id=sbyjwhxxT8K) | |\n| 2020 | **深度图匹配的对抗攻击** | 攻击 | 图匹配 | 深度图匹配模型 | NeurIPS 2020 | [链接](https:\u002F\u002Fpapers.nips.cc\u002Fpaper\u002F2020\u002Ffile\u002Fef126722e64e98d1c33933783e52eafc-Paper.pdf) | |\n| 2020 | **迈向更实用的图神经网络对抗攻击** | 攻击 | 节点分类 | 图神经网络 | NeurIPS 2020 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2006.05057) | [链接](https:\u002F\u002Fgithub.com\u002FMark12Ding\u002FGNN-Practical-Attack) |\n| 2020 | **针对隐私保护记录链接的图匹配攻击** | 攻击 | 记录链接 | 隐私保护记录链接方法 | CIKM 2020 | [链接](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3340531.3411931) | |\n| 2020 | **通过 GAN 对图嵌入进行自适应对抗攻击** | 攻击 | 节点分类 | 图卷积网络、DeepWalk、LINE | SocialSec | [链接](https:\u002F\u002Flink.springer.com\u002Fchapter\u002F10.1007\u002F978-981-15-9031-3_7) | |\n| 2020 | **利用交替方向乘子法对图神经网络进行可扩展的对抗攻击** | 攻击 | 节点分类 | 图神经网络 | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2009.10233) | |\n| 2020 | **针对恶意软件检测图神经网络的语义保持强化学习攻击** | 攻击 | 恶意软件检测 | 图卷积网络 | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2009.05602) | |\n| 2020 | **大规模图的对抗攻击** | 攻击 | 节点分类 | 图神经网络 | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2009.03488) | |\n| 2020 | **通过影响函数对图神经网络进行高效的逃避攻击** | 攻击 | 节点分类 | 图神经网络 | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2009.00203) | |\n| 2020 | **基于强化学习的黑盒逃避攻击用于动态图中的链接预测** | 攻击 | 链接预测 | 动态图卷积网络 | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2009.00163) | |\n| 2020 | **针对无标度网络的 Broido-Clauset 分类的对抗攻击** | 攻击 | Broido 和 Clauset 分类 | 无标度网络 | AIP Chaos | [链接](https:\u002F\u002Faip.scitation.org\u002Fdoi\u002Ffull\u002F10.1063\u002F5.0003707) | |\n| 2020 | **基于图神经网络的链接预测算法的对抗攻击** | 攻击 | 链接预测 | 图神经网络 | Asia CCS 2020 | [链接](https:\u002F\u002Fiqua.ece.toronto.edu\u002Fpapers\u002Fwlin-asiaccs20.pdf) | |\n| 2020 | **图神经网络的实用对抗攻击** | 攻击 | 节点分类 | 图神经网络 | ICML 2020 Workshop | [链接](https:\u002F\u002Fgrlplus.github.io\u002Fpapers\u002F8.pdf) | |\n| 2020 | **通过迭代梯度攻击进行链接预测对抗攻击** | 攻击 | 链接预测 | 图自编码器 | IEEE TCSS | [链接](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F9141291?casa_token=JY86mKguq68AAAAA:GNbeDZJNuMzzcHFPGOTACf9ihXxgQyAOSjVUnbWhiON6vVG7ap7k8Ey4DCNyJTO0qlSxMyJWSY4B) | |\n| 2020 | **对图结构数据的有效对抗攻击** | 攻击 | 节点分类 | 图卷积网络 | IJCAI 2020 Workshop | [链接](https:\u002F\u002Fwww.aisafetyw.org\u002Fprogramme) | |\n| 2020 | **图后门** | 攻击 | 节点分类、图分类 | 图神经网络 | USENIX Security 2021 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2006.11890) | |\n| 2020 | **图神经网络的后门攻击** | 攻击 | 图分类 | 图神经网络 | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2006.11165) | |\n| 2020 | **基于纳什强化学习的鲁棒垃圾信息检测** | 攻击 | 欺诈检测 | 基于图的欺诈检测器 | KDD 2020 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2006.06069) | [链接](https:\u002F\u002Fgithub.com\u002FYingtongDou\u002FNash-Detect) |\n| 2020 | **图神经网络的对抗攻击:扰动及其模式** | 攻击 | 节点分类 | 图神经网络 | TKDD | [链接](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002F10.1145\u002F3394520) | |\n| 2020 | **分层图池化图神经网络的对抗攻击** | 攻击 | 图分类 | 图神经网络 | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2005.11560) | |\n| 2020 | **从图神经网络中窃取链接** | 攻击 | 推断链接 | 图神经网络 | USENIX Security 2021 | [链接](https:\u002F\u002Fwww.usenix.org\u002Fsystem\u002Ffiles\u002Fsec21summer_he.pdf) | |\n| 2020 | **通过注入恶意节点对图数据进行可扩展攻击** | 攻击 | 节点分类 | 图卷积网络 | ECML-PKDD 2020 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2004.13825) | |\n| 2020 | **网络破坏:最大化社交网络中的分歧与极化** | 攻击 | 操纵观点 | 图模型、社交网络 | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2003.08377) | |\n| 2020 | **网络中观点动态的对抗性扰动** | 攻击 | 操纵观点 | 图模型 | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2003.07010) | |\n| 2020 | **图神经网络的非目标特定节点注入攻击:一种分层强化学习方法** | 攻击 | 节点分类 | 图卷积网络 | WWW 2020 | [链接](https:\u002F\u002Ffaculty.ist.psu.edu\u002Fvhonavar\u002FPapers\u002Fwww20.pdf) | |\n| 2020 | **MGA:针对网络的动量梯度攻击** | 攻击 | 节点分类、社区检测 | 图卷积网络、DeepWalk、node2vec | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2002.11320) | |\n| 2020 | **通过毒害邻居对图卷积网络进行间接对抗攻击** | 攻击 | 节点分类 | 图卷积网络 | BigData 2019 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2002.08012) | |\n| 2020 | **图通用对抗攻击:少数坏人毁掉图学习模型** | 攻击 | 节点分类 | 图卷积网络 | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2002.04784) | [链接](https:\u002F\u002Fgithub.com\u002Fchisam0217\u002FGraph-Universal-Attack) |\n| 2020 | **对无标度网络的对抗攻击:测试物理标准的鲁棒性** | 攻击 | 网络结构 | 物理标准 | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2002.01249) | |\n| 2020 | **通过隐藏个体进行社区检测的对抗攻击** | 攻击 | 社区检测 | 图卷积网络 | WWW 2020 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2001.07933) | [链接](https:\u002F\u002Fgithub.com\u002Fhalimiqi\u002FCD-ATTACK) |\n\n### 2019年攻击相关论文 [[返回顶部](#图神经网络对抗学习文献)]\n\n| 年份 | 标题 | 类型 | 目标任务 | 目标模型 | 场所 | 论文 | 代码 |\n| ---- | ------------------------------------------------------------ | ------ | ---------------------------------------- | ------------------------------------------------------------ | ------------ | ---------------------------------------------------------- | ------------------------------------------------------------ |\n| 2019 | **图神经网络对结构噪声有多鲁棒?