Target Defense Against Link-Prediction-Based Attacks via Evolutionary Perturbations

Yu, Shanqing; Zhao, Minghao; Fu, Chenbo; Huang, Huimin; Shu, Xincheng; Xuan, Qi; Chen, Guanrong

doi:10.48550/arxiv.1809.05912

Cited by 5 publications

(6 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…They further proposed a neighborhood randomization mechanism to probabilistically randomize the destination of a link within a local neighborhood [51]. For link prediction, Yu et al [31] designed evolutionary perturbations based on genetic algorithm and estimation of distribution algorithm to degrade the popular link prediction method Resource Allocation Index (RA). And they found that although the evolutionary perturbations are designed to against RA, it is also effective against other link-prediction methods.…”

Section: Related Workmentioning

confidence: 99%

“…Recently, the adversarial attacks against network algorithms also are carried out to study the robustness of network algorithms [28], [29], by rewiring a small number of links in the original network. Some even study on using the adversarial attack methods to solve privacy problems, that is, to protect certain sensitive information of the network from being leaked by graph mining methods [30], [31].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

MGA: Momentum Gradient Attack on Network

Chen

Zheng

et al. 2020

Preprint

Self Cite

View full text Add to dashboard Cite

The adversarial attack methods based on gradient information can adequately find the perturbations, that is, the combinations of rewired links, thereby reducing the effectiveness of the deep learning model based graph embedding algorithms, but it is also easy to fall into a local optimum. Therefore, this paper proposes a Momentum Gradient Attack (MGA) against the GCN model, which can achieve more aggressive attacks with fewer rewiring links. Compared with directly updating the original network using gradient information, integrating the momentum term into the iterative process can stabilize the updating direction, which makes the model jump out of poor local optimum and enhance the method with stronger transferability. Experiments on node classification and community detection methods based on three well-known network embedding algorithms show that MGA has a better attack effect and transferability.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

MGA: Momentum Gradient Attack on Network

Chen

Zheng

et al. 2020

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…Link prediction, a classic network network analysis tool, is capable to benefit a wide range of real-world applications, such as, recommendation systems [23], [24], network reconstruction, etc [25]. In link prediction [26]- [29], Zheleva et al [26] proposed the link re-identification attack to predict sensitive links from the released data. Fard et al [27] introduced a subgraph-wise perturbation in directed networks to randomize the destination of a link within subgraphs to protect sensitive links.…”

Section: Introductionmentioning

confidence: 99%

“…They further proposed a neighborhood randomization mechanism to probabilistically randomize the destination of a link within a local neighborhood [28]. Yu et al [29] proposed a target defense strategy against linkprediction-based methods, which can protect target sensitive links from being detected by neighbor-based link prediction methods. In community detection, Nagaraja [30] proposed the first community deception method, called centrality attack, by adding links to the nodes of high centrality.…”

Section: Introductionmentioning

confidence: 99%

Can Adversarial Network Attack be Defended?

Chen,

Wu,

Lin

et al. 2019

Preprint

Self Cite

View full text Add to dashboard Cite

Machine learning has been successfully applied to complex network analysis in various areas, and graph neural networks (GNNs) based methods outperform others. Recently, adversarial attack on networks has attracted special attention since carefully crafted adversarial networks with slight perturbations on clean network may invalid lots of network applications, such as node classification, link prediction, and community detection etc. Such attacks are easily constructed with serious security threat to various analyze methods, including traditional methods and deep models. To the best of our knowledge, it is the first time that defense method against network adversarial attack is discussed. In this paper, we are interested in the possibility of defense against adversarial attack on network, and propose defense strategies for GNNs against attacks. First, we propose novel adversarial training strategies to improve GNNs' defensibility against attacks. Then, we analytically investigate the robustness properties for GNNs granted by the use of smooth defense, and propose two special smooth defense strategies: smoothing distillation and smoothing cross-entropy loss function. Both of them are capable of smoothing gradient of GNNs, and consequently reduce the amplitude of adversarial gradients, which benefits gradient masking from attackers. The comprehensive experiments show that our proposed strategies have great defensibility against different adversarial attacks on four real-world networks in different network analyze tasks.

show abstract

“…The authors also studied how a group of individuals could avoid being identified by community detection algorithms. Furthermore, Yu et al [28], Waniek et al [26], and Zhou et al [30] studied how to hide one's sensitive relationships from link prediction algorithms.…”

Section: Introductionmentioning

confidence: 99%

Hiding in Multilayer Networks

Waniek¹,

Michalak²,

Rahwan³

2019

Preprint

View full text Add to dashboard Cite

Multilayer networks allow for modeling complex relationships, where individuals are embedded in multiple social networks at the same time. Given the ubiquity of such relationships, these networks have been increasingly gaining attention in the literature. This paper presents the first analysis of the robustness of centrality measures against strategic manipulation in multilayer networks. More specifically, we consider an "evader" who strategically chooses which connections to form in a multilayer network in order to obtain a low centrality-based ranking-thereby reducing the chance of being highlighted as a key figure in the network-while ensuring that she remains connected to a certain group of people. We prove that determining an optimal way to "hide" is NP-complete and hard to approximate for most centrality measures considered in our study. Moreover, we empirically evaluate a number of heuristics that the evader can use. Our results suggest that the centrality measures that are functions of the entire network topology are more robust to such a strategic evader than their counterparts which consider each layer separately.

show abstract

Target Defense Against Link-Prediction-Based Attacks via Evolutionary Perturbations

Cited by 5 publications

References 33 publications

MGA: Momentum Gradient Attack on Network

MGA: Momentum Gradient Attack on Network

Can Adversarial Network Attack be Defended?

Hiding in Multilayer Networks

Contact Info

Product

Resources

About