What problem does this paper attempt to address?

### What problem does this paper attempt to solve? This paper aims to solve the problem of robustness certification of graph neural networks (GNNs) in the face of graph injection attacks (GIA). Specifically, existing research only provides sample - wise certificates, that is, providing robustness guarantees by independently verifying each node, which leads to very limited certification performance. This paper proposes a new collective certificate, which can provide robustness certification for a group of target nodes simultaneously. #### Main problem description 1. **Graph Injection Attack (GIA)**: - Graph injection attacks are different from common graph modification attacks (GMA). They destroy the graph structure by injecting carefully - designed malicious nodes into the graph. - These malicious nodes may have a significant impact on the prediction results of GNNs, thereby reducing the security and reliability of the model. 2. **Limitations of existing methods**: - Existing robustness certification methods mainly focus on the sample - wise level, that is, verifying nodes one by one. - This method assumes that the attacker can only attack one node at a time, and each attack will generate a different perturbed graph. - In actual situations, the attacker usually generates a single perturbed graph to attack multiple target nodes simultaneously, so the sample - wise certification method is too pessimistic and has limited effectiveness. 3. **The need for collective robustness certification**: - In order to improve the certification performance and better reflect the actual situation, a method that can provide robustness certification for multiple nodes simultaneously, that is, collective robustness certification, is required. #### Solutions This paper proposes the following solutions: - **Collective Robustness Certificate**: By formulating the problem as a binary integer quadratic constrained linear programming (BQCLP) and further developing a customized linearization technique to relax it into a linear programming (LP) to solve the problem efficiently. - **Improved Optimization Methods**: Two effective methods (Collective - LP1 and Collective - LP2) are proposed to relax the BQCLP problem so that it can be solved in polynomial time, thereby significantly improving the certification performance and computational efficiency. - **Experimental Verification**: Experiments on the Cora - ML and Citeseer datasets prove that the collective robustness certification method significantly improves the certification ratio. For example, when the number of injected nodes is 5% of the graph size, the certification ratio is increased from 0.0% to 81.2%. In summary, the main contribution of this paper is to propose the first collective robustness certificate for graph injection attacks, which significantly improves the defense ability of GNNs in the face of such attacks and has high computational efficiency.