** | 攻击 | 节点结构身份预测 | GIN | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F1912.10206) | |\n| 2019 | **动态网络链路预测中的时间感知梯度攻击** | 攻击 | 链路预测 | 动态网络嵌入算法 | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F1911.10561) | |\n| 2019 | **低秩就够了:防御针对图的对抗性攻击** | 攻击 | 节点分类 | GCN、张量嵌入 | WSDM 2020 | [链接](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3336191.3371789) | [链接](https:\u002F\u002Fgithub.com\u002FDSE-MSU\u002FDeepRobust) |\n| 2019 | **αCyber:增强基于异构图模型的安卓恶意软件检测系统对抗性攻击的鲁棒性** | 攻击 | 恶意软件检测 | HIN | CIKM 2019 | [链接](https:\u002F\u002Fdl.acm.org\u002Fcitation.cfm?id=3357875) | |\n| 2019 | **面向基于图的半监督学习的数据投毒攻击统一框架** | 攻击 | 半监督学习 | 标签传播 | NeurIPS 2019 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F1910.14147) | |\n| 2019 | **操纵网络中的节点相似度度量** | 攻击 | 节点相似度 | 节点相似度度量 | AAMAS 2020 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F1910.11529) | |\n| 2019 | **社区发现的多尺度进化扰动攻击** | 攻击 | 社区发现 | 社区指标 | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F1910.09741) | |\n| 2019 | **通过重布线攻击图卷积网络** | 攻击 | 节点分类 | GCN | Openreview | [链接](https:\u002F\u002Fopenreview.net\u002Fpdf?id=B1eXygBFPH) | |\n| 2019 | **基于强化学习的图节点注入攻击** | 攻击 | 节点分类 | GCN | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F1909.06543) | |\n| 2019 | **针对图嵌入模型的受限黑盒对抗框架** | 攻击 | 节点分类 | GCN、SGC | AAAI 2020 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F1908.01297) | [链接](https:\u002F\u002Fgithub.com\u002FSwiftieH\u002FGFAttack) |\n| 2019 | **图神经网络的拓扑攻击与防御:优化视角** | 攻击 | 节点分类 | GNN | IJCAI 2019 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F1906.04214) | [链接](https:\u002F\u002Fgithub.com\u002FKaidiXu\u002FGCN_ADV_Train) |\n| 2019 | **网络嵌入的无监督欧氏距离攻击** | 攻击 | 节点嵌入 | GCN | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F1905.11015) | |\n| 2019 | **利用生成模型进行可泛化对抗性攻击** | 攻击 | 节点分类 | GCN | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F1905.10864) | |\n| 2019 | **顶点提名、一致性估计与对抗性修改** | 攻击 | 顶点提名 | VN方案 | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F1905.01776) | |\n| 2019 | **针对知识图谱嵌入的数据投毒攻击** | 攻击 | 事实可信度预测 | TransE、TransR | IJCAI 2019 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F1904.12052) | |\n| 2019 | **图数据上的对抗样本:攻防的深度洞察** | 攻击 | 节点分类 | GCN | IJCAI 2019 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F1903.01610) | [链接](https:\u002F\u002Fgithub.com\u002FDSE-MSU\u002FDeepRobust) |\n| 2019 | **通过图污染攻击节点嵌入** | 攻击 | 节点分类、社区发现 | node2vec、DeepWalk、GCN、谱嵌入、标签传播 | ICML 2019 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F1809.01093#) | [链接](https:\u002F\u002Fgithub.com\u002Fabojchevski\u002Fnode_embedding_attack) |\n| 2019 | **通过操纵图结构攻击基于图的分类** | 攻击 | 节点分类 | 网络信念传播、GCN | CCS 2019 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F1903.00553) | |\n| 2019 | **通过元学习对图神经网络进行对抗性攻击** | 攻击 | 节点分类 | GCN、CLN、DeepWalk | ICLR 2019 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F1902.08412) | [链接](https:\u002F\u002Fgithub.com\u002Fdanielzuegner\u002Fgnn-meta-attack) |\n\n### 攻击论文 2018 年 [[返回顶部](#graph-adversarial-learning-literature)]\n\n| 年份 | 标题 | 类型 | 目标任务 | 目标模型 | 发表平台 | 论文 | 代码 |\n| ---- | ------------------------------------------------------------ | ------ | ----------------------------------------- | ----------------------------------- | --------------------- | ------------------------------------------------------------ | ------------------------------------------------------------ |\n| 2018 | **针对基于图的推荐系统的投毒攻击** | 攻击 | 推荐系统 | 基于图的推荐算法 | ACSAC 2018 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F1809.04127) | |\n| 2018 | **基于遗传算法的社区检测对抗攻击** | 攻击 | 社区检测 | 模块度、社区检测算法 | IEEE TCSS | [链接](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F8714065) | |\n| 2018 | **针对无监督节点嵌入方法的数据投毒攻击** | 攻击 | 链接预测 | LINE、DeepWalk | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F1810.12881) | |\n| 2018 | **通过添加虚假节点攻击图卷积网络** | 攻击 | 节点分类 | GCN | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F1810.10751) | |\n| 2018 | **链接预测对抗攻击** | 攻击 | 链接预测 | GAE、GCN | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F1810.01110) | |\n| 2018 | **链接预测算法的攻击容忍性:如何在社交网络中隐藏你的关系** | 攻击 | 链接预测 | 传统链接预测算法 | Scientific Reports | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F1809.00152) | |\n| 2018 | **攻击社交网络中基于相似性的链接预测** | 攻击 | 链接预测 | 局部与全局相似度指标 | AAMAS 2019 | [链接](https:\u002F\u002Fdl.acm.org\u002Fcitation.cfm?id=3306127.3331707) | |\n| 2018 | **针对网络嵌入的快速梯度攻击** | 攻击 | 节点分类 | GCN | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F1809.02797) | |\n| 2018 | **针对图结构数据的对抗攻击** | 攻击 | 节点分类、图分类 | GNN、GCN | ICML 2018 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F1806.02371) | [链接](https:\u002F\u002Fgithub.com\u002FHanjun-Dai\u002Fgraph_adversarial_attack) |\n| 2018 | **针对图数据神经网络的对抗攻击** | 攻击 | 节点分类 | GCN | KDD 2018 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F1805.07984) | [链接](https:\u002F\u002Fgithub.com\u002Fdanielzuegner\u002Fnettack) |\n| 2018 | **在社交网络中隐藏个体和社区** | 攻击 | 社区检测 | 社区检测算法 | Nature Human Behavior | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F1608.00375) | [链接](https:\u002F\u002Fgithub.com\u002FDSE-MSU\u002FDeepRobust) |\n\n### 攻击论文 2017 年 [[返回顶部](#graph-adversarial-learning-literature)]\n\n| 年份 | 标题 | 类型 | 目标任务 | 目标模型 | 发表平台 | 论文 | 代码 |\n| ---- | ------------------------------------------------------------ | ------ | ---------------- | -------------------------------------- | -------- | ---------------------------------------- | ---------------------------------------------- |\n| 2017 | **针对基于图聚类的实际攻击** | 攻击 | 图聚类 | SVD、node2vec、社区检测算法 | CCS 2017 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F1708.09056) | |\n| 2017 | **用于正则化神经链接预测器的对抗集合** | 攻击 | 链接预测 | 知识图嵌入 | UAI 2017 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F1707.07596) | [链接](https:\u002F\u002Fgithub.com\u002Fuclmr\u002Finferbeddings) |\n\n## 防御\n\n### 防御论文 2023 年 [[返回顶部](#graph-adversarial-learning-literature)]\n\n| 年份 | 标题 | 类型 | 目标任务 | 目标模型 | 发表平台 | 论文 | 代码 |\n| ---- | ------------------------------------------------------------ | ------- | --------------------------------------------------------- | ------------------------------------------------------------ | ------------------------------------------------- | ------------------------------------------------------------ | ------------------------------------------------------------ |\n | 2023 | **重新审视图机器学习中的鲁棒性**| 防御 | 节点分类 | GCN、SGC、APPNP、GAT、GATv2、GraphSAGE、LP | ICLR'23 | [链接](https:\u002F\u002Farxiv.org\u002Fpdf\u002F2305.00851.pdf) | [链接](https:\u002F\u002Fgithub.com\u002Fsaper0\u002Frevisiting_robustness)|\n| 2023 | **利用测试时图变换增强图表示学习** | 防御 | 节点分类 | GCN | ICLR | [链接](https:\u002F\u002Fopenreview.net\u002Fforum?id=Lnxl5pr018) | [链接](https:\u002F\u002Fgithub.com\u002FChandlerBang\u002FGTrans)|\n| 2023 | **动态时间序列图上的对抗危险识别** | 防御 | 动态时间序列图 | 基于混合 GNN 的时间序列分类器 | IEEE Transactions on Neural Networks and Learning Systems | [链接](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F10068359) | \n\n### 防御论文 2022 年 [[返回顶部](#graph-adversarial-learning-literature)]\n\n| 年份 | 标题 | 类型 | 目标任务 | 目标模型 | 会议\u002F期刊 | 论文 | 代码 |\n| ---- | ------------------------------------------------------------ | ------- | --------------------------------------------------------- | ------------------------------------------------------------ | ------------------------------------------------- | ------------------------------------------------------------ | ------------------------------------------------------------ |\n| 2022 | **针对对抗性社区检测攻击的边缘敏感型社区个体隐私保护** | 防御 | 社区检测 | DICE, 随机目标攻击 (RTA) | IEEE 计算社会系统汇刊 | [链接](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F9997230\u002F) | |\n| 2022 | **DeepInsight: 拓扑变化助力图上对抗样本检测** | 防御 | 节点分类 | 两层 GCN | IEEE 计算社会系统汇刊 | [链接](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F9931416) | |\n| 2022 | **ERGCN:基于数据增强的对抗攻击鲁棒图卷积网络** | 防御 | 信息科学 | 节点分类 | GCN\u002FGCN-Jaccard\u002FRGGCN\u002FPro-GNN\u002FSimP-GCN\u002FEGCN | [链接](https:\u002F\u002Fwww.sciencedirect.com\u002Fscience\u002Farticle\u002Fpii\u002FS0020025522012415) | [链接](https:\u002F\u002Fgithub.com\u002Fstar4455\u002FERGCN) |\n| 2022 | **基于图学习的协同过滤的脆弱性研究** | 防御 | 图学习协同过滤 | NGCF\u002FLightGCN | ACM 信息系统汇刊 | [链接](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3572834) | |\n| 2022 | **FocusedCleaner:用于鲁棒 GNN 节点分类的中毒图净化工具** | 防御 | 节点分类 | GNN-Jaccard\u002FProGNN\u002FRGCN\u002FMedianGNN\u002FSimPGCN\u002FGNNGUARD\u002FElasticGNN\u002FAirGNNGASOLINE\u002FmaskGVAE | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2210.13815) | |\n| 2022 | **通过约束图互信息实现跨网络节点分类的鲁棒性** | 防御 | 跨网络节点分类 | GNNs | 知识系统 | [链接](https:\u002F\u002Fwww.sciencedirect.com\u002Fscience\u002Farticle\u002Fpii\u002FS0950705122009455) | |\n| 2022 | **图神经扩散对拓扑扰动的鲁棒性研究** | 防御 | 节点分类 | GAT、GraphSAGE、GIN、APPNP | arXiv 预印本 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2209.07754) | [链接](https:\u002F\u002Fgithub.com\u002Fzknus\u002FRobustness-of-Graph-Neural-Diffusion) |\n| 2022 | **利用可解释性防御图神经网络后门攻击** | 防御 | 图分类任务 | GraphConv、GIN | arXiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2209.02902) | |\n| 2022 | **社交隐私中的对抗:一种降低用户身份关联性的中毒策略** | 防御 | 用户身份关联 | GCNs | arXiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2209.00269) | |\n| 2022 | **面向鲁棒半监督节点分类的最优非对称图结构** | 防御 | 半监督节点分类 | GCN | KDD 2022 | [链接](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3534678.3539332) | |\n| 2022 | **可靠表征铸就更强防御:鲁棒 GNN 的无监督结构优化** | 防御 | 节点分类 | GNNs | KDD 2022 | [链接](https:\u002F\u002Fponderly.github.io\u002Fpub\u002FSTABLE_KDD2022.pdf) | |\n| 2022 | **针对局部损坏恢复的鲁棒图表示学习** | 防御 | 节点属性恢复 | GNNs | ICML 2022 工作坊 | [链接](https:\u002F\u002Fyuguangwang.github.io\u002Fpapers\u002FL_p_graph_regularizer_ICML%20TAG%202022.pdf) | |\n| 2022 | **外观与结构感知的鲁棒深度视觉图匹配:攻击、防御及更远** | 防御 | 图匹配 | 图匹配算法 | CVPR 2022 | [链接](https:\u002F\u002Fopenaccess.thecvf.com\u002Fcontent\u002FCVPR2022\u002Fhtml\u002FRen_Appearance_and_Structure_Aware_Robust_Deep_Visual_Graph_Matching_Attack_CVPR_2022_paper.html) | [链接](https:\u002F\u002Fgithub.com\u002FThinklab-SJTU\u002FRobustMatch) |\n| 2022 | **大规模隐私保护网络嵌入,抵御隐私链接推断攻击** | 防御 | 隐私保护 | 网络嵌入算法 | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2205.14440) | |\n| 2022 | **检测针对图神经网络的拓扑攻击** | 防御 | 节点分类 | GNNs | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2204.10072) | |\n| 2022 | **GUARD:图通用对抗防御** | 防御 | 节点分类 | GNNs | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2204.09803) | [链接](https:\u002F\u002Fgithub.com\u002FEdisonLeeeee\u002FGUARD) |\n| 2022 | **通过集成学习构建鲁棒图神经网络** | 防御 | 节点分类 | GNNs | 数学杂志 | [链接](https:\u002F\u002Fwww.mdpi.com\u002F2227-7390\u002F10\u002F8\u002F1300\u002Fhtm) | |\n| 2022 | **AN-GCN:一种抵御边扰动攻击的匿名图卷积网络** | 防御 | 节点分类 | GNNs | IEEE TNNLS | [链接](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F9775013) | |\n| 2022 | **探索高阶结构以实现鲁棒图结构学习** | 防御 | 节点分类 | GNNs | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2203.11492) | |\n| 2022 | **通过贝叶斯自监督防御图卷积网络的动态图扰动** | 防御 | 节点分类 | GNNs | AAAI 2022 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2203.03762) | [链接](https:\u002F\u002Fgithub.com\u002Fjunzhuang-code\u002FGraphSS) |\n| 2022 | **图交替学习在节点分类中提升图神经网络鲁棒性** | 防御 | 节点分类 | GNNs | 神经计算与应用 | [链接](https:\u002F\u002Flink.springer.com\u002Farticle\u002F10.1007\u002Fs00521-021-06863-1) | |\n| 2022 | **对抗攻击下的鲁棒异构图神经网络** | 防御 | 节点分类 | 异构 GNNs | AAAI 2022 | [链接](http:\u002F\u002Fshichuan.org\u002Fdoc\u002F132.pdf) | |\n| 2022 | **贝叶斯噪声自监督如何防御图卷积网络?