GGrantIndex
← Search

CRII: SaTC: Towards Understanding the Robustness of Graph Neural Networks against Graph Perturbations

$175,000FY2023CSENSF

Illinois Institute Of Technology, Chicago IL

Investigators

Abstract

Learning with graphs, such as social networks, biological networks, and financial networks, has drawn continuous attention recently, wherein graph neural networks (GNNs) have been emerging as the most prominent methodology. However, recent studies show that GNNs are vulnerable to graph perturbation attacks: slightly perturbing the graph structure can make GNN model's performance severely degraded. The lack of robustness of GNNs makes them risky for their potential applications. However, existing studies on GNN attacks and defenses are very limited in scope: the attacks are assumed under less practical scenarios (i.e., the attacker has a full or partial knowledge about the GNN model), while the defenses are either heuristic-based that can be easily broken or their robustness in defense is lacking. This project aims to understand how to perform the graph perturbation attack to fool any GNNs with least/no knowledge about the GNN model. Accordingly, the project designs both restricted and stringent black-box graph perturbation attacks to any GNNs, which are inspired by the influence function and bandit algorithms, respectively. Next, the project aims to understand how to protect any GNNs from the strongest white-box attack with robustness guarantees. To this end, it designs provable defenses for any GNNs against white-box graph perturbation attacks via novel randomized smoothing techniques and designs principled methods to optimize the defense performance. The project’s novelties are to gain a holistic understanding on the robustness of GNNs against graph perturbation attacks, to look into more practicable attacks and lastly to devise a more provable defenses. The project’s broader significance and impact are 1)advancing not only the field of secure and trustworthy machine learning, but also other fields (e.g., social science and economy) where graph data model and graph learning are widely used; 2) developing a new seminar course “Graph Learning in the Adversarial Settings”, and 3)supporting cross-disciplinary research for both undergraduate and graduate students. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

View original record on NSF Award Search →
CRII: SaTC: Towards Understanding the Robustness of Graph Neural Networks against Graph Perturbations · GrantIndex