ML Security PapersCommunity Concealment from Unsupervised Graph Learning-Based Clustering
Dalyapraz Manatova 1, Pablo Moriano 2, L. Jean Camp 3
Published on arXiv
2602.12250
Input Manipulation Attack
OWASP ML Top 10 — ML01
Key Finding
FCom-DICE achieves 20–45% median relative concealment improvements over DICE across synthetic and real networks under identical perturbation budgets.
FCom-DICE
Novel technique introduced
Graph neural networks (GNNs) are designed to use attributed graphs to learn representations. Such representations are beneficial in the unsupervised learning of clusters and community detection. Nonetheless, such inference may reveal sensitive groups, clustered systems, or collective behaviors, raising concerns regarding group-level privacy. Community attribution in social and critical infrastructure networks, for example, can expose coordinated asset groups, operational hierarchies, and system dependencies that could be used for profiling or intelligence gathering. We study a defensive setting in which a data publisher (defender) seeks to conceal a community of interest while making limited, utility-aware changes in the network. Our analysis indicates that community concealment is strongly influenced by two quantifiable factors: connectivity at the community boundary and feature similarity between the protected community and adjacent communities. Informed by these findings, we present a perturbation strategy that rewires a set of selected edges and modifies node features to reduce the distinctiveness leveraged by GNN message passing. The proposed method outperforms DICE in our experiments on synthetic benchmarks and real network graphs under identical perturbation budgets. Overall, it achieves median relative concealment improvements of approximately 20-45% across the evaluated settings. These findings demonstrate a mitigation strategy against GNN-based community learning and highlight group-level privacy risks intrinsic to graph learning.
Key Contributions
- Analysis identifying two quantifiable factors driving community hidability: boundary connectivity ratio and feature similarity to adjacent communities
- FCom-DICE perturbation strategy that rewires structurally important edges and modifies node features to reduce distinctiveness in GNN message passing
- Empirical demonstration of 20–45% median relative concealment improvement over DICE baseline on synthetic and real-world networks (Facebook, Wikipedia, Bitcoin)
🛡️ Threat Analysis
FCom-DICE perturbs the graph input (edge rewiring + node feature modification) at inference time to cause a GNN-based community detection model to fail — this is an evasion/input manipulation attack on an ML system, framed as a group-privacy defense. The adversary is the GNN itself, and the perturbation is crafted to exploit message-passing dynamics.