Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Cluster-Aware Attacks on Graph Watermarks

Alexander Nemecek, Emre Yilmaz, Erman Ayday

TL;DR

This work investigates graph watermarking robustness under cluster-aware attacks that exploit real-world community structure. It introduces a threat model where an adversary uses unsupervised, parameter-free clustering to guide edge additions/removals, aiming to degrade attribution based on a $dK-2$ similarity detector. The authors show that such attacks can reduce attribution accuracy by up to 80% more than random perturbations on sparse graphs, and they propose a lightweight mitigation that distributes watermark nodes across communities to preserve attribution with minimal overhead. The proposed robust embedding improves resilience across dataset topologies, highlighting the importance of cluster-aware design in graph watermarking and adversarial modeling for secure and attributable data sharing.

Abstract

Data from domains such as social networks, healthcare, finance, and cybersecurity can be represented as graph-structured information. Given the sensitive nature of this data and their frequent distribution among collaborators, ensuring secure and attributable sharing is essential. Graph watermarking enables attribution by embedding user-specific signatures into graph-structured data. While prior work has addressed random perturbation attacks, the threat posed by adversaries leveraging structural properties through community detection remains unexplored. In this work, we introduce a cluster-aware threat model in which adversaries apply community-guided modifications to evade detection. We propose two novel attack strategies and evaluate them on real-world social network graphs. Our results show that cluster-aware attacks can reduce attribution accuracy by up to 80% more than random baselines under equivalent perturbation budgets on sparse graphs. To mitigate this threat, we propose a lightweight embedding enhancement that distributes watermark nodes across graph communities. This approach improves attribution accuracy by up to 60% under attack on dense graphs, without increasing runtime or structural distortion. Our findings underscore the importance of cluster-topological awareness in both watermarking design and adversarial modeling.

Cluster-Aware Attacks on Graph Watermarks

TL;DR

This work investigates graph watermarking robustness under cluster-aware attacks that exploit real-world community structure. It introduces a threat model where an adversary uses unsupervised, parameter-free clustering to guide edge additions/removals, aiming to degrade attribution based on a similarity detector. The authors show that such attacks can reduce attribution accuracy by up to 80% more than random perturbations on sparse graphs, and they propose a lightweight mitigation that distributes watermark nodes across communities to preserve attribution with minimal overhead. The proposed robust embedding improves resilience across dataset topologies, highlighting the importance of cluster-aware design in graph watermarking and adversarial modeling for secure and attributable data sharing.

Abstract

Data from domains such as social networks, healthcare, finance, and cybersecurity can be represented as graph-structured information. Given the sensitive nature of this data and their frequent distribution among collaborators, ensuring secure and attributable sharing is essential. Graph watermarking enables attribution by embedding user-specific signatures into graph-structured data. While prior work has addressed random perturbation attacks, the threat posed by adversaries leveraging structural properties through community detection remains unexplored. In this work, we introduce a cluster-aware threat model in which adversaries apply community-guided modifications to evade detection. We propose two novel attack strategies and evaluate them on real-world social network graphs. Our results show that cluster-aware attacks can reduce attribution accuracy by up to 80% more than random baselines under equivalent perturbation budgets on sparse graphs. To mitigate this threat, we propose a lightweight embedding enhancement that distributes watermark nodes across graph communities. This approach improves attribution accuracy by up to 60% under attack on dense graphs, without increasing runtime or structural distortion. Our findings underscore the importance of cluster-topological awareness in both watermarking design and adversarial modeling.

Paper Structure

This paper contains 31 sections, 3 equations, 4 figures, 9 tables, 3 algorithms.

Table of Contents

  1. Introduction
  2. Background and Related Work
  3. Graph Watermarks
  4. Clustering in Graphs
  5. Baseline Graph Watermarking
  6. Watermark Embedding
  7. Watermark Extraction
  8. Evaluation Scope
  9. Cluster-Aware Threat Model
  10. Adversarial Assumptions
  11. Proposed Cluster-Aware Attack Strategy
  12. Strategy I: Intra-Add/Inter-Remove
  13. Strategy II: Intra-Remove/Inter-Add
  14. Adversarial Objective
  15. Experimental Evaluation
  16. ...and 16 more sections

Figures (4)

  • Figure 1: Attribution accuracy of the dK-2 detection scheme under increasing perturbation. Cluster-aware attacks consistently outperform the random baseline, with greater impact seen in sparser graphs (LastFM).
  • Figure 2: dK-2 distortion introduced by each attack strategy. Distortion increases with edge flips, but cluster-aware attacks evade detection more effectively while maintaining equal or lower structural distortion than random attacks.
  • Figure 3: Attribution accuracy under Zhao et al.'s embedding and our mitigation strategy. Our method improves robustness across datasets and clustering algorithms, maintaining higher detection accuracy under stronger attacks.
  • Figure 4: dK-2 distortion under Zhao et al.'s embedding and our mitigation strategy. Both methods follow similar distortion trends, with our approach achieving better evasion without added structural disruption.