Adversarial Attacks and Robust Training for Hypergraph Neural Networks

Recent studies show that Hypergraph Neural Networks (HGNNs) are vulnerable to adversarial attacks, while adversarial learning in the context of hypergraphs remains substantially under-investigated. In particular, all existing attacks on HGNNs are white-box and customized for either structural or feature perturbation. But in reality, the attacker might not have access to the target model parameters. Motivated by this knowledge gap, we propose a generic meta-objective-based learning framework, MeLA, that leverages the hypergraph Laplacian to conduct gray-box, structural, and feature perturbations, while ensuring the stealthiness of the attack. In contrast to the attack literature, there is no adversarial training mechanism for HGNNs to defend against such attacks. Hence, we propose a novel adversarial training mechanism for HGNNs to obtain a robust classifier. We further prove the convergence of our robust training. Extensive experiments across various HGNN models and datasets show that (a) our proposed attack is stealthy in poisoning and evasion settings, and (b) our adversarial training enhances defense against adversarial attacks.