** | 防御 | 节点分类 | GNNs | 神经处理快报 | [链接](https:\u002F\u002Flink.springer.com\u002Farticle\u002F10.1007\u002Fs11063-022-10750-8) | |\n| 2022 | **GARNET:降秩拓扑学习用于鲁棒且可扩展的图神经网络** | 防御 | 节点分类 | GNNs | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2201.12741) | |\n| 2022 | **小心你的求解器!关于组合优化的对抗攻击与防御** | 防御 | 组合优化 | 组合优化方法 | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2201.00402) | |\n| 2022 | **图上的无监督对抗鲁棒表示学习** | 防御 | 节点分类、链接预测、社区检测 | GNNs | AAAI 2022 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2012.02486) | |\n\n### 2021年防御相关论文 [[返回顶部](#graph-adversarial-learning-literature)]\n\n| 年份 | 标题 | 类型 | 目标任务 | 目标模型 | 会议\u002F期刊 | 论文 | 代码 |\n| ---- | ------------------------------------------------------------ | ------- | ------------------------------------------------------ | --------------------------------------- | -------------------- | ------------------------------------------------------------ | ------------------------------------------------- |\n| 2021 | **注意你的求解器!关于组合优化的对抗攻击与防御** | 防御 | 组合优化 | 组合优化方法 | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2201.00402) | |\n| 2021 | **基于概率 Lipschitz 约束的鲁棒图神经网络** | 防御 | 分布式控制 | 图神经网络 | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2112.07575) | |\n| 2021 | **基于图的自适应嵌入对抗在线核学习** | 防御 | 节点分类 | 核学习模型 | ICDM 2021 | | |\n| 2021 | **并非所有低通滤波器在图卷积网络中都是鲁棒的** | 防御 | 节点分类 | 图卷积网络 | NeurIPS 2021 | [链接](https:\u002F\u002Fopenreview.net\u002Fforum?id=bDdfxLQITtu) | |\n| 2021 | **具有自适应残差的图神经网络** | 防御 | 节点分类、异常特征检测 | 图神经网络 | NeurIPS 2021 | [链接](https:\u002F\u002Fopenreview.net\u002Fpdf?id=hfkER_KJiNw) | |\n| 2021 | **从对抗鲁棒性的视角看神经组合求解器的泛化能力** | 防御 | 组合优化 | 组合优化求解器 | NeurIPS 2021 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2110.10942) | |\n| 2021 | **通过张量基的鲁棒图聚合防御图神经网络** | 防御 | 节点分类 | 图神经网络 | ICLR 2022 OpenReview | [链接](https:\u002F\u002Fopenreview.net\u002Fforum?id=BrfHcL-99sy) | |\n| 2021 | **基于潜在图卷积表示的鲁棒图数据学习** | 防御 | 节点分类、节点聚类 | 图神经网络 | ICLR 2022 OpenReview | [链接](https:\u002F\u002Fopenreview.net\u002Fforum?id=krQLTdel74N) | |\n| 2021 | **边重连走向神经网络:通过策略梯度提升网络韧性** | 防御 | 图网络韧性 | 图神经网络 | ICLR 2022 OpenReview | [链接](https:\u002F\u002Fopenreview.net\u002Fforum?id=eVzy-BWKY6Z) | |\n| 2021 | **关于异质性与图神经网络鲁棒性的关系** | 防御 | 节点分类 | 图神经网络 | ICLR 2022 OpenReview | [链接](https:\u002F\u002Fopenreview.net\u002Fforum?id=Nus6fOfh1HW) | |\n| 2021 | **一种针对对抗攻击的通用统一图神经网络框架** | 防御 | 节点分类 | 图神经网络 | ICLR 2022 OpenReview | [链接](https:\u002F\u002Fopenreview.net\u002Fforum?id=bpUHBc9HCU8) | |\n| 2021 | **节点复制:一种用于有效图采样的随机图模型** | 防御 | 节点分类 | 图神经网络 | 信号处理期刊 | [链接](https:\u002F\u002Fwww.sciencedirect.com\u002Fscience\u002Farticle\u002Fpii\u002FS0165168421003728) | |\n| 2021 | **节点特征核提升图卷积鲁棒性** | 防御 | 节点分类 | 图神经网络 | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2109.01785) | [链接](https:\u002F\u002Fgithub.com\u002FChangminWu\u002FRobustGCN) |\n| 2021 | **利用低秩信息加速鲁棒图结构学习** | 防御 | 节点分类 | 图神经网络 | CIKM 2021 | [链接](http:\u002F\u002Fxiangliyao.cn\u002Fpapers\u002Fcikm21-hui.pdf) | |\n| 2021 | **一种轻量级度量防御策略,用于抵御图神经网络上的投毒攻击** | 防御 | 节点分类 | 图神经网络 | ICICS 2021 | [链接](https:\u002F\u002Flink.springer.com\u002Fchapter\u002F10.1007\u002F978-3-030-88052-1_4) | [链接](https:\u002F\u002Fgithub.com\u002Flizi-learner\u002FMD-GNN) |\n| 2021 | **CoG:一种双视图协同训练框架,用于防御图上的对抗攻击** | 防御 | 节点分类 | 图卷积网络 | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2109.05558) | |\n| 2021 | **图神经网络的鲁棒反事实解释** | 防御 | 链接预测 | 概率网络嵌入模型 | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2107.01936) | |\n| 2021 | **弹性图神经网络** | 防御 | 节点分类 | 图神经网络 | ICML 2021 | [链接](http:\u002F\u002Fproceedings.mlr.press\u002Fv139\u002Fliu21k\u002Fliu21k.pdf) | [链接](https:\u002F\u002Fgithub.com\u002Flxiaorui\u002FElasticGNN) |\n| 2021 | **富有表现力的 1-Lipschitz 神经网络,用于鲁棒的多图学习以对抗攻击** | 防御 | 图分类、图匹配 | 图神经网络 | ICML 2021 | [链接](http:\u002F\u002Fproceedings.mlr.press\u002Fv139\u002Fzhao21e.html) | |\n| 2021 | **用于图匹配的综合防御机制** | 防御 | 图匹配 | 图匹配算法 | ICML 2021 | [链接](http:\u002F\u002Fproceedings.mlr.press\u002Fv139\u002Fren21c\u002Fren21c.pdf) | |\n| 2021 | **NetFense:针对图数据神经网络的隐私攻击的对抗防御** | 防御 | 隐私保护 | 图神经网络 | TKDE | [链接](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F9448513) | |\n| 2021 | **图卷积神经网络对随机扰动的稳定性** | 防御 | 鲁棒性认证 | 图神经网络 | 信号处理期刊 | [链接](https:\u002F\u002Fwww.sciencedirect.com\u002Fscience\u002Farticle\u002Fabs\u002Fpii\u002FS0165168421002541) | |\n| 2021 | **DeepInsight:可解释性辅助检测图上的对抗样本** | 防御 | 节点分类 | 图神经网络 | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2106.09501) | |\n| 2021 | **利用异质性启发的设计提升图神经网络的鲁棒性** | 防御 | 节点分类 | 图神经网络 | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2106.07767) | |\n| 2021 | **理解图卷积网络中的结构脆弱性** | 防御 | 节点分类 | 图神经网络 | IJCAI 2021 | [链接](cs.emory.edu\u002F~jyang71\u002Ffiles\u002Frpgcn.pdf) | [链接](https:\u002F\u002Fgithub.com\u002FEdisonLeeeee\u002FMedianGCN) |\n| 2021 | **图神经网络对抗结构扰动的认证鲁棒性** | 防御 | 鲁棒性认证 | 图神经网络 | KDD 2021 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2008.10715) | |\n| 2021 | **通过随机采样和共识揭示图上的异常节点** | 防御 | 异常检测 | 异常检测算法 | ICASSP 2021 | [链接](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F9414953) | |\n| 2021 | **图净化及其在节点分类中的应用** | 防御 | 节点分类 | 图神经网络 | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fpdf\u002F2105.09384.pdf) | |\n| 2021 | **通过攻击信号缩放和对抗扰动消除实现鲁棒的网络对齐** | 防御 | 网络对齐 | 网络对齐算法 | WWW 2021 | [链接](http:\u002F\u002Feng.auburn.edu\u002Fusers\u002Fyangzhou\u002Fpapers\u002FRNA.pdf) | |\n| 2021 | **图神经网络的信息混淆** | 防御 | 推荐系统、知识图、量子化学 | 图神经网络 | ICML 2021 | [链接](https:\u002F\u002Farxiv.org\u002Fpdf\u002F2009.13504.pdf) | [链接](https:\u002F\u002Fgithub.com\u002Fliaopeiyuan\u002FGAL) |\n| 