Conformalized Adversarial Attack Detection for Graph
 Neural Networks

Sofiane Ennadir; Amr Alkhatib; Henrik Bostrom; Michalis Vazirgiannis

Conformalized Adversarial Attack Detection for Graph Neural Networks

Sofiane Ennadir, Amr Alkhatib, Henrik Bostrom, Michalis Vazirgiannis

Proceedings of the Twelfth Symposium on Conformal and Probabilistic Prediction with Applications, PMLR 204:311-323, 2023.

Abstract

Graph Neural Networks (GNNs) have achieved remarkable performance on diverse graph representation learning tasks. However, recent studies have unveiled their susceptibility to adversarial attacks, leading to the development of various defense techniques to enhance their robustness. In this work, instead of improving the robustness, we propose a framework to detect adversarial attacks and provide an adversarial certainty score in the prediction. Our framework evaluates whether an input graph significantly deviates from the original data and provides a well-calibrated p-value based on this score through the conformal paradigm, therby controlling the false alarm rate. We demonstrate the effectiveness of our approach on various benchmark datasets. Although we focus on graph classification, the proposed framework can be readily adapted for other graph-related tasks, such as node classification.

Cite this Paper

BibTeX


@InProceedings{pmlr-v204-ennadir23a,
  title = 	 {Conformalized Adversarial Attack Detection for Graph
 Neural Networks},
  author =       {Ennadir, Sofiane and Alkhatib, Amr and Bostrom, Henrik and Vazirgiannis, Michalis},
  booktitle = 	 {Proceedings of the Twelfth Symposium on Conformal
 and Probabilistic Prediction with Applications},
  pages = 	 {311--323},
  year = 	 {2023},
  editor = 	 {Papadopoulos, Harris and Nguyen, Khuong An and Boström, Henrik and Carlsson, Lars},
  volume = 	 {204},
  series = 	 {Proceedings of Machine Learning Research},
  month = 	 {13--15 Sep},
  publisher =    {PMLR},
  pdf = 	 {https://proceedings.mlr.press/v204/ennadir23a/ennadir23a.pdf},
  url = 	 {https://proceedings.mlr.press/v204/ennadir23a.html},
  abstract = 	 {Graph Neural Networks (GNNs) have achieved
 remarkable performance on diverse graph
 representation learning tasks. However, recent
 studies have unveiled their susceptibility to
 adversarial attacks, leading to the development of
 various defense techniques to enhance their
 robustness. In this work, instead of improving the
 robustness, we propose a framework to detect
 adversarial attacks and provide an adversarial
 certainty score in the prediction.  Our framework
 evaluates whether an input graph significantly
 deviates from the original data and provides a
 well-calibrated p-value based on this score through
 the conformal paradigm, therby controlling the false
 alarm rate. We demonstrate the effectiveness of our
 approach on various benchmark datasets. Although we
 focus on graph classification, the proposed
 framework can be readily adapted for other
 graph-related tasks, such as node classification.}
}

Endnote

%0 Conference Paper
%T Conformalized Adversarial Attack Detection for Graph
 Neural Networks
%A Sofiane Ennadir
%A Amr Alkhatib
%A Henrik Bostrom
%A Michalis Vazirgiannis
%B Proceedings of the Twelfth Symposium on Conformal
 and Probabilistic Prediction with Applications
%C Proceedings of Machine Learning Research
%D 2023
%E Harris Papadopoulos
%E Khuong An Nguyen
%E Henrik Boström
%E Lars Carlsson	
%F pmlr-v204-ennadir23a
%I PMLR
%P 311--323
%U https://proceedings.mlr.press/v204/ennadir23a.html
%V 204
%X Graph Neural Networks (GNNs) have achieved
 remarkable performance on diverse graph
 representation learning tasks. However, recent
 studies have unveiled their susceptibility to
 adversarial attacks, leading to the development of
 various defense techniques to enhance their
 robustness. In this work, instead of improving the
 robustness, we propose a framework to detect
 adversarial attacks and provide an adversarial
 certainty score in the prediction.  Our framework
 evaluates whether an input graph significantly
 deviates from the original data and provides a
 well-calibrated p-value based on this score through
 the conformal paradigm, therby controlling the false
 alarm rate. We demonstrate the effectiveness of our
 approach on various benchmark datasets. Although we
 focus on graph classification, the proposed
 framework can be readily adapted for other
 graph-related tasks, such as node classification.

APA


Ennadir, S., Alkhatib, A., Bostrom, H. & Vazirgiannis, M.. (2023). Conformalized Adversarial Attack Detection for Graph
 Neural Networks. Proceedings of the Twelfth Symposium on Conformal
 and Probabilistic Prediction with Applications, in Proceedings of Machine Learning Research 204:311-323 Available from https://proceedings.mlr.press/v204/ennadir23a.html.

Related Material

Download PDF