LoReTTA: A Low Resource Framework To Poison Continuous Time Dynamic Graphs

TL;DR

LoReTTA is a novel low-resource adversarial framework that significantly degrades the performance of continuous-time dynamic graph neural networks across multiple datasets and models, highlighting security vulnerabilities.

Contribution

Introduces LoReTTA, a two-phase attack method that effectively poisons temporal graph neural networks without expensive surrogate models or detection, advancing security research in dynamic graphs.

Findings

Degrades TGNN performance by up to 42% on key datasets.

Outperforms 11 baseline attack methods.

Remains undetectable and robust against several defenses.

Abstract

Temporal Graph Neural Networks (TGNNs) are increasingly used in high-stakes domains, such as financial forecasting, recommendation systems, and fraud detection. However, their susceptibility to poisoning attacks poses a critical security risk. We introduce LoReTTA (Low Resource Two-phase Temporal Attack), a novel adversarial framework on Continuous-Time Dynamic Graphs, which degrades TGNN performance by an average of 29.47% across 4 widely benchmark datasets and 4 State-of-the-Art (SotA) models. LoReTTA operates through a two-stage approach: (1) sparsify the graph by removing high-impact edges using any of the 16 tested temporal importance metrics, (2) strategically replace removed edges with adversarial negatives via LoReTTA's novel degree-preserving negative sampling algorithm. Our plug-and-play design eliminates the need for expensive surrogate models while adhering to realistic unnoticeability constraints. LoReTTA degrades performance by upto 42.0% on MOOC, 31.5% on Wikipedia, 28.8% on UCI, and 15.6% on Enron. LoReTTA outperforms 11 attack baselines, remains undetectable to 4 leading anomaly detection systems, and is robust to 4 SotA adversarial defense training methods, establishing its effectiveness, unnoticeability, and robustness.