Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Practicable Black-box Evasion Attacks on Link Prediction in Dynamic Graphs -- A Graph Sequential Embedding Method

Jiate Li, Meng Pang, Binghui Wang

TL;DR

This paper tackles black-box evasion of link prediction in dynamic graphs (LPDG) under practical interaction and perturbation limits. It introduces Graph Sequential Embedding (GSE) to produce compact, informative state representations and a Multi-Environment Training Pipeline (METP) to share experience across multiple instances, enabling effective attacks with limited queries. Through experiments on three real-world datasets and three LPDG models, the proposed GSE-METP approach consistently outperforms baselines, highlighting both the vulnerability of LPDG systems and the practicality of the attack. The results underscore the need for defense mechanisms, and the work points toward robust, provable defenses for LPDG in dynamic settings.

Abstract

Link prediction in dynamic graphs (LPDG) has been widely applied to real-world applications such as website recommendation, traffic flow prediction, organizational studies, etc. These models are usually kept local and secure, with only the interactive interface restrictively available to the public. Thus, the problem of the black-box evasion attack on the LPDG model, where model interactions and data perturbations are restricted, seems to be essential and meaningful in practice. In this paper, we propose the first practicable black-box evasion attack method that achieves effective attacks against the target LPDG model, within a limited amount of interactions and perturbations. To perform effective attacks under limited perturbations, we develop a graph sequential embedding model to find the desired state embedding of the dynamic graph sequences, under a deep reinforcement learning framework. To overcome the scarcity of interactions, we design a multi-environment training pipeline and train our agent for multiple instances, by sharing an aggregate interaction buffer. Finally, we evaluate our attack against three advanced LPDG models on three real-world graph datasets of different scales and compare its performance with related methods under the interaction and perturbation constraints. Experimental results show that our attack is both effective and practicable.

Practicable Black-box Evasion Attacks on Link Prediction in Dynamic Graphs -- A Graph Sequential Embedding Method

TL;DR

This paper tackles black-box evasion of link prediction in dynamic graphs (LPDG) under practical interaction and perturbation limits. It introduces Graph Sequential Embedding (GSE) to produce compact, informative state representations and a Multi-Environment Training Pipeline (METP) to share experience across multiple instances, enabling effective attacks with limited queries. Through experiments on three real-world datasets and three LPDG models, the proposed GSE-METP approach consistently outperforms baselines, highlighting both the vulnerability of LPDG systems and the practicality of the attack. The results underscore the need for defense mechanisms, and the work points toward robust, provable defenses for LPDG in dynamic settings.

Abstract

Link prediction in dynamic graphs (LPDG) has been widely applied to real-world applications such as website recommendation, traffic flow prediction, organizational studies, etc. These models are usually kept local and secure, with only the interactive interface restrictively available to the public. Thus, the problem of the black-box evasion attack on the LPDG model, where model interactions and data perturbations are restricted, seems to be essential and meaningful in practice. In this paper, we propose the first practicable black-box evasion attack method that achieves effective attacks against the target LPDG model, within a limited amount of interactions and perturbations. To perform effective attacks under limited perturbations, we develop a graph sequential embedding model to find the desired state embedding of the dynamic graph sequences, under a deep reinforcement learning framework. To overcome the scarcity of interactions, we design a multi-environment training pipeline and train our agent for multiple instances, by sharing an aggregate interaction buffer. Finally, we evaluate our attack against three advanced LPDG models on three real-world graph datasets of different scales and compare its performance with related methods under the interaction and perturbation constraints. Experimental results show that our attack is both effective and practicable.

Paper Structure

This paper contains 43 sections, 23 equations, 6 figures, 2 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. Adversarial Attacks on Static Graphs
  4. Deep Deterministic Policy Gradient
  5. Practicable Black-box Evasion Attack
  6. Problem Definition
  7. LPDG Model
  8. Clean input data
  9. Output and metric
  10. Attack Under Reinforcement Learning
  11. State
  12. Action
  13. Environment and reward
  14. Practicable constraints
  15. Graph Sequential Embedding
  16. ...and 28 more sections

Figures (6)

  • Figure 1: LPDG: a dynamic graph sequence $\mathcal{G} = \{G_{t}, t \in [1,T]\}$ is taken as an input, usually represented by an adjacency matrix sequence. LPDG predicts the future graph in the next time slice $G_{T+1}^p$. It is trained to increase the accuracy metric compared with the ground truth $G_{T+1}$.
  • Figure 2: Illustration of the proposed GSE method.
  • Figure 3: An overview of the agent interaction.
  • Figure 4: Training pipeline for the Q network and Q GSE.
  • Figure 5: Training pipeline for the policy network and the policy GSE.
  • ...and 1 more figures