Budgeted Adversarial Attack against Graph-Based Anomaly Detection in Sensor Networks

Graph Neural Networks (GNNs) have emerged as powerful models for anomaly detection in sensor networks, particularly when analyzing multivariate time series. In this work, we introduce BETA, a novel grey-box evasion attack targeting such GNN-based detectors, where the attacker is constrained to perturb sensor readings from a limited set of nodes, excluding the target sensor, with the goal of either suppressing a true anomaly or triggering a false alarm at the target node. BETA identifies the sensors most influential to the target node's classification and injects carefully crafted adversarial perturbations into their features, all while maintaining stealth and respecting the attacker's budget. Experiments on three real-world sensor network datasets show that BETA reduces the detection accuracy of state-of-the-art GNN-based detectors by 30.62 to 39.16% on average, and significantly outperforms baseline attack strategies, while operating within realistic constraints.

Key Contributions

• BETA: a novel grey-box budgeted evasion attack against GNN-based anomaly detectors that restricts perturbations to a limited subset of non-target sensor nodes
• Influence-based node selection strategy that identifies sensors most critical to the target node's classification using graph structure
• Empirical evaluation across three real-world sensor network datasets demonstrating 30.62–39.16% average reduction in detection accuracy

🛡️ Threat Analysis

Details

Similar Papers