2021 | **面向推荐系统的图嵌入,抵御属性推断攻击** | 防御 | 推荐系统 | 图卷积网络 | WWW 2021 | [链接](https:\u002F\u002Farxiv.org\u002Fpdf\u002F2101.12549.pdf) | |\n| 2021 | **用于通用鲁棒图卷积网络的空间–时间稀疏化** | 防御 | 节点分类 | 图卷积网络 | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2103.12256) | |\n| 2021 | **图上拓扑对抗攻击的检测与防御** | 防御 | 节点分类 | 图卷积网络 | AISTATS 2021 | [链接](http:\u002F\u002Fproceedings.mlr.press\u002Fv130\u002Fzhang21i.html) | |\n| 2021 | **通过方向图对抗训练的鲁棒图卷积网络** | 防御 | 节点分类 | 图卷积网络 | 应用智能期刊 | [链接](https:\u002F\u002Flink.springer.com\u002Farticle\u002F10.1007\u002Fs10489-021-02272-y) | |\n| 2021 | **谱图滤波器的可解释稳定性界** | 防御 | 鲁棒性认证 | 谱图滤波器 | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2102.09587) | |\n| 2021 | **通过对抗建模实现社交网络中的个性化隐私保护** | 防御 | 隐私保护 | 图卷积网络 | AAAI 2021 | [链接](https:\u002F\u002Fwww.cs.uic.edu\u002F~elena\u002Fpubs\u002Fbiradar-ppai21.pdf) | |\n| 2021 | **保持节点相似性的图卷积网络** | 防御 | 节点分类 | 图神经网络 | WSDM 2021 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2011.09643) | [链接](https:\u002F\u002Fgithub.com\u002FChandlerBang\u002FSimP-GCN) |\n\n### 2020年防御相关论文 [[返回顶部](#graph-adversarial-learning-literature)]\n\n| 年份 | 标题 | 类型 | 目标任务 | 目标模型 | 会议\u002F期刊 | 论文 | 代码 |\n| ---- | ------------------------------------------------------------ | ------- | ---------------------------------------- | ------------------------------------------- | -------------------- | ------------------------------------------------------------ | ------------------------------------------------------------ |\n| 2020 | **用于半监督学习的图随机神经网络** | 防御 | 节点分类 | 图神经网络 | NeurIPS 2020 | [链接](https:\u002F\u002Fpapers.nips.cc\u002Fpaper\u002F2020\u002Ffile\u002Fe586a4f55fb43a540c2e9dab45e00f53-Paper.pdf) | [链接](https:\u002F\u002Fgithub.com\u002FGSNN\u002FGSNN) |\n| 2020 | **针对图神经网络的平滑对抗训练** | 防御 | 节点分类、社区检测 | 图卷积网络 | IEEE TCSS | [链接](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F9305289?casa_token=fTXIL3hT1yIAAAAA:I4fn-GlF0PIwzPRC87SayRi5_pi2ZDDuSancEsY96A4O4bUBEsp0hSYMNJVGVzMgBWxycYN9qu6D) | |\n| 2020 | **无监督的对抗鲁棒图表示学习** | 防御 | 节点分类 | 图神经网络 | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2012.02486) | |\n| 2020 | **AANE:面向异常链接检测的异常感知网络嵌入** | 防御 | 节点分类 | 图神经网络 | ICDM 2020 | [链接](https:\u002F\u002Fieeexplore.ieee.org\u002Fdocument\u002F9338406) | |\n| 2020 | **通过低通消息传递实现可证明鲁棒的节点分类** | 防御 | 异常检测 | 图神经网络 | ICDM 2020 | [链接](https:\u002F\u002Fshenghua-liu.github.io\u002Fpapers\u002Ficdm2020-provablerobust.pdf) | |\n| 2020 | **学习丢弃:基于拓扑去噪的鲁棒图神经网络** | 防御 | 节点分类 | 图神经网络 | WSDM 2021 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2011.07057) | [链接](https:\u002F\u002Fgithub.com\u002Fflyingdoog\u002FPTDNet) |\n| 2020 | **基于属性异质图嵌入的鲁棒安卓恶意软件检测** | 防御 | 恶意软件检测 | 异质信息网络嵌入 | FCS 2020 | [链接](https:\u002F\u002Flink.springer.com\u002Fchapter\u002F10.1007\u002F978-981-15-9739-8_33) | |\n| 2020 | **图结构数据上的对抗检测** | 防御 | 图分类 | 图神经网络 | PPMLP 2020 | [链接](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3411501.3419424) | |\n| 2020 | **边重连下图卷积神经网络的稳定性研究** | 防御 | 鲁棒性认证 | 图神经网络 | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2010.13747) | |\n| 2020 | **集体鲁棒性证书** | 防御 | 鲁棒性认证 | 图神经网络 | ICLR 2021 | [链接](https:\u002F\u002Fopenreview.net\u002Fforum?id=ULQdiUTHe3y) | |\n| 2020 | **面向标签噪声的鲁棒图神经网络** | 防御 | 节点分类 | 图神经网络 | ICLR 2021 OpenReview | [链接](https:\u002F\u002Fopenreview.net\u002Fforum?id=H38f_9b90BO) | |\n| 2020 | **基于图拉普拉斯算子的半监督学习鲁棒性认证** | 防御 | 鲁棒性认证 | 图神经网络 | ICLR 2021 OpenReview | [链接](https:\u002F\u002Fopenreview.net\u002Fforum?id=cQyybLUoXxc) | |\n| 2020 | **图对抗网络:保护信息免受对抗攻击** | 防御 | 节点属性推断 | 图神经网络 | ICLR 2021 OpenReview | [链接](https:\u002F\u002Fopenreview.net\u002Fforum?id=Q8ZdJahesWe) | |\n| 2020 | **Ricci-GNN:通过几何方法防御结构攻击** | 防御 | 节点分类 | 图神经网络 | ICLR 2021 OpenReview | [链接](https:\u002F\u002Fopenreview.net\u002Fforum?id=_qoQkWNEhS) | |\n| 2020 | **带有增强的图对比学习** | 防御 | 节点分类 | 图神经网络 | NeurIPS 2020 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2010.13902) | [链接](https:\u002F\u002Fgithub.com\u002FShen-Lab\u002FGraphCL) |\n| 2020 | **图信息瓶颈** | 防御 | 节点分类 | 图神经网络 | NeurIPS 2020 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2010.12811) | [链接](https:\u002F\u002Fgithub.com\u002Fsnap-stanford\u002FGIB) |\n| 2020 | **图卷积网络在拓扑攻击下的图分类鲁棒性认证** | 防御 | 图分类 | 图卷积网络 | NeurIPS 2020 | [链接](https:\u002F\u002Fwww.cs.uic.edu\u002F~zhangx\u002Fpapers\u002FJinetal20.pdf) | [链接](https:\u002F\u002Fgithub.com\u002FRobustGraph\u002FRoboGraph) |\n| 2020 | **通过鲁棒聚合实现可靠的图神经网络** | 防御 | 节点分类 | 图神经网络 | NeurIPS 2020 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2010.15651) | [链接](https:\u002F\u002Fgithub.com\u002Fsigeisler\u002Freliable_gnn_via_robust_aggregation) |\n| 2020 | **用于图上半监督学习的图随机神经网络** | 防御 | 节点分类 | 图卷积网络 | NeurIPS 2020 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2005.11079) | [链接](https:\u002F\u002Fgithub.com\u002FGrand20\u002Fgrand) |\n| 2020 | **在缺乏图数据和对抗环境下的图卷积网络变分推断** | 防御 | 节点分类 | 图卷积网络 | NeurIPS 2020 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F1906.01852) | [链接](https:\u002F\u002Fgithub.com\u002Febonilla\u002FVGCN) |\n| 2020 | **GNNGuard:防御图神经网络对抗攻击** | 防御 | 节点分类 | 图神经网络 | NeurIPS 2020 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2006.08149) | [链接](https:\u002F\u002Fgithub.com\u002Fmims-harvard\u002FGNNGuard) |\n| 2020 | **一种特征重要性感知且鲁棒的GCN聚合器** | 防御 | 节点分类、图分类 | 图神经网络 | CIKM 2020 | [链接](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3340531.3411983) | [链接](https:\u002F\u002Fgithub.com\u002FLiZhang-github\u002FLA-GCN) |\n| 