Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

LoReTTA: A Low Resource Framework To Poison Continuous Time Dynamic Graphs

Himanshu Pal, Venkata Sai Pranav Bachina, Ankit Gangwal, Charu Sharma

TL;DR

LoReTTA introduces a low-resource poisoning framework for Continuous-Time Dynamic Graphs (CTDGs) that degrades Temporal Graph Neural Networks without surrogate models. It uses a two-phase approach: sparsify the graph by removing high-impact edges and then replace them with constraint-preserving adversarial negatives, ensuring unnoticeability under four constraints. The method achieves substantial degradation across four benchmark datasets and four SotA TGNNs, outperforming 11 baselines and often evading anomaly detection and defense methods. This work highlights temporal dynamics as a critical vulnerability in TGNNs and provides a practical attack tool that informs the development of more robust CTDG architectures.

Abstract

Temporal Graph Neural Networks (TGNNs) are increasingly used in high-stakes domains, such as financial forecasting, recommendation systems, and fraud detection. However, their susceptibility to poisoning attacks poses a critical security risk. We introduce LoReTTA (Low Resource Two-phase Temporal Attack), a novel adversarial framework on Continuous-Time Dynamic Graphs, which degrades TGNN performance by an average of 29.47% across 4 widely benchmark datasets and 4 State-of-the-Art (SotA) models. LoReTTA operates through a two-stage approach: (1) sparsify the graph by removing high-impact edges using any of the 16 tested temporal importance metrics, (2) strategically replace removed edges with adversarial negatives via LoReTTA's novel degree-preserving negative sampling algorithm. Our plug-and-play design eliminates the need for expensive surrogate models while adhering to realistic unnoticeability constraints. LoReTTA degrades performance by upto 42.0% on MOOC, 31.5% on Wikipedia, 28.8% on UCI, and 15.6% on Enron. LoReTTA outperforms 11 attack baselines, remains undetectable to 4 leading anomaly detection systems, and is robust to 4 SotA adversarial defense training methods, establishing its effectiveness, unnoticeability, and robustness.

LoReTTA: A Low Resource Framework To Poison Continuous Time Dynamic Graphs

TL;DR

LoReTTA introduces a low-resource poisoning framework for Continuous-Time Dynamic Graphs (CTDGs) that degrades Temporal Graph Neural Networks without surrogate models. It uses a two-phase approach: sparsify the graph by removing high-impact edges and then replace them with constraint-preserving adversarial negatives, ensuring unnoticeability under four constraints. The method achieves substantial degradation across four benchmark datasets and four SotA TGNNs, outperforming 11 baselines and often evading anomaly detection and defense methods. This work highlights temporal dynamics as a critical vulnerability in TGNNs and provides a practical attack tool that informs the development of more robust CTDG architectures.

Abstract

Temporal Graph Neural Networks (TGNNs) are increasingly used in high-stakes domains, such as financial forecasting, recommendation systems, and fraud detection. However, their susceptibility to poisoning attacks poses a critical security risk. We introduce LoReTTA (Low Resource Two-phase Temporal Attack), a novel adversarial framework on Continuous-Time Dynamic Graphs, which degrades TGNN performance by an average of 29.47% across 4 widely benchmark datasets and 4 State-of-the-Art (SotA) models. LoReTTA operates through a two-stage approach: (1) sparsify the graph by removing high-impact edges using any of the 16 tested temporal importance metrics, (2) strategically replace removed edges with adversarial negatives via LoReTTA's novel degree-preserving negative sampling algorithm. Our plug-and-play design eliminates the need for expensive surrogate models while adhering to realistic unnoticeability constraints. LoReTTA degrades performance by upto 42.0% on MOOC, 31.5% on Wikipedia, 28.8% on UCI, and 15.6% on Enron. LoReTTA outperforms 11 attack baselines, remains undetectable to 4 leading anomaly detection systems, and is robust to 4 SotA adversarial defense training methods, establishing its effectiveness, unnoticeability, and robustness.

Paper Structure

This paper contains 73 sections, 4 theorems, 23 equations, 10 figures, 10 tables, 2 algorithms.

Table of Contents

  1. Introduction
  2. Related Work
  3. Temporal Graph Neural Networks (TGNNs)
  4. Adversarial Attacks on Graphs
  5. Poisoning static graphs vs. temporal graphs:
  6. Poisoning DTDGs vs CTDGs:
  7. Existing Literature on Poisoning CTDGs:
  8. Preliminaries
  9. Dynamic graph setting:
  10. Temporal PageRank:
  11. Problem Formulation
  12. Attacker's objective.
  13. Attacker's knowledge.
  14. Unnoticeability Constraints
  15. Methodology
  16. ...and 58 more sections

Key Result

Lemma 1

Let $G=(V,E)$ be a temporal graph, and $\alpha, \beta \in [0,1]$ be the jump and decay parameters. Algorithm TPR runs in

Figures (10)

  • Figure 1: Overview of the LoReTTA attack framework.
  • Figure 2: Performance of our attack on each model across datasets. Lower values indicate stronger attack impact. Clean baselines are shown under No-Attack. DySAT and TGAT fail on MOOC due to Out-Of-Memory error. Naive Jaccard is omitted for bipartite graphs (MOOC and UCI), where it is not applicable. Dashed radial lines highlight the most effective attack for each dataset-model pair. LoReTTA-Degree is the best metric for both Enron and UCI on TGAT.
  • Figure 3: Effect of perturbation rate $p$ on the performance of LoReTTA using different sparsification strategies.
  • Figure 4: Compliance with the C3 constraint (Wikipedia dataset). Each adversarial edge connects nodes that were active in a fixed window prior to the sampled timestamp.
  • Figure 5: C4 constraint validation across different graph types. Regenerated degrees preserve structural statistics, ensuring stealth.
  • ...and 5 more figures

Theorems & Definitions (8)

  • Lemma 1: Temporal PageRank Runtime
  • proof
  • Lemma 2: Timestamp Selector Runtime
  • proof
  • Lemma 3: TPR and TER Memory Footprint
  • proof
  • Lemma 4: Timestamp Selector Memory Footprint
  • proof