Certifying the robustness of a graph-based machine learning model poses a critical challenge for safety. Current robustness certificates for graph classifiers guarantee output invariance with respect to the total number of node pair flips (edge addition or edge deletion), which amounts to an $l_{0}$ ball centred on the adjacency matrix. Although theoretically attractive, this type of isotropic structural noise can be too restrictive in practical scenarios where some node pairs are more critical than others in determining the classifier's output. The certificate, in this case, gives a pessimistic depiction of the robustness of the graph model. To tackle this issue, we develop a randomised smoothing method based on adding an anisotropic noise distribution to the input graph structure. We show that our process generates structural-aware certificates for our classifiers, whereby the magnitude of robustness certificates can vary across different pre-defined structures of the graph. We demonstrate the benefits of these certificates in both synthetic and real-world experiments.

翻译：认证基于图的机器学习模型的鲁棒性对安全性构成关键挑战。当前图分类器的鲁棒性认证通过保证输出相对于节点对翻转总数（边添加或边删除）的不变性来实现，这等价于以邻接矩阵为中心的$l_{0}$球。尽管理论上具有吸引力，但在实际场景中，当某些节点对在决定分类器输出时比其他节点对更为关键时，这种各向同性的结构噪声可能过于严格。在此情况下，认证会给出图模型鲁棒性的悲观刻画。为解决此问题，我们开发了一种基于向输入图结构添加各向异性噪声分布的随机平滑方法。我们证明该方法能为分类器生成结构感知认证，其鲁棒性认证的强度可根据图的不同预定义结构而变化。我们通过合成实验和真实实验展示了这些认证的优势。