Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security 2017
DOI: 10.1145/3133956.3134083
|View full text |Cite
|
Sign up to set email alerts
|

Practical Attacks Against Graph-based Clustering

Abstract: Graph modeling allows numerous security problems to be tackled in a general way, however, little work has been done to understand their ability to withstand adversarial attacks. We design and evaluate two novel graph attacks against a state-of-the-art network-level, graph-based detection system. Our work highlights areas in adversarial machine learning that have not yet been addressed, specifically: graph-based clustering techniques, and a global feature space where realistic attackers without perfect knowledg… Show more

Help me understand this report
View preprint versions

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1

Citation Types

0
38
0

Year Published

2018
2018
2023
2023

Publication Types

Select...
4
4
1

Relationship

0
9

Authors

Journals

citations
Cited by 63 publications
(38 citation statements)
references
References 38 publications
0
38
0
Order By: Relevance
“…However, multiple recent studies showed that community detection is vulnerable to adversarial structural perturbations [8,9,13,28,36]. Specifically, via adding or removing a small number of carefully selected edges in a graph, an attacker can manipulate the detected communities.…”
mentioning
confidence: 99%
See 1 more Smart Citation
“…However, multiple recent studies showed that community detection is vulnerable to adversarial structural perturbations [8,9,13,28,36]. Specifically, via adding or removing a small number of carefully selected edges in a graph, an attacker can manipulate the detected communities.…”
mentioning
confidence: 99%
“…However, to the best of our knowledge, there are no studies to certify robustness of community detection against such adversarial structural perturbation. We note that several heuristic defenses [9,28] were proposed to enhance the robustness of community detection against structural perturbation. However, these defenses lack formal guarantees and can often be defeated by strategic attacks that adapt to them.…”
mentioning
confidence: 99%
“…where the first equation means we update the variablesb u using gradient descent and the second equation means that we project the variables to satisfy the two constraints in Equation 14 and Equation 15. Note that the variablesb u are initialized using the adversarial matrix in the (t − 1)th iteration, i.e.,b (0)…”
Section: Adversary With Full Knowledgementioning
confidence: 99%
“…To combat opinion spams, prior works have proposed abundant different detection models based on texts [31], [21], [22], [52], user-behaviors [31], [51], [11], network structures [1], [48], [27]. However, more resourceful spammers can exploit information about the detectors available through publications, spam-spotting guidance and detection websites 1 , to craft insidious spamming campaigns that can evade graphbased and text-based detectors [7], [16]. However, adversarial evasions against behavior-based detectors have so far received less attention.…”
Section: Introductionmentioning
confidence: 99%