GJDNet: Robust Graph Neural Networks via Joint Disentangled Learning Against Adversarial Attacks

Researchers propose GJDNet, a robust Graph Neural Network defense framework that protects against adversarial attacks by jointly disentangling node representations and decision spaces. The approach addresses vulnerabilities in GNNs caused by adversarial perturbations that invert graph connectivity patterns, achieving improved robustness across different graph types.

Graph Neural Networks face a critical security challenge: adversarial attacks exploit structural vulnerabilities by inverting connectivity patterns in ways that create mismatches between graph topology and node features. This research identifies a fundamental limitation in existing defenses—they either oversimplify neighborhood relationships or use decision classifiers that fail to account for representation shifts caused by perturbations.

The proposed GJDNet framework addresses this through a dual-layer approach. At the representation level, it employs feature-driven soft structural disentanglement with skewness-aware filtering to suppress perturbation-induced mismatches. At the decision level, it introduces a Spherical Decision Boundary mechanism that compresses intra-class representations while maximizing inter-class separation. This dual mechanism stabilizes predictions even when adversarial noise distorts the graph structure.

For the AI and machine learning community, this work has significant implications for deploying GNNs in security-critical applications—recommendation systems, fraud detection, and network analysis all rely on graph-based learning. The theoretical grounding combined with empirical validation across diverse graph assortativity regimes suggests practical applicability. The research demonstrates that robustness isn't simply about defending against specific attack types, but rather about fundamental improvements to how neural networks process and decide on graph-structured data.

Looking forward, the challenge lies in implementation efficiency and scaling to large-scale production systems. The computational overhead of joint disentanglement and spherical boundary enforcement will determine real-world adoption.

• →GJDNet defends GNNs against adversarial attacks by jointly disentangling representations and decision boundaries
• →The framework addresses structure-feature mismatches caused by perturbations that invert graph connectivity patterns
• →Spherical Decision Boundary mechanism improves robustness by enforcing tighter decision regions in embedding space
• →Approach proves effective across diverse graph types with different assortativity characteristics
• →Research provides theoretical analysis validating the disentanglement-based defense mechanism