Graph Adversarial Defense via Hilbert-Schmidt Independence Criterion against Influence Maximization Attacks

Graph Neural Networks (GNNs) demonstrate promising performance in data mining yet exhibit inherent vulnerabilities to adversarial attacks. Even imperceptible perturbations degrade model performance, seriously hindering the application of GNNs in reality. In recent years, adversarial defense methods based on model architecture have gained attention for their effectiveness. However, they exhibit limited effectiveness against emerging black-box influence maximization attacks (IMAs), which aim to maximize the spread of feature perturbations through a group of influential nodes. This may leave a potential risk in real-world applications. To address this issue, we propose a Graph Adversarial Defense method based on the Hilbert-Schmidt Independence Criterion (HSIC-GAD). Specifically, the proposed method leverages hidden representations to capture the dependence between preprocessed node features and label information. On this basis, we design a regularizer that simultaneously preserves the most relevant information for downstream tasks while filtering out adversarial perturbations from the input data. A simple theoretical analysis shows that the HSIC regularizer can reduce the sensitivity of the model to adversarial inputs. Additionally, it exhibits strong universality, consistently enhancing the adversarial robustness of diverse models. Extensive experiments on real-world datasets demonstrate that HSIC-GAD outperforms state-of-the-art defense methods against IMAs.