Enhancing Robustness of Graph Neural Networks Against Evasive Backdoor Attacks
Date
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
As Graph Neural Networks (GNNs) are increasingly applied in critical domains such as financial services, healthcare, and entertainment, ensuring their security against adversarial manipulation has become a key concern. Backdoor attacks pose a significant security risk, as they can introduce subtle vulnerabilities during training that may later compromise model predictions in deployment. This thesis investigates methods for defending against such attacks through rigorous investigations, architectural enhancements, and improvements in model resilience. We started by systematically evaluating the most advanced attacks and defensive strategies on GNNs, showing that while combining several defenses greatly improves overall security against state-of-the-art attacks, no single mechanism now in use offers total safety. We then examine advanced GNN architectures, specifically higher-order graph neural networks (HOGNNs), and demonstrate their inherent suitability for mitigating a range of attacks without the need for additional security layers. Based on these findings, we introduce a novel HOGNN-based model that, inspired by state-of-the-art backdoor defenses, incorporates a built-in defense through a cosine similarity-driven subgraph extraction policy that eliminates semantically inconsistent edges. The proposed method significantly outperforms existing approaches in reducing the effectiveness of backdoor attacks, as confirmed by extensive experimental validation. Building on this foundation, we further enhance the model with an additional built-in defense based on clustering-based outlier detection, which filters anomalous nodes and achieves strong resistance to backdoor attacks while maintaining high accuracy across standard benchmarks. Altogether, this thesis advances both the fundamental understanding and the practical development of GNN architectures that are intrinsically secure and well-suited for reliable deployment in sensitive real-world environments.