Practical Attacks Against Graph-based Clustering

Chen, Yizheng; Nadji, Yacin; Kountouras, Athanasios; Monrose, Fabian; Perdisci, Roberto; Antonakakis, Manos; Vasiloglou, Nikolaos

doi:10.1145/3133956.3134083

Cited by 63 publications

(38 citation statements)

References 38 publications

(36 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, multiple recent studies showed that community detection is vulnerable to adversarial structural perturbations [8,9,13,28,36]. Specifically, via adding or removing a small number of carefully selected edges in a graph, an attacker can manipulate the detected communities.…”

mentioning

confidence: 99%

“…However, to the best of our knowledge, there are no studies to certify robustness of community detection against such adversarial structural perturbation. We note that several heuristic defenses [9,28] were proposed to enhance the robustness of community detection against structural perturbation. However, these defenses lack formal guarantees and can often be defeated by strategic attacks that adapt to them.…”

mentioning

confidence: 99%

See 1 more Smart Citation

Certified Robustness of Community Detection against Adversarial Structural Perturbation via Randomized Smoothing

Jia

Wang

Cao

et al. 2020

Proceedings of the Web Conference 2020

View full text Add to dashboard Cite

Community detection plays a key role in understanding graph structure. However, several recent studies showed that community detection is vulnerable to adversarial structural perturbation. In particular, via adding or removing a small number of carefully selected edges in a graph, an attacker can manipulate the detected communities. However, to the best of our knowledge, there are no studies on certifying robustness of community detection against such adversarial structural perturbation. In this work, we aim to bridge this gap. Specifically, we develop the first certified robustness guarantee of community detection against adversarial structural perturbation. Given an arbitrary community detection method, we build a new smoothed community detection method via randomly perturbing the graph structure. We theoretically show that the smoothed community detection method provably groups a given arbitrary set of nodes into the same community (or different communities) when the number of edges added/removed by an attacker is bounded. Moreover, we show that our certified robustness is tight. We also empirically evaluate our method on multiple real-world graphs with ground truth communities.

show abstract

mentioning

confidence: 99%

mentioning

confidence: 99%

Certified Robustness of Community Detection against Adversarial Structural Perturbation via Randomized Smoothing

Jia

Wang

Cao

et al. 2020

Proceedings of the Web Conference 2020

View full text Add to dashboard Cite

show abstract

“…where the first equation means we update the variablesb u using gradient descent and the second equation means that we project the variables to satisfy the two constraints in Equation 14 and Equation 15. Note that the variablesb u are initialized using the adversarial matrix in the (t − 1)th iteration, i.e.,b (0)…”

Section: Adversary With Full Knowledgementioning

confidence: 99%

Attacking Graph-based Classification via Manipulating the Graph Structure

Wang

Gong

2019

Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

120

View full text Add to dashboard Cite

Graph-based classification methods are widely used for security analytics. Roughly speaking, graph-based classification methods include collective classification and graph neural network. Attacking a graph-based classification method enables an attacker to evade detection in security analytics. However, existing adversarial machine learning studies mainly focused on machine learning for non-graph data. Only a few recent studies touched adversarial graph-based classification methods. However, they focused on graph neural network, leaving collective classification largely unexplored.We aim to bridge this gap in this work. We consider an attacker's goal is to evade detection via manipulating the graph structure. We formulate our attack as a graph-based optimization problem, solving which produces the edges that an attacker needs to manipulate to achieve its attack goal. However, it is computationally challenging to solve the optimization problem exactly. To address the challenge, we propose several approximation techniques to solve the optimization problem. We evaluate our attacks and compare them with a recent attack designed for graph neural networks using four graph datasets. Our results show that our attacks can effectively evade graph-based classification methods. Moreover, our attacks outperform the existing attack for evading collective classification methods and some graph neural network methods.

show abstract

“…To combat opinion spams, prior works have proposed abundant different detection models based on texts [31], [21], [22], [52], user-behaviors [31], [51], [11], network structures [1], [48], [27]. However, more resourceful spammers can exploit information about the detectors available through publications, spam-spotting guidance and detection websites 1 , to craft insidious spamming campaigns that can evade graphbased and text-based detectors [7], [16]. However, adversarial evasions against behavior-based detectors have so far received less attention.…”

Section: Introductionmentioning

confidence: 99%

Securing Behavior-based Opinion Spam Detection

Xie

et al. 2018

2018 IEEE International Conference on Big Data (Big Data)

View full text Add to dashboard Cite

Reviews spams are prevalent in e-commerce to manipulate product ranking and customers decisions maliciously. While spams generated based on simple spamming strategy can be detected effectively, hardened spammers can evade regular detectors via more advanced spamming strategies. Previous work gave more attention to evasion against text and graphbased detectors, but evasions against behavior-based detectors are largely ignored, leading to vulnerabilities in spam detection systems. Since real evasion data are scarce, we first propose EMERAL (Evasion via Maximum Entropy and Rating sAm-pLing) to generate evasive spams to certain existing detectors. EMERAL can simulate spammers with different goals and levels of knowledge about the detectors, targeting at different stages of the life cycle of target products. We show that, in the evasiondefense dynamic, only a few evasion types are meaningful to the spammers, and any spammer will not be able to evade too many detection signals at the same time. We reveal that some evasions are quite insidious and can fail all detection signals. We then propose DETER (Defense via Evasion generaTion using EmeRal), based on model re-training on diverse evasive samples generated by EMERAL. Experiments confirm that DETER is more accurate in detecting both suspicious time window and individual spamming reviews. In terms of security, DETER is versatile enough to be vaccinated against diverse and unexpected evasions, is agnostic about evasion strategy and can be released without privacy concern.

show abstract

Practical Attacks Against Graph-based Clustering

Cited by 63 publications

References 38 publications

Certified Robustness of Community Detection against Adversarial Structural Perturbation via Randomized Smoothing

Certified Robustness of Community Detection against Adversarial Structural Perturbation via Randomized Smoothing

Attacking Graph-based Classification via Manipulating the Graph Structure

Securing Behavior-based Opinion Spam Detection

Contact Info

Product

Resources

About