Universität zu Köln

Sayed Soroush, Haj Zargarbashi (2026). Distribution Free Uncertainty Quantification under Adversarial Attacks and Graph Dependencies. PhD thesis, Universität zu Köln.

PDF thesis_publish.pdf - Accepted Version Bereitstellung unter der CC-Lizenz: Creative Commons Attribution. Download (13MB)

Abstract

With the vast deployment of machine learning models in safety-critical domains, rigorous uncertainty quantification is essential to ensure a reliable and trustworthy AI ecosystem. Building on top of conformal prediction (CP) — a powerful framework that provides distribution-free, finite-sample guarantees on predictive validity — this dissertation develops novel methods for graph-aware and robust application of conformal prediction. First, we discuss conformal prediction for graph node-classification task. We show that the interdependence in GNN message passing does not break the conformal guarantee as long as the GNN is permutation equivariant. We show the validity of conformal prediction in a transductive setup where the entire graph is visible at once, and in node, or edge-exchangeable inductive setup where the graph is updated with new nodes and edges over time. Leveraging the neighborhood structure, we improve set size efficiency -- we show that diffusion over the conformity score can reduce the size of the prediction set while maintaining the same guarantee. Additionally, it is shown that AI models are vulnerable to various forms of noise and adversarial attacks, which can significantly degrade their performance and reliability. Same vulnerabilities can also affect the validity of conformal prediction sets -- by a tiny perturbation in the input, the guarantee of CP can be completely broken, and the empirical coverage sharply drops to zero. We discuss the robustness of conformal prediction to worst-case natural noise and adversarial perturbations. We design provably robust CP sets that remain valid under worst-case perturbations in conformity scores, covering both evasion and poisoning attacks. We build our robust CP on randomized smoothing framework which provides robustness with black-box model access to larger magnitudes of perturbations. While randomized smoothing provides strong robustness guarantees, it can be computationally expensive. To address this, we introduce single-sample robust conformal predictors that certify the CP procedure directly rather than per-score, achieving comparable robustness with significantly lower computational cost. Our work advances the state-of-the-art in robust conformal prediction both in set size and computational efficiency, paving the way for more reliable and trustworthy AI systems in safety-critical and real-time applications.