نوع مقاله : مقاله پژوهشی
نویسندگان
1 دانشجوی کارشناسی ارشد هوش مصنوعی و رباتیکز، دانشکده هوش مصنوعی و علوم شناختی، دانشگاه جامع امام حسین (ع)، تهران، ایران
2 استادیار، دانشکده هوش مصنوعی و علوم شناختی، دانشگاه جامع امام حسین (ع)، تهران، ایران
3 دانشجوی دکتری هوش مصنوعی و رباتیکز، دانشکده هوش مصنوعی و علوم شناختی، دانشگاه جامع امام حسین (ع)، تهران، ایران
چکیده
کلیدواژهها
موضوعات
عنوان مقاله [English]
نویسندگان [English]
The vulnerability of Graph Neural Network (GNN) to adversarial attacks remains a fundamental challenge in the field, limiting their deployment in sensitive and high-risk applications. In this research, we introduce an intelligent defensive framework named Graph Randomization as a Differentiable Shield (GRDS), which addresses this challenge at a reasonable computational cost. The core innovation of our work lies in providing a practical solution that, unlike conventional methods, enhances model robustness without causing a significant drop in accuracy on clean data. The methodology underpinning our framework is built upon a modular shield. Utilizing a multi-objective and intelligent loss function, this shield learns to differentially distinguish between critical and non-critical edges in the graph. Positioned before the Graph Neural Network, it misleads potential attackers by intentionally obfuscating the graph structure. The framework is implemented using PyTorch and the PyTorch Geometric library. Comprehensive evaluations were conducted on standard datasets (Cora, PubMed, and CiteSeer) against various attack methods (gradient based, random, etc.). The extracted results demonstrate that GRDS incurs a negligible cost in accuracy (a decrease of less than 4%) while substantially increasing the model's robustness compared to the baseline model (an improvement of more than 11%). This finding underscores the principle that effective defense through intelligent randomization outperforms blind removal strategies.
کلیدواژهها [English]