Sofiane Ennadir, WASP PhD student at KTH, is conducting research on Graph Neural Networks (GNNs), with a particular emphasis on their adversarial robustness. His goal is to make GNNs safer for real-world deployment.
Sofiane first encountered Graph Neural Networks and the broader field of deep learning on graphs during his master’s studies in France.
“I was immediately drawn to the unique challenges posed by graph data structures, which differ significantly from those of traditional domains like images or text. The complexity and versatility of graph-based problems, either through their discrete nature or their permutation-invariance aspect motivated me to dive deeper into this field,” says Sofiane.
During his PhD, his research started focusing on Graph Neural Networks (GNNs), with a particular emphasis on their adversarial robustness.
“Adversarial robustness refers to the susceptibility of models to small but malicious changes in their input data, which can lead to incorrect predictions. This vulnerability is especially concerning in safety-critical domains such as healthcare, where small changes in the predictions can result in dangerous outcomes,” says Sofiane.
Strengthening GNN robustness
Sofiane aims to strengthen the theoretical understanding of GNN robustness and develop practical defence mechanisms to mitigate adversarial vulnerabilities, with the goal to make GNNs safer for real-world deployment. He believes that the next steps for research in this area involves systematically identifying and understanding other factors contributing to adversarial robustness in GNNs.
“By refining these insights, we can design more robust architectures and training methodologies, ultimately leading to safer and more reliable models,” says Sofiane.
Impact of weight initialization and training epochs
His recent work highlights the impact of weight initialization and training epochs on GNN robustness. He and his co-authors observed that training dynamics significantly influence a GNN’s adversarial robustness.
“For instance, while extended training epochs can enhance model accuracy, they may also increase susceptibility to adversarial attacks. Similarly, the choice of weight initialization can lead to varying levels of robustness. These findings suggest that careful selection of training parameters and initialization strategies can enhance robustness without adding computational costs.”
Before exploring the role of initialization, he and his co-authors proposed a method called NoisyGNNs, which modifies the GNN’s message-passing mechanism by introducing controlled noise into its hidden layers. This simple, low-cost adjustment has been shown to improve robustness against adversarial attacks. Additionally, in a parallel work entitled GCORN, they investigated the use of orthonormal matrices in GNNs, demonstrating both theoretically and empirically that they enhance robustness.
Recognition at prestigious conferences
Sofiane’s research has been recognized at several prestigious conferences, for example NeurIPS, ICLR, and AAAI. He believes that the growing interest stems from the need to deploy GNNs in real-world applications, where reliability and security are critical.
“GNNs have shown exceptional performance across various domains, but ensuring their safety against adversarial threats is essential for their adoption. Additionally, from a research perspective, adversarial robustness presents fascinating mathematical and algorithmic challenges, further attracting interest in this area.”
Experience with WASP
Sofiane joined WASP in March 2021 when he started his PhD at KTH.
“My experience has been incredibly enriching, thanks to the program’s well-structured events and networking opportunities. I’ve had the chance to collaborate with other WASP fellows and researchers across Sweden and participate in international travel opportunities, which have been invaluable to my growth as a researcher,” Sofiane concludes.
Published: December 17th, 2024