Existing techniques for certifying the robustness of models for discrete data either work only for a small class of models or are general at the expense of efficiency or tightness. Moreover, they do not account for sparsity in the input which, as our findings show, is often essential for obtaining non-trivial guarantees. We propose a model-agnostic certificate based on the randomized smoothing framework which subsumes earlier work and is tight, efficient, and sparsity-aware. Its computational complexity does not depend on the number of discrete categories or the dimension of the input (e.g. the graph size), making it highly scalable. We show the effectiveness of our approach on a wide variety of models, datasets, and tasks -- specifically highlighting its use for Graph Neural Networks. So far, obtaining provable guarantees for GNNs has been difficult due to the discrete and non-i.i.d. nature of graph data. Our method can certify any GNN and handles perturbations to both the graph structure and the node attributes.

翻译：现有针对离散数据模型鲁棒性的认证技术，要么仅适用于小范围模型类别，要么以牺牲效率或紧致性为代价实现通用性。更重要的是，这些方法未能考虑输入数据的稀疏性——而我们的研究发现，稀疏性对于获得非平凡保障至关重要。本文提出一种基于随机平滑框架的模型无关认证方法，该方法囊括了先前研究工作，兼具紧致性、高效性与稀疏感知特性。其计算复杂度不依赖于离散类别数量或输入维度（如图规模），因而具备高度可扩展性。我们在涵盖多种模型、数据集和任务的场景中验证了该方法的有效性，特别突出了其在图神经网络中的应用。由于图数据具有离散性与非独立同分布特性，此前为图神经网络提供可证保障一直颇具挑战。我们的方法可认证任意图神经网络，并支持对图结构与节点属性双重扰动的处理。