Pith Number

pith:NP427IBV

pith:2026:NP427IBVLKDIGQ6TSKIEACZ3ZV

not attested not anchored not stored refs resolved

Universal Graph Backdoor Defense: A Feature-based Homophily Perspective

Chen Chen, Fan Li, Mengting Pan, Xiaoyang Wang

Backdoors from any graph attack type reduce local feature similarity between nodes and their neighbors.

arxiv:2605.16815 v1 · 2026-05-16 · cs.CR · cs.LG

Open paper page JSON Open Graph Bundle Merged state Verified badge What is a Pith Number?

Add to your LaTeX paper

\usepackage{pith}
\pithnumber{NP427IBVLKDIGQ6TSKIEACZ3ZV}

Prints a linked badge after your title and injects PDF metadata. Compiles on arXiv. Learn more · Embed verified badge

Record completeness

1 Bitcoin timestamp

2 Internet Archive

3 Author claim open · sign in to claim

4 Citations open

5 Replications open

✓ Portable graph bundle live · download bundle · merged state

The bundle contains the canonical record plus signed events. A mirror can host it anywhere and recompute the same current state with the deterministic merge algorithm.

Claims

C1strongest claim

Regardless of trigger mechanisms, backdoors induced by GBAs exhibit lower feature-based homophily than clean nodes, indicating a discrepancy in local feature similarity that can be leveraged for detection.

C2weakest assumption

The assumption that node-level local feature consistency modeled by a neighbor-aware reconstruction loss can reliably distinguish backdoors from clean nodes without excessive false positives or noise that the robust training cannot mitigate.

C3one line summary

The paper proposes a universal defense against subgraph-based and feature-based graph backdoor attacks on GNNs by exploiting lower feature-based homophily in backdoored nodes via neighbor-aware reconstruction loss and robust training.

References

55 extracted · 55 resolved · 2 Pith anchors

[1] Relational inductive biases, deep learning, and graph networks 2018 · arXiv:1806.01261

[2] Pietro Bongini, Monica Bianchini, and Franco Scarselli. 2021. Molecular gen- erative graph neural networks for drug discovery.Neurocomputing450 (2021), 242–252 2021

[3] Targeted Backdoor Attacks on Deep Learning Systems Using Data Poisoning 2017 · arXiv:1712.05526

[4] Yang Chen, Zhonglin Ye, Haixing Zhao, Ying Wang, and Subrata Kumar Sarker

[5] Feature-Based Graph Backdoor Attack in the Node Classification Task.Int. J. Intell. Syst.2023 (Jan. 2023), 13 pages 2023

Formal links

2 machine-checked theorem links

Receipt and verification

First computed	2026-05-20T00:03:23.948587Z
Builder	pith-number-builder-2026-05-17-v1
Signature	Pith Ed25519 (`pith-v1-2026-05`) · public key
Schema	pith-number/v1.0

Canonical hash

6bf9afa0355a868343d39290400b3bcd4aba6495031ed994324faa90159fc8e5

Aliases

arxiv: 2605.16815 · arxiv_version: 2605.16815v1 · doi: 10.48550/arxiv.2605.16815 · pith_short_12: NP427IBVLKDI · pith_short_16: NP427IBVLKDIGQ6T · pith_short_8: NP427IBV

Agent API

Resolver JSON Graph JSON Events JSON Schema Signing key

Verify this Pith Number yourself

curl -sH 'Accept: application/ld+json' https://pith.science/pith/NP427IBVLKDIGQ6TSKIEACZ3ZV \
  | jq -c '.canonical_record' \
  | python3 -c "import sys,json,hashlib; b=json.dumps(json.loads(sys.stdin.read()), sort_keys=True, separators=(',',':'), ensure_ascii=False).encode(); print(hashlib.sha256(b).hexdigest())"
# expect: 6bf9afa0355a868343d39290400b3bcd4aba6495031ed994324faa90159fc8e5

Canonical record JSON

{
  "metadata": {
    "abstract_canon_sha256": "1817769733c0fbcbf8ece0b86f45e84cd424d0f24fbf2e465514dc87d6b7bce0",
    "cross_cats_sorted": [
      "cs.LG"
    ],
    "license": "http://creativecommons.org/licenses/by/4.0/",
    "primary_cat": "cs.CR",
    "submitted_at": "2026-05-16T05:15:36Z",
    "title_canon_sha256": "f110fecc48bb828ecbe5ae4c517e5a106ad5bfbaed2f091c9c264d159b34ea31"
  },
  "schema_version": "1.0",
  "source": {
    "id": "2605.16815",
    "kind": "arxiv",
    "version": 1
  }
}