Social platforms such as Twitter are under siege from a multitude of fraudulent users. In response, social bot detection tasks have been developed to identify such fake users. Due to the structure of social networks, the majority of methods are based on the graph neural network(GNN), which is susceptible to attacks. In this study, we propose a node injection-based adversarial attack method designed to deceive bot detection models. Notably, neither the target bot nor the newly injected bot can be detected when a new bot is added around the target bot. This attack operates in a black-box fashion, implying that any information related to the victim model remains unknown. To our knowledge, this is the first study exploring the resilience of bot detection through graph node injection. Furthermore, we develop an attribute recovery module to revert the injected node embedding from the graph embedding space back to the original feature space, enabling the adversary to manipulate node perturbation effectively. We conduct adversarial attacks on four commonly used GNN structures for bot detection on two widely used datasets: Cresci-2015 and TwiBot-22. The attack success rate is over 73\% and the rate of newly injected nodes being detected as bots is below 13\% on these two datasets.

翻译：诸如Twitter等社交平台正面临大量欺诈用户的威胁。为应对这一问题，社交机器人检测任务应运而生，旨在识别此类虚假用户。由于社交网络的结构特性，大多数检测方法基于图神经网络（GNN），而GNN容易受到攻击。在本研究中，我们提出了一种基于节点注入的对抗攻击方法，旨在欺骗机器人检测模型。值得注意的是，当在目标机器人周围添加新机器人时，无论是目标机器人还是新注入的机器人均无法被检测到。该攻击以黑盒方式进行，这意味着与受害者模型相关的任何信息均未知。据我们所知，这是首项通过图节点注入探索机器人检测鲁棒性的研究。此外，我们开发了一个属性恢复模块，将注入节点的嵌入从图嵌入空间还原到原始特征空间，从而使攻击者能够有效操纵节点扰动。我们在两个广泛使用的数据集Cresci-2015和TwiBot-22上，对四种常用于机器人检测的GNN结构进行了对抗攻击。在这两个数据集上，攻击成功率超过73%，而新注入节点被检测为机器人的比率低于13%。