Graph convolutional neural networks (GCNs) are powerful tools for learning graph-based knowledge representations from training data. However, they are vulnerable to small perturbations in the input graph, which makes them susceptible to input faults or adversarial attacks. This poses a significant problem for GCNs intended to be used in critical applications, which need to provide certifiably robust services even in the presence of adversarial perturbations. We propose an improved GCN robustness certification technique for node classification in the presence of node feature perturbations. We introduce a novel polyhedra-based abstract interpretation approach to tackle specific challenges of graph data and provide tight upper and lower bounds for the robustness of the GCN. Experiments show that our approach simultaneously improves the tightness of robustness bounds as well as the runtime performance of certification. Moreover, our method can be used during training to further improve the robustness of GCNs.

翻译：图卷积神经网络是从训练数据中学习图结构知识表示的强大工具。然而，它们对输入图中的微小扰动非常敏感，这使其易受输入故障或对抗攻击的影响。这对计划用于关键应用的图卷积网络构成了重大问题——这类网络即使在存在对抗扰动的情况下也需提供可认证的鲁棒服务。我们针对节点特征扰动下的节点分类任务，提出了一种改进的图卷积网络鲁棒性认证技术。通过引入新颖的基于多面体的抽象解释方法，我们解决了图数据的特殊挑战，并给出了图卷积网络鲁棒性的紧致上下界。实验表明，本方法在提升鲁棒性界紧致性的同时，显著改善了认证的运行时性能。此外，该方法还可用于训练阶段，以进一步提高图卷积网络的鲁棒性。