Towards Trustworthy Graph Neural Networks
![open_access](/assets/open_access_icon-bc813276d7282c52345af89ac81c71bae160e2ab623e35c5c41385a25c92c3b1.png)
Open Access
- Author:
- Dai, Enyan
- Graduate Program:
- Informatics
- Degree:
- Doctor of Philosophy
- Document Type:
- Dissertation
- Date of Defense:
- May 30, 2024
- Committee Members:
- Dongwon Lee, Professor in Charge/Director of Graduate Studies
Xiang Zhang, Major Field Member
Suhang Wang, Chair & Dissertation Advisor
Sencun Zhu, Outside Unit & Field Member
Lu Lin, Major Field Member - Keywords:
- Trustworthy
Graph Neural Networks
Robustness
Privacy
Fairness
Explainability - Abstract:
- Graph is a kind of data structure which is composed of a set of nodes and their edges. Graph-structured data is very pervasive in the real-world such as social networks, protein modules, and traffic networks. Inspired by the great achievements of deep neural network on i.i.d data, Graph Neural Networks (GNNs) are proposed to generalize the deep learning model to process graph-structured data. The success of GNNs relies on the message-passing mechanism, which updates the node representations by aggregating the information of the neighbors. The message-passing mechanism could enhance node representations, and preserve both node feature characteristics and topological structures. Though the utilization of graph topology with message-passing mechanism largely benefits the performance of GNNs, it can also lead to various new problems of achieving trustworthy GNNs in terms of robustness, privacy, fairness and explainablity. First, GNNs are vulnerable to the adversarial attacks and privacy attacks. More specifically, an attacker can control the predictions of the target GNN model by deliberately perturbing the graph structure and/or node attributes. The membership inference attack can detect whether a target sample belongs to the training set, resulting to the leakage of the private training information. Therefore, it is crucial to ensure the safety of graph neural networks in robustness and privacy. Second, discrimination towards protected sensitive attributes could be magnified by using the topology of graphs in node classification. Generally, in graphs such as social networks, nodes of similar sensitive attributes are more likely to connect to each other than nodes of different sensitive attributes. As a result, representations are often updated by nodes with the same sensitive attributes in GNNs, which could lead to severer bias in decision making. This will largely limit the applications of GNNs in sensitive domains such as job applicant ranking and crime detection. Third, GNNs make predictions based on both features of nodes and the graph topology. Thus, explanations about how the message-passing utilizes the topology and features of neighbors are crucial. However, existing studies mostly focus on explaining the neural networks' predictions on i.i.d data, explainable GNNs are rather limited. In this dissertation, I will present the solutions to trustworthy graph neural networks in the aspects of robustness, privacy, fairness, and explainability. I will firstly present the method of defending graph topology noises followed by a unified framework that can simultaneously achieve robustness and membership privacy. Then, solutions to fair GNNs and self-explainable GNNs are presented. Extensive theoretical analysis and experimental results on the real-world datasets demonstrate that the proposed methods are effective in achieving trustworthy graph neural networks.