2020 | **与不确定性匹配的图神经网络以防御中毒攻击** | 防御 | 节点分类 | 图神经网络 | AAAI 2021 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2009.14455) | |\n| 2020 | **深度图信息最大化中的交叉熵攻击** | 防御 | 节点分类 | DGI | IEEE ISCAS | [链接](https:\u002F\u002Fieeexplore.ieee.org\u002Fdocument\u002F9180817) | |\n| 2020 | **RoGAT:结合修正GAT与调整图的鲁棒图神经网络** | 防御 | 节点分类 | 图神经网络 | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2009.13038) | |\n| 2020 | **一种新型防御方案:抵御基于图结构操纵的攻击** | 防御 | 节点分类 | 马尔可夫随机场 | SocialSec | [链接](https:\u002F\u002Flink.springer.com\u002Fchapter\u002F10.1007\u002F978-981-15-9031-3_26) | |\n| 2020 | **面向对抗攻击的不确定性感知注意力图神经网络** | 防御 | 节点分类 | 图神经网络 | AAAI 2021 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2009.10235) | |\n| 2020 | **利用随机平滑对图分类进行拓扑攻击下的鲁棒性认证** | 防御 | 图分类 | GCB | IEEE GLOBECOM 2020 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2009.05872) | |\n| 2020 | **通过对抗免疫提升图上的可认证鲁棒性** | 防御 | 节点分类 | 图神经网络 | WSDM 2021 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2007.09647) | |\n| 2020 | **抵御结构攻击的鲁棒集体分类** | 防御 | 节点分类 | 关联马尔可夫网络 | UAI 2020 | [链接](http:\u002F\u002Fwww.auai.org\u002Fuai2020\u002Fproceedings\u002F119_main_paper.pdf) | |\n| 2020 | **通过丢弃图连接提升图卷积网络的鲁棒性** | 防御 | 节点分类 | 图卷积网络 | 预印本 | [链接](https:\u002F\u002Ffaculty.ist.psu.edu\u002Fwu\u002Fpapers\u002FDropCONN.pdf) | |\n| 2020 | **通过潜在扰动训练图卷积网络以增强鲁棒性** | 防御 | 节点分类 | 图卷积网络 | ECML-PKDD 2020 | [链接](https:\u002F\u002Fwww.cs.uic.edu\u002F~zhangx\u002Fpapers\u002FJinZha20.pdf) | |\n| 2020 | **图神经网络的后门攻击** | 防御 | 图分类 | 图神经网络 | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2006.11165) | |\n| 2020 | **DefenseVGAE:通过变分图自编码器防御图数据对抗攻击** | 防御 | 节点分类 | 图神经网络 | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2006.08900) | [链接](https:\u002F\u002Fgithub.com\u002Fzhangao520\u002Fdefense-vgae) |\n| 2020 | **基于纳什强化学习的鲁棒垃圾信息发送者检测** | 防御 | 欺诈检测 | 基于图的欺诈检测器 | KDD 2020 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2006.06069) | [链接](https:\u002F\u002Fgithub.com\u002FYingtongDou\u002FNash-Detect) |\n| 2020 | **图卷积网络在结构扰动下的可认证鲁棒性** | 防御 | 鲁棒性认证 | 图卷积网络 | KDD 2020 | [链接](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3394486.3403217) | [链接](https:\u002F\u002Fgithub.com\u002Fdanielzuegner\u002Frobust-gcn-structure) |\n| 2020 | **离散数据的高效鲁棒性证书:面向图、图像等的稀疏感知随机平滑** | 防御 | 鲁棒性认证 | 图神经网络 | ICML 2020 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2008.12952) | [链接](https:\u002F\u002Fgithub.com\u002Fabojchevski\u002Fsparse_smoothing) |\n| 2020 | **通过神经稀疏化进行鲁棒图表示学习** | 防御 | 节点分类 | 图神经网络 | ICML 2020 | [链接](https:\u002F\u002Fproceedings.icml.cc\u002Fstatic\u002Fpaper_files\u002Ficml\u002F2020\u002F2611-Paper.pdf) | |\n| 2020 | **为鲁棒图神经网络而设计的图结构学习** | 防御 | 节点分类 | 图卷积网络 | KDD 2020 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2005.10203) | [链接](https:\u002F\u002Fgithub.com\u002FDSE-MSU\u002FDeepRobust) |\n| 2020 | **基于GCN的用户表示学习:统一鲁棒推荐与欺诈检测** | 防御 | 推荐系统 | 图卷积网络 | SIGIR 2020 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2005.10150) | |\n| 2020 | **匿名GCN:一种通过噪声隐藏节点位置的新型鲁棒图嵌入方法** | 防御 | 节点分类 | 图卷积网络 | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2005.03482) | |\n| 2020 | **面向协同过滤的鲁棒分层图卷积网络模型** | 防御 | 推荐系统 | 图卷积网络 | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2004.14734) | |\n| 2020 | **多项式谱图滤波器的稳定性研究** | 防御 | 图的性质 | 谱图滤波器 | ICASSP 2020 | [链接](https:\u002F\u002Fieeexplore.ieee.org\u002Fabstract\u002Fdocument\u002F9054072) | [链接](https:\u002F\u002Fgithub.com\u002Fhenrykenlay\u002Fspgf) |\n| 2020 | **节点攻击下级联扩散的鲁棒性研究** | 防御 | 影响力最大化 | IC模型 | WWW 2020 Workshop | [链接](https:\u002F\u002Fwww.cs.au.dk\u002F~karras\u002FrobustIC.pdf) | [链接](https:\u002F\u002Fgithub.com\u002Fallogn\u002Frobustness) |\n| 2020 | **真朋友还是假账号:社交网络中虚假账号的早期检测** | 防御 | 欺诈检测 | 基于图的欺诈检测器 | WWW 2020 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2004.04834) | |\n| 2020 | **用于多关系和鲁棒学习的张量图卷积网络** | 防御 | 节点分类 | 图卷积网络 | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2003.07729) | |\n| 2020 | **为了社会公益的对手:通过联合对抗攻击保护家庭隐私** | 防御 | 节点分类 | 隐私保护 | AAAI 2020 | [链接](https:\u002F\u002Fojs.aaai.org\u002F\u002Findex.php\u002FAAAI\u002Farticle\u002Fview\u002F6791) | |\n| 2020 | **通过对抗PAC-贝叶斯学习提升Wasserstein嵌入的鲁棒性** | 防御 | 鲁棒性认证 | Wasserstein嵌入 | AAAI 2020 | [链接](http:\u002F\u002Fstaff.ustc.edu.cn\u002F~hexn\u002Fpapers\u002Faaai20-adversarial-embedding.pdf) | |\n| 2020 | **网络中意见动态的对抗扰动** | 防御 | 操纵意见 | 图模型 | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2003.07010) | |\n| 2020 | **拓扑效应对顶点分类攻击的影响** | 防御 | 节点分类 | 图卷积网络 | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2003.05822) | |\n| 2020 | **迈向高效通用的图神经网络鲁棒训练框架** | 防御 | 节点分类 | 图卷积网络 | ICASSP 2020 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2002.10947) | |\n| 2020 | **利用随机平滑对社区检测进行对抗性结构扰动下的鲁棒性认证** | 防御 | 社区检测 | 社区检测算法 | WWW 2020 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F2002.03421) | |\n| 2020 | **图卷积矩阵补全中的数据中毒攻击** | 防御 | 推荐系统 | GCMC | ICA3PP 2019 | [链接](https:\u002F\u002Flink.springer.com\u002Fchapter\u002F10.1007\u002F978-3-030-38961-1_38) | |\n\n### 2019年防御相关论文 [[返回顶部](#graph-adversarial-learning-literature)]\n\n| 年份 | 标题 | 类型 | 目标任务 | 目标模型 | 会议\u002F期刊 | 论文 | 代码 |\n| ---- | ------------------------------------------------------------ | ------- | ----------------------------------- | ------------------------- | ----------------- | ------------------------------------------------------------ | ------------------------------------------------------------ |\n| 2019 | **图神经网络对结构噪声有多鲁棒?