Adversarial Attack on Network Embeddings via Supervised Network Poisoning

TL;DR

This paper introduces VIKING, a supervised network poisoning method that significantly degrades the performance of network embeddings on downstream tasks, highlighting vulnerabilities in current embedding techniques.

Contribution

The paper proposes VIKING, a novel supervised network poisoning strategy that outperforms existing methods and extends to semi-supervised settings.

Findings

VIKING outperforms state-of-the-art poisoning methods by up to 18%.

VIKING is effective in both supervised and semi-supervised attack settings.

Poisoning networks can significantly impair downstream embedding tasks.

Abstract

Learning low-level node embeddings using techniques from network representation learning is useful for solving downstream tasks such as node classification and link prediction. An important consideration in such applications is the robustness of the embedding algorithms against adversarial attacks, which can be examined by performing perturbation on the original network. An efficient perturbation technique can degrade the performance of network embeddings on downstream tasks. In this paper, we study network embedding algorithms from an adversarial point of view and observe the effect of poisoning the network on downstream tasks. We propose VIKING, a supervised network poisoning strategy that outperforms the state-of-the-art poisoning methods by upto 18% on the original network structure. We also extend VIKING to a semi-supervised attack setting and show that it is comparable to its supervised counterpart.