Detecting money laundering in financial transaction data is a task where graph neural networks (GNNs) have shown strong potential. Such data is naturally represented as a directed multigraph, since two accounts, each represented as a node, may exchange many separate payments, each forming a distinct edge with its own amount, currency, and timestamp. Preserving these parallel edges, rather than collapsing them into a single connection, retains the fine-grained structure that allows for distinguishing laundering behaviour from ordinary activity. Yet these models also introduce a new vulnerability, as an adversary could manipulate the transaction graph to alter the neighbourhood of a suspicious account such that the GNN misclassifies it as benign. Existing adversarial robustness research operates on the adjacency matrix, which records at most one edge per node pair and therefore cannot represent the parallel transactions between two accounts that this task depends on. Multigraph GNNs therefore lack both a framework for evaluating robustness under structural perturbations and defences against such perturbations.

This thesis extends adversarial robustness analysis to multigraph GNNs through three contributions. First, it reformulates GNN message passing and attack optimisation over the incidence matrix instead of the adjacency matrix, yielding the first gradient-based structural attack that retains multi-edge structure. Second, it introduces unnoticeability loss terms that constrain perturbations to maintain the graph's statistical fingerprint, including the frequency of characteristic patterns such as short transaction cycles, keeping the attack statistically plausible and unnoticeable at the macro level. Third, it scales the framework to large networks with projected randomised block coordinate descent. On the IBM synthetic anti-money laundering dataset, learned attacks substantially reduce detection accuracy compared to non-learnable perturbations, and adversarial training recovers robustness, showing that multigraph GNNs are both vulnerable to structural manipulation and defensible against it. ... Read more

Program synthesis is the task of generating a program that suffices the intent of a user based on a set of input-output examples. Searching over the set of all possible programs becomes intractable very quickly. Therefore, divide and conquer techniques have become popular within the field, but have mainly been applied on the set of examples. However, this paper focuses on applying the strategy on the problem’s context-free grammar by splitting it into subgrammars.
Our new technique first splits the grammar by making a dependency graph showing how all rules relate the different types of symbols. Afterwards, there is an exploration and exploitation phase where different sets of subgrammars will be given a score and get allocated an amount of enumerations to generate programs based on that score.
The new technique is implemented as an iterator in Herb.jl which is a program synthesis framework. The iterator is then benchmarked against a plain BFS iterator using 100 string-manipulation problems. The grammar splitting strategy needs on average more enumerations to find a program solving all examples compared to the BFS iterator. However, running the different grammars from the iterator in parallel could allow the iterator to find a solution from one of the grammars earlier. ... Read more