Robust Heterogeneous Graph Neural Networks against Adversarial Attacks

Heterogeneous Graph Neural Networks (HGNNs) have drawn increasing attention in recent years and achieved outstanding performance many tasks. However, despite their wide use, there is currently no understanding of robustness to adversarial attacks. In this work, we first systematically study the HGNNs show that they can be easily fooled by adding edge between target node large-degree (i.e., hub). Furthermore, two key reasons for such vulnerability HGNNs: one perturbation enlargement effect, i.e., HGNNs, failing encode transiting probability, will enlarge effect hub comparison GCNs, other soft mechanism, mechanism assigns positive values obviously unreliable neighbors. Based on facts, propose a novel robust HGNN framework RoHe against topology attacks equipping an purifier, which prune malicious neighbors based feature. Specifically, eliminate enlargement, introduce metapath-based probability as prior criterion restraining confidence from hub. Then purifier learns mask out with low confidence, thus effectively alleviate negative mechanism. Extensive experiments different benchmark datasets multiple are conducted, where considerable improvement under demonstrate effectiveness generalization ability our defense framework.