Node-aware Bi-smoothing: Certified Robustness against Graph Injection Attacks
Yuni LAI, Yulin ZHU, Bailin PAN, Kai ZHOU
IEEE Symposium on Security and Privacy 2024 · Day 2 · Continental Ballroom 5
This talk, presented at IEEE S&P, delves into a critical vulnerability within Graph Neural Networks (GNNs): **Graph Injection Attacks (GIA)**. The speakers, Yuni LAI, Yulin ZHU, Bailin PAN, and Kai ZHOU, introduce a novel defense mechanism called **Node-aware Bi-smoothing (NBS)**, designed to provide certified robustness against these sophisticated attacks. While much research has focused on defending GNNs against Graph Modification Attacks (GMA)—where existing connections are altered—GIA, which involves injecting entirely new malicious nodes into a graph, has remained largely unaddressed in the realm of certified defenses.
AI review
This research introduces Node-aware Bi-smoothing (NBS), the first certified robust defense against Graph Injection Attacks (GIA) in GNNs. It fills a critical gap, offering a model-agnostic solution for both evasion and poisoning GIAs through a clever bi-smoothing randomization strategy. The technical depth and practical implications for securing critical GNN deployments make this a standout contribution.