Certifying the robustness of a graph-based machine learning model poses a critical challenge for safety. Current robustness certificates for graph classifiers guarantee output invariance with respect to the total number of node pair flips (edge addition or edge deletion), which amounts to an $l_{0}$ ball centred on the adjacency matrix. Although theoretically attractive, this type of isotropic structural noise can be too restrictive in practical scenarios where some node pairs are more critical than others in determining the classifier's output. The certificate, in this case, gives a pessimistic depiction of the robustness of the graph model. To tackle this issue, we develop a randomised smoothing method based on adding an anisotropic noise distribution to the input graph structure. We show that our process generates structural-aware certificates for our classifiers, whereby the magnitude of robustness certificates can vary across different pre-defined structures of the graph. We demonstrate the benefits of these certificates in both synthetic and real-world experiments.

翻译：对基于图的机器学习模型的鲁棒性进行认证，是保障其安全性的关键挑战。当前的图分类器鲁棒性证书保证了输出相对于节点对翻转（边的添加或删除）总数的不变性，这等价于以邻接矩阵为中心的$l_{0}$球。尽管在理论上具有吸引力，但这种各向同性的结构噪声在实际场景中可能过于严格——在某些情况下，节点对在决定分类器输出时的重要性存在差异。此时，该证书会对图模型的鲁棒性做出悲观描述。为解决此问题，我们开发了一种基于向输入图结构添加各向异性噪声分布的随机平滑方法。我们证明，该方法能为分类器生成结构感知的鲁棒性证书——证书的鲁棒性度量可随图中预设的不同结构而变化。通过合成数据与真实世界实验，我们展示了这些证书的优势。