Reinforcement Learning-based Black-Box Evasion Attacks to Link Prediction in Dynamic Graphs

TL;DR

This paper introduces a black-box evasion attack on dynamic graph link prediction models using reinforcement learning, demonstrating its effectiveness across real-world datasets.

Contribution

It presents the first practical black-box attack method on LPDG models, leveraging a stochastic policy-based RL algorithm for graph perturbation.

Findings

Attack significantly reduces prediction accuracy.

Method is effective across multiple datasets.

Attack operates efficiently without model details.

Abstract

Link prediction in dynamic graphs (LPDG) is an important research problem that has diverse applications such as online recommendations, studies on disease contagion, organizational studies, etc. Various LPDG methods based on graph embedding and graph neural networks have been recently proposed and achieved state-of-the-art performance. In this paper, we study the vulnerability of LPDG methods and propose the first practical black-box evasion attack. Specifically, given a trained LPDG model, our attack aims to perturb the graph structure, without knowing to model parameters, model architecture, etc., such that the LPDG model makes as many wrong predicted links as possible. We design our attack based on a stochastic policy-based RL algorithm. Moreover, we evaluate our attack on three real-world graph datasets from different application domains. Experimental results show that our attack is both effective and efficient.