Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

PAC-Bayesian Adversarially Robust Generalization Bounds for Graph Neural Network

Tan Sun, Junhong Lin

TL;DR

This work develops adversarially robust generalization bounds for graph neural networks within a PAC-Bayesian framework, focusing on two widely used architectures, GCN and MPGNN. By linking robust margin losses to a perturbed posterior over weights, the authors derive bounds that depend on the spectral norm of the diffusion matrix and weight norms while incorporating an adversarial budget $\epsilon$, and crucially avoid exponential dependence on the graph's maximum degree. For GCN, the robust bounds improve prior results in the standard setting by removing degree-based exponential factors, and for MPGNN they provide comparable tightness under weaker smoothness assumptions. Overall, the results offer principled guarantees for robust generalization under adversarial perturbations in graph classification and highlight the practical impact of diffusion topology and weight magnitudes on robustness.

Abstract

Graph neural networks (GNNs) have gained popularity for various graph-related tasks. However, similar to deep neural networks, GNNs are also vulnerable to adversarial attacks. Empirical studies have shown that adversarially robust generalization has a pivotal role in establishing effective defense algorithms against adversarial attacks. In this paper, we contribute by providing adversarially robust generalization bounds for two kinds of popular GNNs, graph convolutional network (GCN) and message passing graph neural network, using the PAC-Bayesian framework. Our result reveals that spectral norm of the diffusion matrix on the graph and spectral norm of the weights as well as the perturbation factor govern the robust generalization bounds of both models. Our bounds are nontrivial generalizations of the results developed in (Liao et al., 2020) from the standard setting to adversarial setting while avoiding exponential dependence of the maximum node degree. As corollaries, we derive better PAC-Bayesian robust generalization bounds for GCN in the standard setting, which improve the bounds in (Liao et al., 2020) by avoiding exponential dependence on the maximum node degree.

PAC-Bayesian Adversarially Robust Generalization Bounds for Graph Neural Network

TL;DR

This work develops adversarially robust generalization bounds for graph neural networks within a PAC-Bayesian framework, focusing on two widely used architectures, GCN and MPGNN. By linking robust margin losses to a perturbed posterior over weights, the authors derive bounds that depend on the spectral norm of the diffusion matrix and weight norms while incorporating an adversarial budget , and crucially avoid exponential dependence on the graph's maximum degree. For GCN, the robust bounds improve prior results in the standard setting by removing degree-based exponential factors, and for MPGNN they provide comparable tightness under weaker smoothness assumptions. Overall, the results offer principled guarantees for robust generalization under adversarial perturbations in graph classification and highlight the practical impact of diffusion topology and weight magnitudes on robustness.

Abstract

Graph neural networks (GNNs) have gained popularity for various graph-related tasks. However, similar to deep neural networks, GNNs are also vulnerable to adversarial attacks. Empirical studies have shown that adversarially robust generalization has a pivotal role in establishing effective defense algorithms against adversarial attacks. In this paper, we contribute by providing adversarially robust generalization bounds for two kinds of popular GNNs, graph convolutional network (GCN) and message passing graph neural network, using the PAC-Bayesian framework. Our result reveals that spectral norm of the diffusion matrix on the graph and spectral norm of the weights as well as the perturbation factor govern the robust generalization bounds of both models. Our bounds are nontrivial generalizations of the results developed in (Liao et al., 2020) from the standard setting to adversarial setting while avoiding exponential dependence of the maximum node degree. As corollaries, we derive better PAC-Bayesian robust generalization bounds for GCN in the standard setting, which improve the bounds in (Liao et al., 2020) by avoiding exponential dependence on the maximum node degree.
Paper Structure (19 sections, 12 theorems, 135 equations)

This paper contains 19 sections, 12 theorems, 135 equations.

Table of Contents

  1. Introduction
  2. Related Work
  3. Preliminaries
  4. Problem Setup
  5. Background of PAC-Bayesian Analysis
  6. Assumptions
  7. Robust Generalization Bounds
  8. Generalization Bounds for GCN
  9. Generalization Bounds for MPGNN
  10. Comparison
  11. Discussion
  12. Proofs
  13. Basic Results
  14. Results of PAC-Bayesian Analysis
  15. Proof of \ref{['thm:mcallester']}
  16. ...and 4 more sections

Key Result

Theorem 3.1

Let $P$ be a prior distribution over $\mathcal{H}$ that is independent of the training set. Then for any $\delta\in(0,1)$, with probability at least $1-\delta$ over the choice of the training set $S=\{z_1,\dots,z_m\}$ independently sampled from $\mathcal{D}$, for all distributions $Q$ over $\mathcal

Theorems & Definitions (23)

  • Theorem 3.1: mcallester_simplified_2003
  • Lemma 3.2
  • Theorem 4.1: Generalization Bounds for GCN
  • Theorem 4.2: Robust Generalization Bounds for GCN
  • Lemma 4.3
  • proof
  • Lemma 4.4
  • proof
  • proof : Proof of \ref{['thm:adv-gen-gcn']}
  • Theorem 4.5: Robust Generalization Bounds for MPGNN
  • ...and 13 more