Abstract
We explore the problem of protecting information when learning withgraph-structured data. While the advent of Graph Neural Networks (GNNs) hasgreatly improved node and graph representational learning in many applications,the neighborhood aggregation paradigm exposes additional vulnerabilities toattackers seeking to extract node-level information about sensitive attributes.To counter this, we propose a minimax game between the desired GNN encoder andthe worst-case attacker. The resulting adversarial training creates a strongdefense against inference attacks, while only suffering small loss in taskperformance. We analyze the effectiveness of our framework against a worst-caseadversary, and characterize the trade-off between predictive accuracy andadversarial defense. Experiments across multiple datasets from recommendersystems, knowledge graphs and quantum chemistry demonstrate that the proposedapproach provides a robust defense across various graph structures and tasks,while producing competitive GNN encoders.