Message Injection Attack on Rumor Detection under the Black-Box Evasion Setting Using Large Language Model

Yifeng Luo; Yupeng Li; Dacheng Wen; Liang Lan

doi:10.1145/3589334.3648139

Message Injection Attack on Rumor Detection under the Black-Box Evasion Setting Using Large Language Model

Yifeng Luo, Yupeng Li^*, Dacheng Wen, Liang Lan

^*Corresponding author for this work

Department of Interactive Media

Research output: Chapter in book/report/conference proceeding › Conference proceeding › peer-review

2 Citations (Scopus)

Abstract

Recent analyses have disclosed that existing rumor detection techniques, despite playing a pivotal role in countering the dissemination of misinformation on social media, are vulnerable to both white-box and surrogate-based black-box adversarial attacks. However, such attacks depend heavily on unrealistic assumptions, e.g., modifiable user data and white-box access to the rumor detection models, or appropriate selections of surrogate models, which are impractical in the real world. Thus, existing analyses fail to uncover the robustness of rumor detectors in practice. In this work, we take a further step towards the investigation about the robustness of existing rumor detection solutions. Specifically, we focus on the state-of-the-art rumor detectors, which leverage graph neural network based models to predict whether a post is rumor based on the Message Propagation Tree (MPT), a conversation tree with the post as its root and the replies to the post as the descendants of the root. We propose a novel black-box attack method, HMIA-LLM, against these rumor detectors, which uses the Large Language Model to generate malicious messages and inject them into the targeted MPTs. Our extensive evaluation conducted across three rumor detection datasets, four target rumor detectors, and three baselines for comparison demonstrates the effectiveness of our proposed attack method in compromising the performance of the state-of-the-art rumor detectors.

Original language	English
Title of host publication	WWW '24: Proceedings of the ACM Web Conference 2024
Publisher	Association for Computing Machinery (ACM)
Pages	4512-4522
Number of pages	11
ISBN (Electronic)	9798400701719
DOIs	https://doi.org/10.1145/3589334.3648139
Publication status	Published - 13 May 2024
Event	33rd ACM Web Conference, WWW 2024 - Singapore, Singapore Duration: 13 May 2024 → 17 May 2024

Publication series

Name	WWW 2024 - Proceedings of the ACM Web Conference

Conference

Conference	33rd ACM Web Conference, WWW 2024
Country/Territory	Singapore
City	Singapore
Period	13/05/24 → 17/05/24

User-Defined Keywords

black-box evasion setting
graph neural networks
large language model
message injection attack
rumor detection

Access to Document

10.1145/3589334.3648139

Cite this

@inproceedings{54089a11f0aa4872a57b4dd20e2cdcd7,

title = "Message Injection Attack on Rumor Detection under the Black-Box Evasion Setting Using Large Language Model",

abstract = "Recent analyses have disclosed that existing rumor detection techniques, despite playing a pivotal role in countering the dissemination of misinformation on social media, are vulnerable to both white-box and surrogate-based black-box adversarial attacks. However, such attacks depend heavily on unrealistic assumptions, e.g., modifiable user data and white-box access to the rumor detection models, or appropriate selections of surrogate models, which are impractical in the real world. Thus, existing analyses fail to uncover the robustness of rumor detectors in practice. In this work, we take a further step towards the investigation about the robustness of existing rumor detection solutions. Specifically, we focus on the state-of-the-art rumor detectors, which leverage graph neural network based models to predict whether a post is rumor based on the Message Propagation Tree (MPT), a conversation tree with the post as its root and the replies to the post as the descendants of the root. We propose a novel black-box attack method, HMIA-LLM, against these rumor detectors, which uses the Large Language Model to generate malicious messages and inject them into the targeted MPTs. Our extensive evaluation conducted across three rumor detection datasets, four target rumor detectors, and three baselines for comparison demonstrates the effectiveness of our proposed attack method in compromising the performance of the state-of-the-art rumor detectors.",

keywords = "black-box evasion setting, graph neural networks, large language model, message injection attack, rumor detection",

author = "Yifeng Luo and Yupeng Li and Dacheng Wen and Liang Lan",

note = "This work was supported in part by the National Natural Science Foundation of China under Grant 62202402, in part by the Guangdong Basic and Applied Basic Research Foundation under Grant 2022A1515011583 and Grant 2023A1515011562, in part by the Hong Kong Research Grants Council Early Career Scheme under Grant 22202423, in part by the National Natural Science Foundation of China under Grant 61906161, in part by the Germany/Hong Kong Joint Research Scheme sponsored by the Research Grants Council of Hong Kong and the German Academic Exchange Service of Germany under Grant G-HKBU203/22, in part by the One-Off Tier 2 Start-Up Grant (2020/2021) of Hong Kong Baptist University under Grant RC-OFSGT2/20-21/COMM/002, and in part by the Startup Grant (Tier 1) for New Academics of Hong Kong Baptist University under Grant AY2020/21. Publisher Copyright: {\textcopyright} 2024 ACM.; 33rd ACM Web Conference, WWW 2024 ; Conference date: 13-05-2024 Through 17-05-2024",

year = "2024",

month = may,

day = "13",

doi = "10.1145/3589334.3648139",

language = "English",

series = "WWW 2024 - Proceedings of the ACM Web Conference",

publisher = "Association for Computing Machinery (ACM)",

pages = "4512--4522",

booktitle = "WWW '24: Proceedings of the ACM Web Conference 2024",

address = "United States",

}

Luo, Y, Li, Y, Wen, D & Lan, L 2024, Message Injection Attack on Rumor Detection under the Black-Box Evasion Setting Using Large Language Model. in WWW '24: Proceedings of the ACM Web Conference 2024. WWW 2024 - Proceedings of the ACM Web Conference, Association for Computing Machinery (ACM), pp. 4512-4522, 33rd ACM Web Conference, WWW 2024, Singapore, Singapore, 13/05/24. https://doi.org/10.1145/3589334.3648139

