Adversarial Attacks on Node Embeddings via Graph Poisoning
This addresses a security gap for users of graph-based machine learning, but it is incremental as it focuses on a specific family of methods.
The paper tackles the problem of adversarial vulnerability in network representation learning methods based on random walks, showing that derived perturbations can poison graph structure and degrade embedding quality and downstream tasks.
The goal of network representation learning is to learn low-dimensional node embeddings that capture the graph structure and are useful for solving downstream tasks. However, despite the proliferation of such methods, there is currently no study of their robustness to adversarial attacks. We provide the first adversarial vulnerability analysis on the widely used family of methods based on random walks. We derive efficient adversarial perturbations that poison the network structure and have a negative effect on both the quality of the embeddings and the downstream tasks. We further show that our attacks are transferable since they generalize to many models and are successful even when the attacker is restricted.