Signed social networks are widely used to model the trust relationships among online users in security-sensitive systems such as cryptocurrency trading platforms, where trust prediction plays a critical role. In this paper, we investigate how attackers could mislead trust prediction by secretly manipulating signed networks. To this end, we first design effective poisoning attacks against representative trust prediction models. The attacks are formulated as hard bi-level optimization problems, for which we propose several efficient approximation solutions. However, the resulting basic attacks would severely change the structural semantics (in particular, both local and global balance properties) of a signed network, which makes the attacks prone to be detected by the powerful attack detectors we designed. Given this, we further refine the basic attacks by integrating some conflicting metrics as penalty terms into the objective function. The refined attacks become secrecy-aware, i.e., they can successfully evade attack detectors with high probability while sacrificing little attack performance. We conduct comprehensive experiments to demonstrate that the basic attacks can severely disrupt trust prediction but could be easily detected, and the refined attacks perform almost equally well while evading detection. Overall, our results significantly advance the knowledge in designing more practical attacks, reflecting more realistic threats to current trust prediction models. Moreover, the results also provide valuable insights and guidance for building up robust trust prediction systems.

翻译：带符号社交网络广泛应用于加密货币交易平台等安全敏感系统中对用户间信任关系进行建模，其中信任预测扮演着关键角色。本文研究了攻击者如何通过隐蔽操控带符号网络来误导信任预测。为此，我们首先针对代表性的信任预测模型设计了有效的投毒攻击。这些攻击被形式化为困难的双层优化问题，我们提出了若干高效的近似求解方案。然而，所生成的基础攻击会严重改变带符号网络的结构语义（特别是局部与全局平衡性特征），导致其易被我们设计的强检测器识别。基于此，我们通过在目标函数中引入冲突指标作为惩罚项来改进基础攻击。改进后的攻击具备隐蔽感知能力，即能在几乎不损失攻击性能的前提下以高概率规避攻击检测。通过全面实验验证，基础攻击虽能严重破坏信任预测但极易被检测，而改进攻击在保持相近攻击效能的同时成功规避检测。总体而言，我们的研究显著推进了更具实用性的攻击设计认知，反映了当前信任预测模型面临的更真实威胁。此外，研究结果也为构建稳健的信任预测系统提供了宝贵见解与指导。