Message Injection Attack on Rumor Detection under the Black-Box Evasion Setting Using Large Language Model. / Luo, Yifeng; Li, Yupeng; Wen, Dacheng et al.
WWW '24: Proceedings of the ACM Web Conference 2024. Association for Computing Machinery (ACM), 2024. p. 4512-4522 (WWW 2024 - Proceedings of the ACM Web Conference).

Research output: Chapter in book/report/conference proceeding › Conference proceeding › peer-review

TY - GEN

T1 - Message Injection Attack on Rumor Detection under the Black-Box Evasion Setting Using Large Language Model

AU - Luo, Yifeng

AU - Li, Yupeng

AU - Wen, Dacheng

AU - Lan, Liang

N1 - This work was supported in part by the National Natural Science Foundation of China under Grant 62202402, in part by the Guangdong Basic and Applied Basic Research Foundation under Grant 2022A1515011583 and Grant 2023A1515011562, in part by the Hong Kong Research Grants Council Early Career Scheme under Grant 22202423, in part by the National Natural Science Foundation of China under Grant 61906161, in part by the Germany/Hong Kong Joint Research Scheme sponsored by the Research Grants Council of Hong Kong and the German Academic Exchange Service of Germany under Grant G-HKBU203/22, in part by the One-Off Tier 2 Start-Up Grant (2020/2021) of Hong Kong Baptist University under Grant RC-OFSGT2/20-21/COMM/002, and in part by the Startup Grant (Tier 1) for New Academics of Hong Kong Baptist University under Grant AY2020/21. Publisher Copyright: © 2024 ACM.

PY - 2024/5/13

Y1 - 2024/5/13

N2 - Recent analyses have disclosed that existing rumor detection techniques, despite playing a pivotal role in countering the dissemination of misinformation on social media, are vulnerable to both white-box and surrogate-based black-box adversarial attacks. However, such attacks depend heavily on unrealistic assumptions, e.g., modifiable user data and white-box access to the rumor detection models, or appropriate selections of surrogate models, which are impractical in the real world. Thus, existing analyses fail to uncover the robustness of rumor detectors in practice. In this work, we take a further step towards the investigation about the robustness of existing rumor detection solutions. Specifically, we focus on the state-of-the-art rumor detectors, which leverage graph neural network based models to predict whether a post is rumor based on the Message Propagation Tree (MPT), a conversation tree with the post as its root and the replies to the post as the descendants of the root. We propose a novel black-box attack method, HMIA-LLM, against these rumor detectors, which uses the Large Language Model to generate malicious messages and inject them into the targeted MPTs. Our extensive evaluation conducted across three rumor detection datasets, four target rumor detectors, and three baselines for comparison demonstrates the effectiveness of our proposed attack method in compromising the performance of the state-of-the-art rumor detectors.

AB - Recent analyses have disclosed that existing rumor detection techniques, despite playing a pivotal role in countering the dissemination of misinformation on social media, are vulnerable to both white-box and surrogate-based black-box adversarial attacks. However, such attacks depend heavily on unrealistic assumptions, e.g., modifiable user data and white-box access to the rumor detection models, or appropriate selections of surrogate models, which are impractical in the real world. Thus, existing analyses fail to uncover the robustness of rumor detectors in practice. In this work, we take a further step towards the investigation about the robustness of existing rumor detection solutions. Specifically, we focus on the state-of-the-art rumor detectors, which leverage graph neural network based models to predict whether a post is rumor based on the Message Propagation Tree (MPT), a conversation tree with the post as its root and the replies to the post as the descendants of the root. We propose a novel black-box attack method, HMIA-LLM, against these rumor detectors, which uses the Large Language Model to generate malicious messages and inject them into the targeted MPTs. Our extensive evaluation conducted across three rumor detection datasets, four target rumor detectors, and three baselines for comparison demonstrates the effectiveness of our proposed attack method in compromising the performance of the state-of-the-art rumor detectors.

KW - black-box evasion setting

KW - graph neural networks

KW - large language model

KW - message injection attack

KW - rumor detection

UR - http://www.scopus.com/inward/record.url?scp=85194097248&partnerID=8YFLogxK

U2 - 10.1145/3589334.3648139

DO - 10.1145/3589334.3648139

M3 - Conference proceeding

AN - SCOPUS:85194097248

T3 - WWW 2024 - Proceedings of the ACM Web Conference

SP - 4512

EP - 4522

BT - WWW '24: Proceedings of the ACM Web Conference 2024

PB - Association for Computing Machinery (ACM)

T2 - 33rd ACM Web Conference, WWW 2024

Y2 - 13 May 2024 through 17 May 2024

ER -

Message Injection Attack on Rumor Detection under the Black-Box Evasion Setting Using Large Language Model

Abstract

Publication series

Conference

User-Defined Keywords

Access to Document

Other files and links

Fingerprint

Cite this