Binghui Wang, Illinois Institute of Technology, Computer Science.
November 9, 2021. 12:45 – 1:45 pm.
John T. Rettaliata Engineering Center, Room 106.
Learning with graphs has attracted significant attention recently. Existing graph representation learning methods have achieved state-of-the-art performance on various graph-related tasks such as node classification, graph classification, link prediction, etc. However, recent studies show that graph representation learning methods are vulnerable to adversarial attacks.
In this talk, I will first introduce several security attacks (e.g., evasion attacks, poisoning/backdoor attacks, etc.) and privacy attacks (e.g., private attribute inference, link inference, etc.) to graph representation learning. Then, I will talk about countermeasures against these attacks. In particular, I will first present certified defenses against evasion attacks. We prove the first (concurrent) certified robustness guarantee of any graph representation learning method against evasion attacks with graph structural perturbation. Our theoretical results are based on a recently proposed technique called randomized smoothing, which we extend to graph data. Moreover, we show that our certified robustness guarantee is tight.
Next, I will introduce our privacy-preserving graph representation learning framework. Our framework includes a primary learning task (e.g., node classification) and a privacy protection task (e.g., link protection). Our goal is to learn node representations such that they can be used to achieve high performance for the primary task, while obtaining performance for the privacy task close to random guessing. We formally formulate our goal via mutual information objectives, derive their tractable variational bounds, and train parameterized neural networks to obtain these bounds.