ERGCN: Data enhancement-based robust graph convolutional network against adversarial attacks

With recent advancements, graph neural networks (GNNs) have shown considerable potential for various graph-related tasks, and their applications have gained considerable attention. However, adversarial attacks can significantly degrade the performance of GNNs, hindering their deployment in critical real-world tasks. GNNs must be robust against adversarial attacks, in which imperceptible adversarial perturbations are introduced to induce serious security issues. To achieve this goal, we propose a robust graph convolutional network, ERGCN, for node classification via data enhancement. ERGCN simultaneously utilizes properties from the “data domain” and “model space” as guidance. Based on the feature smoothness assumption, a graph structure enhancement (GSE) mechanism is proposed to improve the structural reliability of input graphs. Moreover, inspired by self-training methods that assign pseudo-labels to unlabeled training samples and use them to optimize the target model iteratively, a reliable node selection metric, model boundary distance (MBD), is defined based on the distance from training samples to model decision boundary. Finally, a self-training-based robust graph convolutional network is proposed for node classification. Extensive experiments on three public datasets demonstrate the superiority of our model over existing state-of-the-art methods. Our study provides a solution for trustworthy graph machine learning systems in adversarial environments. The code is available at .