Existing graph neural network (GNN) defense methods typically target only a single adversarial threat—such as backdoor attacks, edge perturbations, or node injection—lacking the capability to jointly mitigate multiple, heterogeneous graph attacks. Method: We propose GraphMoE, the first unified defense framework for GNNs, built upon a Mixture-of-Experts (MoE) architecture. It introduces a mutual information–driven logical diversity loss to encourage experts to learn distinct neighborhood representations, and a robustness-aware routing mechanism that dynamically assigns perturbed nodes to the most resilient expert. The entire framework is optimized end-to-end via adversarial training. Contribution/Results: Extensive experiments across diverse attack scenarios demonstrate that GraphMoE significantly outperforms state-of-the-art defenses, achieving both high clean-data classification accuracy and substantially improved robustness against multiple concurrent adversarial threats. To our knowledge, it is the first framework enabling unified, synergistic defense against heterogeneous graph adversarial attacks within a single architecture.

Extensive research has highlighted the vulnerability of graph neural networks (GNNs) to adversarial attacks, including manipulation, node injection, and the recently emerging threat of backdoor attacks. However, existing defenses typically focus on a single type of attack, lacking a unified approach to simultaneously defend against multiple threats. In this work, we leverage the flexibility of the Mixture of Experts (MoE) architecture to design a scalable and unified framework for defending against backdoor, edge manipulation, and node injection attacks. Specifically, we propose an MI-based logic diversity loss to encourage individual experts to focus on distinct neighborhood structures in their decision processes, thus ensuring a sufficient subset of experts remains unaffected under perturbations in local structures. Moreover, we introduce a robustness-aware router that identifies perturbation patterns and adaptively routes perturbed nodes to corresponding robust experts. Extensive experiments conducted under various adversarial settings demonstrate that our method consistently achieves superior robustness against multiple graph adversarial attacks.