Abstract
Graph neural networks (GNNs) have transformed network analysis, leading to state-of-the-art performance across a variety of tasks. Especially, GNNs are increasingly been employed as detection tools in the AIoT environment in various security applications. However, GNNs have also been shown vulnerable to adversarial graph perturbation. We present the first approach for certifying robustness of general GNNs against attacks that add or remove graph edges either at training or prediction time. Extensive experiments demonstrate that our approach significantly outperforms prior art in certified robust predictions. In addition, we show that a non-certified adaptation of our method exhibits significantly better robust accuracy against state-of-the-art attacks that past approaches. Thus, we achieve both the best certified bounds and best practical robustness of GNNs to structural attacks to date.
Original language | English |
---|---|
Pages (from-to) | 13920-13932 |
Number of pages | 13 |
Journal | IEEE Internet of Things Journal |
Volume | 10 |
Issue number | 15 |
DOIs | |
Publication status | Published - 1 Aug 2023 |
Keywords
- Adversarial Artificial-IoT (AIoT)
- certified robustness
- graph neural networks (GNNs)
- poisoning attacks
ASJC Scopus subject areas
- Signal Processing
- Information Systems
- Hardware and Architecture
- Computer Science Applications
- Computer Networks and Communications