** | 防御 | 节点结构身份预测 | GIN | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F1912.10206) | |\n| 2019 | **GraphDefense:迈向鲁棒的图卷积网络** | 防御 | 节点分类 | GCN | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F1911.04429) | |\n| 2019 | **你只需要低(秩):防御针对图的对抗攻击** | 防御 | 节点分类 | GCN、张量嵌入 | WSDM 2020 | [链接](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002Fabs\u002F10.1145\u002F3336191.3371789) | [链接](https:\u002F\u002Fgithub.com\u002FDSE-MSU\u002FDeepRobust) |\n| 2019 | **αCyber:增强基于异质图模型的安卓恶意软件检测系统对抗对抗攻击的鲁棒性** | 防御 | 恶意软件检测 | HIN | CIKM 2019 | [链接](https:\u002F\u002Fdl.acm.org\u002Fcitation.cfm?id=3357875) | |\n| 2019 | **用于鲁棒自适应图卷积网络的边抖动** | 防御 | 节点分类 | GCN | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F1910.09590) | |\n| 2019 | **GraphSAC:检测大规模图中的异常** | 防御 | 异常检测 | 异常检测算法 | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F1910.09589) | |\n| 2019 | **图扰动下的可认证鲁棒性** | 防御 | 鲁棒性认证 | GNN | NeurIPS 2019 | [链接](https:\u002F\u002Fpapers.nips.cc\u002Fpaper\u002F9041-certifiable-robustness-to-graph-perturbations.pdf) | [链接](https:\u002F\u002Fgithub.com\u002Fabojchevski\u002Fgraph_cert) |\n| 2019 | **火力全开!基于图幂运算的鲁棒图卷积网络** | 防御 | 节点分类 | GCN | Openreview | [链接](https:\u002F\u002Fopenreview.net\u002Fpdf?id=BkxDxJHFDr) | [链接](https:\u002F\u002Fwww.dropbox.com\u002Fsh\u002Fp36pzx1ock2iamo\u002FAABEr7FtM5nqwC4i9nICLIsta?dl=0) |\n| 2019 | **基于相似度的链路预测的对抗鲁棒性** | 防御 | 链路预测 | 局部相似度度量 | ICDM 2019 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F1909.01432) | |\n| 2019 | **网络嵌入的对抗训练方法** | 防御 | 节点分类 | DeepWalk | WWW 2019 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F1908.11514) | [链接](https:\u002F\u002Fgithub.com\u002Fwonniu\u002FAdvT4NE_WWW2019) |\n| 2019 | **针对中毒攻击的图神经网络鲁棒性迁移** | 防御 | 节点分类 | GNN | WSDM 2020 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F1908.07558) | [链接](https:\u002F\u002Fgithub.com\u002Ftangxianfeng\u002FPA-GNN) |\n| 2019 | **提升顶点分类对抗攻击的鲁棒性** | 防御 | 节点分类 | GCN | KDD Workshop 2019 | [链接](http:\u002F\u002Feliassi.org\u002Fpapers\u002Fbenmiller-mlg2019.pdf) | |\n| 2019 | **通过进化扰动防御基于链路预测的攻击** | 防御 | 链路预测 | 链路预测算法 | TKDE | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F1809.05912) | |\n| 2019 | **图卷积网络的潜在对抗训练** | 防御 | 节点分类 | GCN | LRGSD@ICML | [链接](https:\u002F\u002Fgraphreason.github.io\u002Fpapers\u002F35.pdf) | |\n| 2019 | **图卷积网络的可认证鲁棒性和鲁棒性训练** | 防御 | 鲁棒性认证 | GCN | KDD 2019 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F1906.12269) | [链接](https:\u002F\u002Fgithub.com\u002Fdanielzuegner\u002Frobust-gcn) |\n| 2019 | **图神经网络的拓扑攻击与防御:优化视角** | 防御 | 节点分类 | GNN | IJCAI 2019 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F1906.04214) | [链接](https:\u002F\u002Fgithub.com\u002FKaidiXu\u002FGCN_ADV_Train) |\n| 2019 | **图数据上的对抗样本:深入理解攻击与防御** | 防御 | 节点分类 | GCN | IJCAI 2019 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F1903.01610) | [链接](https:\u002F\u002Fgithub.com\u002FDSE-MSU\u002FDeepRobust) |\n| 2019 | **图神经网络的对抗防御框架** | 防御 | 节点分类 | GCN、GraphSAGE | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F1905.03679) | |\n| 2019 | **通过对抗性修改探究链路预测的鲁棒性和可解释性** | 防御 | 链路预测 | 知识图嵌入 | NAACL 2019 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F1905.00563) | |\n| 2019 | **抵御对抗攻击的鲁棒图卷积网络** | 防御 | 节点分类 | GCN | KDD 2019 | [链接](http:\u002F\u002Fpengcui.thumedialab.com\u002Fpapers\u002FRGCN.pdf) | [链接](https:\u002F\u002Fgithub.com\u002FDSE-MSU\u002FDeepRobust) |\n| 2019 | **能否防御对抗性网络攻击?** | 防御 | 节点分类 | GNN | Arxiv | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F1903.05994) | |\n| 2019 | **图卷积网络节点分类中的虚拟对抗训练** | 防御 | 节点分类 | GCN | PRCV 2019 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F1902.11045) | |\n| 2019 | **图卷积网络的批量虚拟对抗训练** | 防御 | 节点分类 | GCN | LRGSD@ICML | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F1902.09192) | |\n| 2019 | **比较并检测图深度学习中的对抗攻击** | 防御 | 节点分类 | GCN、GAT、Nettack | RLGM@ICLR 2019 | [链接](https:\u002F\u002Frlgm.github.io\u002Fpapers\u002F57.pdf) | |\n| 2019 | **图对抗训练:基于图结构的动态正则化** | 防御 | 节点分类 | GCN | TKDE | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F1902.08226) | [链接](https:\u002F\u002Fgithub.com\u002Ffulifeng\u002FGraphAT) |\n\n### 防御相关论文 2018 年 [[返回顶部](#图神经网络对抗学习文献)]\n\n| 年份 | 标题 | 类型 | 目标任务 | 目标模型 | 会议\u002F期刊 | 论文 | 代码 |\n| ---- | ------------------------------------------------------------ | ------- | -------------------- | ------------- | ---------- | -------------------------------------------------- | ---- |\n| 2018 | **针对图神经网络的恶意边特征分析** | 防御 | 检测添加的边 | 图神经网络、图卷积网络 | OpenReview | [链接](https:\u002F\u002Fopenreview.net\u002Fforum?id=HJxdAoCcYX) | |\n| 2018 | **PeerNets:利用同伴智慧抵御对抗攻击** | 防御 | 图像分类 | LeNet、ResNet | ICLR 2019 | [链接](https:\u002F\u002Farxiv.org\u002Fabs\u002F1806.00088) | |","# graph-adversarial-learning-literature 快速上手指南\n\n`graph-adversarial-learning-literature` 并非一个可安装的软件库或框架,而是一个**精选的学术论文与代码资源清单**。它汇集了图结构数据上的对抗攻击(Adversarial Attacks)与防御(Defenses)相关的前沿研究。\n\n本指南旨在帮助开发者高效利用该仓库进行文献调研和代码复现。\n\n## 环境准备\n\n由于本仓库主要提供论文列表和对应的项目链接,无需安装特定的 Python 包即可浏览内容。但为了运行列表中链接到的具体算法代码,建议准备以下基础环境:\n\n* **操作系统**:Linux, macOS 或 Windows (推荐 Linux)\n* **版本控制**:Git (用于克隆仓库)\n* **浏览器**:现代浏览器(用于在线检索和阅读)\n* **开发环境(可选)**:若需复现论文代码,通常需要具备以下依赖:\n * Python 3.8+\n * PyTorch 或 TensorFlow\n * DGL 或 PyG (PyTorch Geometric)\n\n## 安装步骤\n\n你只需要克隆该 GitHub 仓库到本地,即可在离线状态下浏览完整的论文列表。\n\n```bash\ngit clone https:\u002F\u002Fgithub.com\u002FChandlerBang\u002Fgraph-adversarial-learning-literature.git\ncd graph-adversarial-learning-literature\n```\n\n*注:国内用户若遇到克隆速度慢的问题,可使用 Gitee 镜像(如有)或通过代理加速,或直接访问网页版查看。