The rise of bot accounts on social media poses significant risks to public discourse. To address this threat, modern bot detectors increasingly rely on Graph Neural Networks (GNNs). However, the effectiveness of these GNN-based detectors in real-world settings remains poorly understood. In practice, attackers continuously adapt their strategies as well as must operate under domain-specific and temporal constraints, which can fundamentally limit the applicability of existing attack methods. As a result, there is a critical need for robust GNN-based bot detection methods under realistic, constraint-aware attack scenarios. To address this gap, we introduce BOCLOAK to systematically evaluate the robustness of GNN-based social bot detection via both edge editing and node injection adversarial attacks under realistic constraints. BOCLOAK constructs a probability measure over spatio-temporal neighbor features and learns an optimal transport geometry that separates human and bot behaviors. It then decodes transport plans into sparse, plausible edge edits that evade detection while obeying real-world constraints. We evaluate BOCLOAK across three social bot datasets, five state-of-the-art bot detectors, three adversarial defenses, and compare it against four leading graph adversarial attack baselines. BOCLOAK achieves up to 80.13% higher attack success rates while using 99.80% less GPU memory under realistic real-world constraints. Most importantly, BOCLOAK shows that optimal transport provides a lightweight, principled framework for bridging the gap between adversarial attacks and real-world bot detection.

翻译：社交媒体上僵尸账户的激增对公共话语构成重大风险。为应对此威胁，现代僵尸检测器日益依赖图神经网络。然而，这些基于GNN的检测器在真实场景中的有效性仍鲜为人知。实践中，攻击者持续调整策略，且必须在特定领域和时序约束下操作，这从根本上限制了现有攻击方法的适用性。因此，亟需在现实、约束感知的攻击场景下开发鲁棒的基于GNN的僵尸检测方法。为填补此空白，我们提出BOCLOAK，通过在现实约束下结合边编辑与节点注入对抗攻击，系统评估基于GNN的社交僵尸检测的鲁棒性。BOCLOAK构建时空邻居特征的概率测度，并学习分离人类与僵尸行为的最优传输几何结构。随后将传输方案解码为稀疏、合理的边编辑操作，在遵守现实约束的同时规避检测。我们在三个社交僵尸数据集、五种最先进的僵尸检测器、三种对抗防御机制上评估BOCLOAK，并与四种主流图对抗攻击基线进行比较。在现实约束条件下，BOCLOAK实现最高80.13%的攻击成功率提升，同时减少99.80%的GPU内存消耗。最重要的是，BOCLOAK证明最优传输为弥合对抗攻击与真实世界僵尸检测之间的鸿沟提供了轻量化、原则性的框架。