Efficient Robustness Certificates for Discrete Data: Sparsity-Aware Randomized Smoothing for Graphs, Images and More

Jul 12, 2020



Understanding the robustness of Graph Neural Networks is crucial since they are widely used, yet highly sensitive to adversarial attacks. However, obtaining theoretical guarantees has been difficult so far due to the discrete and non-i.i.d. nature of graph data. Existing certificates handle either the graph structure or node attributes, but not both, and only work for a small class of models. We propose a randomized smoothing technique that overcomes these issues and furthermore generalizes previous certificates for binary data. Our approach explicitly accounts for sparsity in the input which, as our findings show, is essential for obtaining non-trivial guarantees. Moreover, our certificate is efficient and does not depend on the size of the input (e.g. the graph). We demonstrate the effectiveness of our approach on a wide variety of models, datasets, and tasks.