*\n\n## 基本使用\n\n### 1. 在线检索与筛选\n最直接的使用方式是访问仓库的 README 页面。利用浏览器的页面搜索功能(快捷键 `Ctrl + F` 或 `Cmd + F`),输入关键词快速定位相关论文。\n\n支持的搜索维度包括:\n* **会议名称**:例如 `NeurIPS`, `ICLR`, `CVPR`, `WWW`\n* **任务类型**:例如 `Node Classification` (节点分类), `Link Prediction` (链接预测), `Fake News Detection` (假新闻检测)\n* **模型名称**:例如 `GCN`, `GAT`, `DeepWalk`, `GraphSAGE`\n* **方法特性**:例如 `Robust`, `Backdoor`, `Poisoning`\n\n**示例**:\n若想查找针对 `GCN` 模型的 `2023` 年攻击论文,可在页面搜索 `2023` 定位年份区块,再搜索 `GCN` 即可找到如 *Revisiting Robustness in Graph Machine Learning* 等条目。\n\n### 2. 获取论文与代码\n每个条目均包含详细的元数据表格,直接点击对应的链接即可获取资源:\n\n| 字段 | 说明 | 操作 |\n| :--- | :--- | :--- |\n| **Paper** | 论文原文链接 | 点击 `[Link]` 跳转至 arXiv、IEEE 或 Springer 下载 PDF |\n| **Code** | 开源代码实现 | 点击 `[Link]` 跳转至 GitHub 仓库 |\n\n**复现代码示例**:\n假设你找到了 *Unnoticeable Backdoor Attacks on Graph Neural Networks (UGBA)* 这篇论文,其代码链接指向 `https:\u002F\u002Fgithub.com\u002Fventr1c\u002FUGBA`。请按以下步骤复现:\n\n```bash\n# 1. 进入该具体论文的代码仓库\ngit clone https:\u002F\u002Fgithub.com\u002Fventr1c\u002FUGBA.git\ncd UGBA\n\n# 2. 安装该特定项目所需的依赖 (参考该项目自身的 requirements.txt)\npip install -r requirements.txt\n\n# 3. 运行示例脚本 (具体命令需参考该项目 README)\npython main.py --attack ugba --dataset cora\n```\n\n### 3. 按年份浏览\n仓库已将论文按 **Attack (攻击)** 和 **Defense (防御)** 分类,并细分为不同年份(2017-2023+)。\n* 点击 README 中的 **Quick Links** 部分,可直接跳转到指定年份的论文列表。\n* 列表默认按上传日期倒序排列,确保你能第一时间看到最新研究成果。\n\n### 4. 引用综述\n若该资源对你的研究有帮助,建议在论文中引用其配套的综述文章:\n\n```bibtex\n@article{sun2022adversarial,\n title={Adversarial attack and defense on graph data: A survey},\n author={Sun, Lichao and Dou, Yingtong and Yang, Carl and Zhang, Kai and Wang, Ji and Philip, S Yu and He, Lifang and Li, Bo},\n journal={IEEE Transactions on Knowledge and Data Engineering},\n year={2022},\n publisher={IEEE}\n}\n```","某金融科技公司安全团队正在研发基于图神经网络(GNN)的反欺诈系统,急需评估模型在面对恶意攻击时的鲁棒性。\n\n### 没有 graph-adversarial-learning-literature 时\n- **文献检索如大海捞针**:研究人员需在 Google Scholar 或 ArXiv 上手动组合\"Graph\"、\"Adversarial\"、\"Defense\"等关键词,耗时数天仍难以覆盖最新成果,极易遗漏关键论文。\n- **缺乏系统化分类**:找到的论文杂乱无章,难以快速区分哪些是针对“节点分类”的攻击,哪些是专门防御“链接预测”任务的方法,整理成本极高。\n- **复现门槛高**:许多论文未明确标注是否有开源代码,团队常花费大量时间阅读全文后才发现无法复现,严重拖慢实验进度。\n- **技术视野受限**:由于缺乏按年份和会议(如 NeurIPS, ICLR)排序的清单,团队难以把握该领域的最新演进趋势,可能导致技术方案选型过时。\n\n### 使用 graph-adversarial-learning-literature 后\n- **一站式精准获取**:团队直接利用其按年份排序的清单,几分钟内即可锁定 2023 年最新的“不可察觉后门攻击”等前沿论文,调研效率提升十倍。\n- **维度清晰的结构化索引**:通过表格中明确的“目标任务”和“目标模型”列,迅速筛选出针对 GCN 和 GAT 模型在反欺诈场景下的特定攻击与防御方案。\n- **代码资源直达**:每篇条目均附带 Code 链接,工程师可直接跳转 GitHub 仓库验证算法,大幅缩短了从理论到原型系统的开发周期。\n- **紧跟学术前沿**:借助持续更新的列表和顶会标签,团队能即时掌握如 ICLR'23 上的最新鲁棒性研究成果,确保系统防御策略始终处于行业领先地位。\n\ngraph-adversarial-learning-literature 将原本分散杂乱的学术资源转化为结构化的知识图谱,让图安全领域的研发工作从“盲目摸索”转变为“有的放矢”。","https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fsafe-graph_graph-adversarial-learning-literature_6d25955a.png","safe-graph","SafeGraph","https:\u002F\u002Foss.gittoolsai.com\u002Favatars\u002Fsafe-graph_f8c42abc.png","Towards Secure Machine Learning on Graph Data",null,"bdscsafegraph@gmail.com","https:\u002F\u002Fbdsc.lab.uic.edu\u002FNSF1930941.html","https:\u002F\u002Fgithub.com\u002Fsafe-graph",864,133,"2026-04-11T11:59:46",1,"","未说明",{"notes":88,"python":86,"dependencies":89},"该项目是一个文献综述列表(Awesome List),用于整理图对抗学习领域的论文,本身不是一个可执行的软件工具或代码库,因此没有特定的运行环境、依赖库或硬件需求。用户仅需通过网页搜索或查看表格来获取论文链接和对应的代码仓库地址。",[],[14,16],[92,93,94,95,96,97,98,99,100,101,102,103],"machine-learning","graph-algorithms","adversarial-machine-learning","data-mining","awesome-list","literature-review","deep-learning","security","graph-attack","adversarial-attacks","survey","graph-data","2026-03-27T02:49:30.150509","2026-04-13T07:03:28.159064",[107,112,117,122,127,132],{"id":108,"question_zh":109,"answer_zh":110,"source_url":111},31462,"如何向该文献列表中添加新的论文?","目前该仓库不再积极维护。如果您希望添加新论文,请自行创建拉取请求(Pull Request)进行提交,而无需再开设 Issue 等待维护者添加。","https:\u002F\u002Fgithub.com\u002Fsafe-graph\u002Fgraph-adversarial-learning-literature\u002Fissues\u002F23",{"id":113,"question_zh":114,"answer_zh":115,"source_url":116},31463,"如何将此仓库添加到 Awesome 系列列表中并展示徽章?","您可以重命名您的仓库并复用以下 Awesome 模板代码来添加徽章:\n\u003Cdiv align=\"center\">\n \u003Ch1>Awesome Awesome Machine Learning\u003C\u002Fh1>\n \u003Ca href=\"https:\u002F\u002Fawesome.re\">\u003Cimg src=\"https:\u002F\u002Fawesome.re\u002Fbadge.svg\"\u002F>\u003C\u002Fa>\n\u003C\u002Fdiv>","https:\u002F\u002Fgithub.com\u002Fsafe-graph\u002Fgraph-adversarial-learning-literature\u002Fissues\u002F24",{"id":118,"question_zh":119,"answer_zh":120,"source_url":121},31464,"某篇论文同时支持节点分类和图分类任务,如何在列表中标注?","为了与其他认证类论文保持统一格式,应将此类论文的分类标签更新为“鲁棒性认证”(Robustness Certification),以涵盖其支持的多种任务场景。","https:\u002F\u002Fgithub.com\u002Fsafe-graph\u002Fgraph-adversarial-learning-literature\u002Fissues\u002F4",{"id":123,"question_zh":124,"answer_zh":125,"source_url":126},31465,"提交的论文多久会被添加到列表中?","在仓库活跃维护期间,维护者通常会在收到请求后的一周内进行更新并将论文加入列表。","https:\u002F\u002Fgithub.com\u002Fsafe-graph\u002Fgraph-adversarial-learning-literature\u002Fissues\u002F11",{"id":128,"question_zh":129,"answer_zh":130,"source_url":131},31466,"如果发现列表中的格式出现错误怎么办?","您可以直接通过 Issue 报告格式错误(例如某年份的防御论文列表格式错乱),维护者在确认后会立即修复并恢复正确的显示格式。","https:\u002F\u002Fgithub.com\u002Fsafe-graph\u002Fgraph-adversarial-learning-literature\u002Fissues\u002F12",{"id":133,"question_zh":134,"answer_zh":135,"source_url":136},31467,"哪些类型的论文适合被收录到这个列表中?","该列表主要收录与图对抗学习相关的文献,包括图后门攻击(Graph Backdoor Attack)、通过保持非欧几里得拓扑优化代理模型的研究、图重构攻击及其防御、以及针对双边边噪声的鲁棒链接预测等方向的论文。","https:\u002F\u002Fgithub.com\u002Fsafe-graph\u002Fgraph-adversarial-learning-literature\u002Fissues\u002F18",[]]