Redirecting to original paper in 30 seconds...

Click below to go immediately or wait for automatic redirect

arxiv_ml 95% Match Research Paper GNN researchers,Cybersecurity professionals,Machine learning engineers working with graph data 2 weeks ago

Backdoor or Manipulation? Graph Mixture of Experts Can Defend Against Various Graph Adversarial Attacks

graph-neural-networks › graph-learning
📄 Abstract

Abstract: Extensive research has highlighted the vulnerability of graph neural networks (GNNs) to adversarial attacks, including manipulation, node injection, and the recently emerging threat of backdoor attacks. However, existing defenses typically focus on a single type of attack, lacking a unified approach to simultaneously defend against multiple threats. In this work, we leverage the flexibility of the Mixture of Experts (MoE) architecture to design a scalable and unified framework for defending against backdoor, edge manipulation, and node injection attacks. Specifically, we propose an MI-based logic diversity loss to encourage individual experts to focus on distinct neighborhood structures in their decision processes, thus ensuring a sufficient subset of experts remains unaffected under perturbations in local structures. Moreover, we introduce a robustness-aware router that identifies perturbation patterns and adaptively routes perturbed nodes to corresponding robust experts. Extensive experiments conducted under various adversarial settings demonstrate that our method consistently achieves superior robustness against multiple graph adversarial attacks.
Authors (3)
Yuyuan Feng
Bin Ma
Enyan Dai
Submitted
October 17, 2025
arXiv Category
cs.LG
arXiv PDF

Key Contributions

This paper proposes a unified framework using Mixture of Experts (MoE) to defend Graph Neural Networks (GNNs) against multiple adversarial attacks (backdoor, edge manipulation, node injection). It introduces an MI-based diversity loss to encourage expert specialization and a robustness-aware router to adaptively handle perturbed nodes, ensuring a subset of experts remains unaffected.

Business Value

Enhances the security and reliability of GNNs used in critical applications like fraud detection, network security, and recommendation systems, reducing risks associated with adversarial manipulation.

Paper Metadata

Innovation Type

Architectural Innovation and Algorithmic Improvement

Deployment Feasibility

Moderate to High. MoE architectures can be computationally intensive, but the proposed defense mechanisms are integrated within the GNN framework.

Limitations Addressed

Addresses the limitation of existing defenses that focus on single attack types, providing a unified approach for multiple threats. Also addresses the vulnerability of GNNs to various adversarial attacks.

Performance Gains

Demonstrates improved robustness against various adversarial attacks compared to existing single-attack defense methods.

Technical Tags

Graph Neural Networks (GNNs)Mixture of Experts (MoE)Adversarial AttacksBackdoor AttacksNode InjectionEdge ManipulationRobustnessInformation TheoryRouterExpert Specialization

Research Topics

Graph Neural NetworksAdversarial RobustnessModel SecurityDeep Learning ArchitecturesDefense Mechanisms

Methods & Architectures

Mixture of Experts (MoE)Information-theoretic loss (MI-based)Robustness-aware routerData augmentation (implied for attack generation) Graph Neural Networks (GNNs)Mixture of Experts (MoE)

Applications & Tasks

Cybersecurity Network Analysis Machine Learning Security Adversarial attack defenseModel robustnessUnified defense framework Graph classificationNode classificationLink prediction

Related Fields

Graph Neural NetworksAdversarial Machine LearningNetwork SecurityInformation TheoryDeep Learning Architectures

Keywords

Graph Neural NetworksGNNMixture of ExpertsMoEAdversarial AttacksBackdoor AttacksNode InjectionEdge ManipulationRobustnessDefenseSecurityInformation TheoryRouterGraph Data

Academic Context

#Graph Neural Networks#Adversarial Robustness#Model Security#Deep Learning Architectures#Defense Mechanisms

Commercial Potential

Potential Products
Secure GNN librariesAdversarial attack detection systems for graphs
Target Industries
CybersecurityFinance (fraud detection)Social NetworksE-commerce (recommendation systems)
Use Case Examples
Protecting social network analysis from manipulationSecuring fraud detection systems based on graph dataEnsuring reliability of GNNs in critical infrastructure monitoring
Competitive Edge
Offers a unified defense against multiple attack types, unlike prior work focusing on single threats.

Resource Requirements

Compute Needs
Likely higher than standard GNNs due to MoE architecture, but specific details not provided.
Data Requirements
Requires graph datasets for training and evaluation.
Deployment Constraints
Potential increase in computational cost and model complexity due to MoE.
Scalability
MoE architectures are known for scalability, but the specific implementation's scalability is not detailed.

Production Readiness

Maturity Level

Research

View Full Paper Back to Papers