Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Black-Box Attacks against Signed Graph Analysis via Balance Poisoning

Jialong Zhou, Yuni Lai, Jian Ren, Kai Zhou

TL;DR

This work examines the vulnerability of signed graph neural networks (SGNNs) to adversarial edge manipulations by exploiting balance theory. It introduces balance-attack, a black-box poisoning method that minimizes the balance degree $D_3(G)$ under a perturbation budget using gradient-guided greedy edge flips. Extensive experiments on four real-world datasets and five SGNN models show that balance-attack significantly reduces graph balance and degrades link sign prediction performance, even for non-balance-based SGNNs. The results highlight a fundamental resilience challenge for SGNNs and offer a practical warning and direction for developing more robust signed-graph learning methods.

Abstract

Signed graphs are well-suited for modeling social networks as they capture both positive and negative relationships. Signed graph neural networks (SGNNs) are commonly employed to predict link signs (i.e., positive and negative) in such graphs due to their ability to handle the unique structure of signed graphs. However, real-world signed graphs are vulnerable to malicious attacks by manipulating edge relationships, and existing adversarial graph attack methods do not consider the specific structure of signed graphs. SGNNs often incorporate balance theory to effectively model the positive and negative links. Surprisingly, we find that the balance theory that they rely on can ironically be exploited as a black-box attack. In this paper, we propose a novel black-box attack called balance-attack that aims to decrease the balance degree of the signed graphs. We present an efficient heuristic algorithm to solve this NP-hard optimization problem. We conduct extensive experiments on five popular SGNN models and four real-world datasets to demonstrate the effectiveness and wide applicability of our proposed attack method. By addressing these challenges, our research contributes to a better understanding of the limitations and resilience of robust models when facing attacks on SGNNs. This work contributes to enhancing the security and reliability of signed graph analysis in social network modeling. Our PyTorch implementation of the attack is publicly available on GitHub: https://github.com/JialongZhou666/Balance-Attack.git.

Black-Box Attacks against Signed Graph Analysis via Balance Poisoning

TL;DR

This work examines the vulnerability of signed graph neural networks (SGNNs) to adversarial edge manipulations by exploiting balance theory. It introduces balance-attack, a black-box poisoning method that minimizes the balance degree under a perturbation budget using gradient-guided greedy edge flips. Extensive experiments on four real-world datasets and five SGNN models show that balance-attack significantly reduces graph balance and degrades link sign prediction performance, even for non-balance-based SGNNs. The results highlight a fundamental resilience challenge for SGNNs and offer a practical warning and direction for developing more robust signed-graph learning methods.

Abstract

Signed graphs are well-suited for modeling social networks as they capture both positive and negative relationships. Signed graph neural networks (SGNNs) are commonly employed to predict link signs (i.e., positive and negative) in such graphs due to their ability to handle the unique structure of signed graphs. However, real-world signed graphs are vulnerable to malicious attacks by manipulating edge relationships, and existing adversarial graph attack methods do not consider the specific structure of signed graphs. SGNNs often incorporate balance theory to effectively model the positive and negative links. Surprisingly, we find that the balance theory that they rely on can ironically be exploited as a black-box attack. In this paper, we propose a novel black-box attack called balance-attack that aims to decrease the balance degree of the signed graphs. We present an efficient heuristic algorithm to solve this NP-hard optimization problem. We conduct extensive experiments on five popular SGNN models and four real-world datasets to demonstrate the effectiveness and wide applicability of our proposed attack method. By addressing these challenges, our research contributes to a better understanding of the limitations and resilience of robust models when facing attacks on SGNNs. This work contributes to enhancing the security and reliability of signed graph analysis in social network modeling. Our PyTorch implementation of the attack is publicly available on GitHub: https://github.com/JialongZhou666/Balance-Attack.git.
Paper Structure (22 sections, 6 equations, 2 figures, 3 tables, 1 algorithm)

This paper contains 22 sections, 6 equations, 2 figures, 3 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Related Work
  3. Preliminaries
  4. Balance Theory
  5. Signed Graph Analysis
  6. Problem Statements
  7. Notations
  8. Threat Model
  9. Attacker's goal
  10. Attacker's knowledge
  11. Attacker's capability
  12. Problem of Attack
  13. Proposed Black-Box Attack
  14. Formulation of black-box attack
  15. Attack Method
  16. ...and 7 more sections

Figures (2)

  • Figure 1: Four types of triangles.
  • Figure 2: Balance degree of $4$ datasets under balance-attack and random attack.