Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Spear and Shield: Adversarial Attacks and Defense Methods for Model-Based Link Prediction on Continuous-Time Dynamic Graphs

Dongjin Lee, Juho Lee, Kijung Shin

TL;DR

This paper tackles the vulnerability of continuous-time dynamic graph neural networks (CTDGs) for link prediction to adversarial perturbations. It introduces T-Spear, a poisoning attack using a surrogate TGNN to craft unnoticeable adversarial edges under explicit temporal and per-node constraints, demonstrating strong degradation and transferability across TGNNs. To counter these threats, it proposes T-Shield, a defense that combines dynamic edge filtering and temporal smoothing of node embeddings, achieving notable robustness improvements across multiple datasets and attack scenarios (with up to 11.2% gains over naive baselines). The findings highlight the significance of CTDG-specific security methods and provide practical insights into maintaining reliable link-prediction in time-evolving networks.

Abstract

Real-world graphs are dynamic, constantly evolving with new interactions, such as financial transactions in financial networks. Temporal Graph Neural Networks (TGNNs) have been developed to effectively capture the evolving patterns in dynamic graphs. While these models have demonstrated their superiority, being widely adopted in various important fields, their vulnerabilities against adversarial attacks remain largely unexplored. In this paper, we propose T-SPEAR, a simple and effective adversarial attack method for link prediction on continuous-time dynamic graphs, focusing on investigating the vulnerabilities of TGNNs. Specifically, before the training procedure of a victim model, which is a TGNN for link prediction, we inject edge perturbations to the data that are unnoticeable in terms of the four constraints we propose, and yet effective enough to cause malfunction of the victim model. Moreover, we propose a robust training approach T-SHIELD to mitigate the impact of adversarial attacks. By using edge filtering and enforcing temporal smoothness to node embeddings, we enhance the robustness of the victim model. Our experimental study shows that T-SPEAR significantly degrades the victim model's performance on link prediction tasks, and even more, our attacks are transferable to other TGNNs, which differ from the victim model assumed by the attacker. Moreover, we demonstrate that T-SHIELD effectively filters out adversarial edges and exhibits robustness against adversarial attacks, surpassing the link prediction performance of the naive TGNN by up to 11.2% under T-SPEAR.

Spear and Shield: Adversarial Attacks and Defense Methods for Model-Based Link Prediction on Continuous-Time Dynamic Graphs

TL;DR

This paper tackles the vulnerability of continuous-time dynamic graph neural networks (CTDGs) for link prediction to adversarial perturbations. It introduces T-Spear, a poisoning attack using a surrogate TGNN to craft unnoticeable adversarial edges under explicit temporal and per-node constraints, demonstrating strong degradation and transferability across TGNNs. To counter these threats, it proposes T-Shield, a defense that combines dynamic edge filtering and temporal smoothing of node embeddings, achieving notable robustness improvements across multiple datasets and attack scenarios (with up to 11.2% gains over naive baselines). The findings highlight the significance of CTDG-specific security methods and provide practical insights into maintaining reliable link-prediction in time-evolving networks.

Abstract

Real-world graphs are dynamic, constantly evolving with new interactions, such as financial transactions in financial networks. Temporal Graph Neural Networks (TGNNs) have been developed to effectively capture the evolving patterns in dynamic graphs. While these models have demonstrated their superiority, being widely adopted in various important fields, their vulnerabilities against adversarial attacks remain largely unexplored. In this paper, we propose T-SPEAR, a simple and effective adversarial attack method for link prediction on continuous-time dynamic graphs, focusing on investigating the vulnerabilities of TGNNs. Specifically, before the training procedure of a victim model, which is a TGNN for link prediction, we inject edge perturbations to the data that are unnoticeable in terms of the four constraints we propose, and yet effective enough to cause malfunction of the victim model. Moreover, we propose a robust training approach T-SHIELD to mitigate the impact of adversarial attacks. By using edge filtering and enforcing temporal smoothness to node embeddings, we enhance the robustness of the victim model. Our experimental study shows that T-SPEAR significantly degrades the victim model's performance on link prediction tasks, and even more, our attacks are transferable to other TGNNs, which differ from the victim model assumed by the attacker. Moreover, we demonstrate that T-SHIELD effectively filters out adversarial edges and exhibits robustness against adversarial attacks, surpassing the link prediction performance of the naive TGNN by up to 11.2% under T-SPEAR.
Paper Structure (50 sections, 4 theorems, 7 equations, 3 figures, 12 tables)

This paper contains 50 sections, 4 theorems, 7 equations, 3 figures, 12 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. Temporal Graph Neural Networks (TGNNs).
  4. Adversarial Attacks on Graphs.
  5. Adversarial Defenses on Graphs.
  6. Problem Formulation
  7. Notation and Preliminaries
  8. Dynamic Graph Adversarial Attack
  9. Attacker's Goal.
  10. Constraint for Unnoticeability.
  11. Attacker's Knowledge.
  12. Proposed Attack Method: T-Spear
  13. Surrogate Model
  14. Node Memory.
  15. Attention Aggregator.
  16. ...and 35 more sections

Key Result

Lemma 1

The time complexity of T-Spear is $O((C_{tgn}+|W|\cdot C_{clf}+p\cdot|W|^{2})\cdot|\mathcal{E}|)$.

Figures (3)

  • Figure 1: Comparison of Low-K selection (left) and Hungarian selection (right) when $K$ is 5. The Hungarian selection provides more inconspicuous and balanced perturbations.
  • Figure 2: Link prediction performance of TGN on Wikipedia (left) and MOOC (right) as the perturbation rate increases.
  • Figure 3: Link prediction performance of TGN on Wikipedia (left) and MOOC (right) as the embedding size of the surrogate model changes 0.5$\times$ to 4$\times$ that of the victim model. T-Spear consistently performed well regardless of the surrogate model's embedding size.

Theorems & Definitions (6)

  • Lemma 1: Time complexity of T-Spear
  • Lemma 2: Time complexity of T-Shield
  • Lemma 1: Time complexity of T-Spear
  • proof
  • Lemma 2: Time complexity of T-Shield
  • proof