Neural networks are quickly becoming the algorithm of choice for a variety of machine learning tasks. However, the vulnerability of these models to adversarial attacks presents a challenging security concern that must be addressed. Networks trained on graph-structured data are particularly vulnerable to such attacks, because these networks are typically deployed in an online setting where user accounts can be manipulated by malicious attackers. Despite that fact, there has been a lack of research on the robustness properties of popular graph networks. We aim to fill this gap by proposing an approach for calculating certified lower bounds on the minimum distortion needed to generate adversarial examples in the graph setting. In so doing, we hope to identify graph network architectures that can be safely deployed on the web without compromising the security of the model.

After taking graduate classes in machine learning and security last year, I have a growing interest in tackling problems at the intersection of these two disciplines, which is what drew me to this SuperUROP project. I hope to not only expand my technical knowledge and mathematical maturity, but also to improve my communication skills and get a better understanding of the entire research pipeline, from formulating an idea to presenting my work.