DeepInsight: Topology Changes Assisting Detection of Adversarial Samples on Graphs

With the rapid development of artificial intelligence, a number of machine learning algorithms, such as graph neural networks (GNNs), have been proposed to facilitate network analysis or graph data mining. Although effective, recent studies show that these advanced methods may suffer from adversarial attacks, i.e., they may lose effectiveness when only a small fraction of links are unexpectedly changed. This article investigates three well-known adversarial attack methods, i.e., Nettack, Meta Attack, and GradArgmax. It is found that different attack methods have their specific attack preferences on changing the target network structures. Such attack patterns are further verified by experimental results on some real-world networks, revealing that, generally, the top-4 most important network attributes on detecting adversarial samples suffice to explain the preference of an attack method. Based on these findings, the network attributes are utilized to design machine learning models for adversarial sample detection and attack method recognition with outstanding performance.