Signed graphs are widely used to model the trust relationships among users in security-sensitive systems such as cryptocurrency trading platforms, where trust prediction plays a critical role. In this paper, we investigate how attackers could mislead trust prediction via manipulating signed graphs while remaining secret. To this end, we first design effective poisoning attacks against representative trust prediction tools. The attacks are formulated as hard bi-level optimization problems, for which we propose several efficient approximation solutions. The resulting basic attacks would severely change the structural semantics (in particular, both local and global balance properties) of a signed graph, which makes the attacks prone to be detected by the powerful attack detectors we designed. To address this issue, we further refine the basic attacks by integrating some conflicting metrics as penalty terms into the objective function. The refined attacks become secrecy-aware: they can successfully evade attack detectors with high probability while sacrificing little attack performance. We conduct comprehensive experiments to demonstrate that the basic attacks can severely disrupt trust prediction, the basic attacks could be easily detected, and the refined attacks can preserve attack performance while evading detection. Overall, our results significantly advance the knowledge in designing more practical attacks, reflecting more realistic threats to current trust prediction systems.
翻译:签名图表被广泛用于模拟安全敏感系统用户之间的信任关系,例如加密货币交易平台,信任预测可发挥关键作用。在本文中,我们调查攻击者如何通过操纵签名图表而保守秘密来误导信任预测。为此,我们首先设计针对代表性信任预测工具的有效中毒袭击。这些袭击被设计成硬双级优化问题,为此我们提出若干高效近似解决方案。由此产生的基本袭击将严重改变一个签名图表的结构语义(特别是地方和全球平衡属性),从而使这些袭击容易被我们设计的强力袭击探测器探测出来。为了解决这一问题,我们进一步细化基本袭击,将一些相互矛盾的计量标准作为惩罚术语纳入目标功能。改良式袭击成为保密性袭击:它们能够成功避开袭击检测器,同时很少牺牲袭击性能。我们进行全面实验,以证明基本袭击能够严重扰乱信任预测,基本袭击可以很容易被检测,而精细化的袭击可以在回避探测时保存攻击性表现。总体而言,我们在设计更切合实际的攻击时,大大推进了对当前信任系统进行更现实威胁的知识。