Are LLM-Enhanced Graph Neural Networks Robust against Poisoning Attacks?
arXiv:2603.26105v1 Announce Type: new Abstract: Large Language Models (LLMs) have advanced Graph Neural Networks (GNNs) by enriching node representations with semantic features, giving rise to LLM-enhanced GNNs that achieve notable performance gains. However, the robustness of these models against poisoning attacks, which manipulate both graph structures and textual attributes during training, remains unexplored. To bridge this gap, we propose a robustness assessment framework that systematically evaluates LLM-enhanced GNNs under poisoning attacks. Our framework enables comprehensive evaluatio — Yuhang Ma, Jie Wang, Zheng Yan
View PDF HTML (experimental)
Abstract:Large Language Models (LLMs) have advanced Graph Neural Networks (GNNs) by enriching node representations with semantic features, giving rise to LLM-enhanced GNNs that achieve notable performance gains. However, the robustness of these models against poisoning attacks, which manipulate both graph structures and textual attributes during training, remains unexplored. To bridge this gap, we propose a robustness assessment framework that systematically evaluates LLM-enhanced GNNs under poisoning attacks. Our framework enables comprehensive evaluation across multiple dimensions. Specifically, we assess 24 victim models by combining eight LLM- or Language Model (LM)-based feature enhancers with three representative GNN backbones. To ensure diversity in attack coverage, we incorporate six structural poisoning attacks (both targeted and non-targeted) and three textual poisoning attacks operating at the character, word, and sentence levels. Furthermore, we employ four real-world datasets, including one released after the emergence of LLMs, to avoid potential ground truth leakage during LLM pretraining, thereby ensuring fair evaluation. Extensive experiments show that LLM-enhanced GNNs exhibit significantly higher accuracy and lower Relative Drop in Accuracy (RDA) than a shallow embedding-based baseline across various attack settings. Our in-depth analysis identifies key factors that contribute to this robustness, such as the effective encoding of structural and label information in node representations. Based on these insights, we outline future research directions from both offensive and defensive perspectives, and propose a new combined attack along with a graph purification defense. To support future research, we release the source code of our framework at~\url{this https URL}.
Comments: To appear at 2026 IEEE Symposium on Security and Privacy (SP)
Subjects:
Machine Learning (cs.LG)
Cite as: arXiv:2603.26105 [cs.LG]
(or arXiv:2603.26105v1 [cs.LG] for this version)
https://doi.org/10.48550/arXiv.2603.26105
arXiv-issued DOI via DataCite (pending registration)
Submission history
From: Jie Wang [view email] [v1] Fri, 27 Mar 2026 06:28:25 UTC (6,782 KB)
Sign in to highlight and annotate this article
Conversation starters
Daily AI Digest
Get the top 5 AI stories delivered to your inbox every morning.
More about
researchpaperarxiv
Exclusive | Caltech Researchers Claim Radical Compression of High-Fidelity AI Models - wsj.com
<a href="https://news.google.com/rss/articles/CBMiuANBVV95cUxPTU4tZnRTaG1rUGQ4a3l6RXdVczBjYkhlVkFTaU9BREZmY3MxMkFtcXJGckJfTDB0dndpSHVYR1JqeEdfV3VwRGRQcGtZQk5fbF9PVkhxS1pDX0wtSXdYOGVOOWZ4cEhkNTJxSFdhQ3FRdjJrSlppOFJrRHd2bUFyZDdCd193U1Q3cmFFMkNWUFh6Wmx1ZjhnRmRDaE1QVFZQeVJCb3JyYWVCbDlJY1QwcG42NS1leXRnamZGd1dXRUlUV2RybGZScGtBc1I2TDFHY0FXeW9ORV9lVzE3cWpvemlNcE0wVjVSRVd4SkJEUnlPc3VWNjB2Y2pnaGFEOGl4V28zamNEVEtsRDROMGhEbGpzc2djelJVZ2lGUjNRNGprZ0p2SWhRTnE2UVRHSW8yX3k3Zm1BcWg4NjJheGw0S0U3ZmNKeXFaRmYwSGtERFRnYzU2QUJhUElCcHFicWV5YlRGRGtHbzB6ZURRdnpaTHFDOHYtbkNQS3NTZzNwNXNJQkk5SS05N3g0bWVaN2hnVi1KLTFtMVZnZUZlN05NMTY5dGZBdmxaSVdXUXg5NEhmT0ZUYkdmcQ?oc=5" target="_blank">Exclusive | Caltech Researchers Claim Radical Compression of High-Fidelity AI Models</a> <font color="#6f6f6f">wsj.com</font>
Former Baidu President on AI Tokenization in China
The former President of Baidu says AI tokenization is exploding in China, far beyond what OpenClaw illustrated earlier this year. Zhang Yaqin, who runs China's Institute of AI Industry Research at Beijing's Tsinghua University speaks to Bloomberg's Chief North Asia Correspondent Stephen Engle in Beijing. (Source: Bloomberg)
Uganda To Host Climate Change, Artificial Intelligence Summit, Sept 5-6 - Independent Newspaper Nigeria
<a href="https://news.google.com/rss/articles/CBMimAFBVV95cUxNcnBtdldJUERlX0dzOTJEY2sybEc2ZjZSbUtiLWIzUUhJbkQ1N3BwUWlCcV95YmZNSmFGbFQ1enE5VWJlY0JBWDhlSENlNEFNMmM5Q0hrM080V3Q2eUF3cmpkeFBXRS01YXBpRUI4Uk5KOVY5bjFaRm1GNmVudGUtNTFmVDlBMDIyNGVGaF9WTkdHTDMxY1BZcw?oc=5" target="_blank">Uganda To Host Climate Change, Artificial Intelligence Summit, Sept 5-6</a> <font color="#6f6f6f">Independent Newspaper Nigeria</font>
Knowledge Map
Connected Articles — Knowledge Graph
This article is connected to other articles through shared AI topics and tags.
More in Research Papers
AI could transform research assessment — and some academics are worried - Nature
<a href="https://news.google.com/rss/articles/CBMiX0FVX3lxTE12VmJ3THU1WmwzcENmWFJqTVRfclJGVkhzTG9Kcm9mTm1VZnJsV2IyZGwtc21EWnZRSkRfSXM3SDRlOVZnUlhpVm9VUEMtRWRRYmNDVU1kdHg5NllvSERj?oc=5" target="_blank">AI could transform research assessment — and some academics are worried</a> <font color="#6f6f6f">Nature</font>
As AI-Generated Music Advances, Humans Still Lead in Creativity, CMU Research Finds
<p> <img loading="lazy" src="https://www.cmu.edu/news/sites/default/files/styles/listings_desktop_1x_/public/2026-01/251104A_WTM_AI-Creativity-Music102.jpg.webp?itok=uEc2ayOO" width="900" height="508" alt="A woman with long black hair is seated on the right opposite a computer screen with a small piano keyboard and computer keyboard in front of her on a desk, where a man next to her with glasses and wavy black hair operates the mouse and talks to her."> </p> AI can write songs, but still has a way to go before matching the creativity of tunes made by people, according to Carnegie Mellon University research.
Discussion
Sign in to join the discussion
No comments yet — be the first to share your thoughts!