1 Introduction
Many aspects of everyday life involve networks; social networks, biological networks, and the World Wide Web are just a few examples. The study of networks touches many disciplines ranging from physics to computer and social science. One important task in network analysis is the identification of communities, that is, regions (subsets of vertices) of a network that help to gain insights about its structure [fortunato2010community]. Detecting communities is useful for several purposes such as identifying topics in information networks [revelle2015finding], criminal organization from mobile networks [ferrara2014detecting], friendship in social networks [yang2013community] or motifs in biological networks [fionda2011biological].
While community detection is a wellunderstood and studied problem, little has been done in terms of community deception. Solving the community deception problem amounts at devising techniques to conceal the existence of a target community from community detection algorithms. Studying community deception is intriguing from two different perspectives. On one hand, deception techniques can be useful for activists in despotic regimes to hide themselves (as a group) from software like the Laplace’s Demon, a protest monitoring system developed by a proKremlin group [laplacedaemon]; or, police enforcements to avoid to be tracked as done by Ukrainian bloggers that tracked Russian soldiers on social media [ukranianbloggers]. On the other hand, the study of deception techniques raises awareness for design of novel community detection algorithms robust to community deception techniques as deception could also be used for malicious purposes. When embarking on the study of community deception we identified some research challenges, among which: (i) how to practically realize community deception? (ii) how to devise computationally feasible algorithms? (iii) how to assess the degree of deception of a target community ? We show how to tackle challenge (i) by rewiring in a principled way the connections of s members. As for challenge (ii) we present two greedy algorithms; the first based on modularity and the second one based on a novel measure of community safeness. To tackle challenge (iii) we introduce a deception measure that computed before and after applying community deception algorithms allows to measure their success.
Related Work. Community detection algorithms strive to maximize cluster quality measures such as modularity [blondel2008fast, newman2006finding], adopt probabilistic approaches based, for instance, on random walks [yang2013community, rosvall2008maps] or use network attributes [yang2013community]. Yet other approaches study the problem of finding a community given a set of vertices [barbieri2015efficient]. Fortunato [fortunato2010community] provides a comprehensive study on this topic while other studies focus on the evaluation of community detection algorithms (e.g., [leskovec2010empirical, yang2015defining]).
In this paper we take a different direction and tackle the problem of designing algorithms to deceive community detection algorithms. Our goal is to to hide a community from being discovered by community detection algorithms. We are not aware of any previous work on this topic. Note that community deception differs from community preservation. This latter problem is usually tackled via techniques such as kanonymity, kdegree anonymity [campan2015preserving] or kisomorphism [cheng2010k] and is focused on the assessment of how well the anonymization preserves communities from the original network [campan2015preserving]. In contrast, tackling community deception does not require anonymization as the goal is to hide a community while keeping its identity (i.e., the identity of its members) untouched.
Contributions and Outline. We make the following main contributions:

introducing and formalizing the community deception problem, which, to the best of our knowledge, has no been studied before;

presenting two algorithms for community deception, one based on modularity and the other based on a novel measure of community safeness;

showing how our algorithms are able to deceive several existing community detection algorithms on real and synthetic networks.
The remainder of the paper is organized as follows. Section 2 introduces the problem and provides an example. Section 3 presents our first algorithm for community deception based on modularity. In Section 4 we introduce our second algorithm based on community safeness. The experimental evaluation is discussed in Section 5. We conclude and sketch future work in Section 6.
2 Problem Statement and Running Example
A network is an undirected graph that includes a set of := vertices and := edges. We denote by = the degree of , where is the set of neighbors of . The set of communities is denoted by ={} and denotes the ith community. denotes the set of edges that are incident to some nodes in . We distinguish between intracommunity edges of the form and intercommunity edges of the form :. The degree of a community is denoted by: =. (resp., ) denotes a set of edge additions (resp., deletions) on . We denote by the community, not necessarily part of , that we want to hide from community detection algorithms. [Community Deception] Let be a network and a community detection algorithm. Given a community , and a deception function , find a network with such that:
(1) 
where and }
The function mimics the process of deceiving a community detection algorithm so that . Solving the community deception problem amounts at designing algorithms capable to find an updated network so that is maximized. An optimal algorithm for this problem is computationally hard as it requires an exhaustive exploration of all possible combinations of (subsets of) edge updates (i.e., and ). As we will describe shortly, we resort to greedy algorithms that find the local optimum at each evaluation step.
Moreover, to measure the level of deception of we introduce the score, which encompasses different kinds of information such as reachability between members and their spreading in . This score (see Definition 6), computed before () and after () the usage of a community deception algorithm, allows to quantify its performance – we will write when and are clear from the context. The worst case (i.e., =0) occurs when belongs to the output of (). If then members can be spread inside in many ways, thus leading to many values. The best (i.e., 1) is obtained when members are reachable from one another and spread in different (large) communities.
Running Example. Consider the Zachary’s Karate Club network [zachary1977information] and the partition in communities shown in Fig. 1 (a) obtained by the Louvain community detection algorithm (=louv) [blondel2008fast]. To model the worstcase scenario from the deception point of view, we assume =, that is, and then =0. We now outline our deception algorithms.
In the first algorithm () the function (in the general statement of the deception problem) is the modularity loss =. ’s greedy strategy at each step picks the edge change with the highest . Our choice to use modularity for community deception stems from the observation that several community detection algorithms (e.g., [blondel2008fast, newman2006finding]) are based on modularity maximization. Therefore, if the edge update found by introduces a modularity loss, then a community detection algorithm applied to (i.e., after applying the update) will possibly give a partitioning in communities more favorable to than that in (i.e., ).
One key feature of is that to determine the best edge updates it does not require to recompute modularity from scratch for each candidate edge. leverages updating rules (see Section 3.1) able to measure the impact of an update on modularity before applying it. Fig. 1 (b) reports the output of the community detection algorithm on , the network obtained after applying the updates found by (reported in the innerbox) on . In terms of deception, the situation for has improved. This is because: (i) its members are now spread in two communities (e.g., 24, is now part of ); (ii) other nodes of are now grouped with node 3 and 10 in . Indeed, the deception score goes from =0 to =0.307. Nevertheless, node 24 is now disconnected from the other members of . It is worth to mention that the choice of the type of update is subtle. In fact, if one were to add the edge (24,25) in Fig. 1 (a) instead of (24,1) and running again on the updated network, modularity would have increased and all members would have remained in the same community; same reasoning for the deletion of (24,33) instead of (25,26). We will formally study these aspects in Section 3.
Since not all detection algorithms are based on modularity (e.g., [rosvall2008maps]) we have devised another deception algorithm where is the safeness gain =. Safeness looks at reachability between members and their connection with nodes not in (see Section 4). Also in this case it is possible to determine the impact of updates on safeness before applying them to (Section 4.1). The output of after applying the changes (see innerbox) detected by is reported in Fig. 1 (c). Intuitively, gives a better set of changes than since: (i) members are now equally spread in two communities while in Fig. 1 (b) this is not the case; (ii) members are now better “hidden” with nodes in and ; (iii) all nodes of are reachable from one another. gives a higher deception score, that is, =0.436.
The worstcase scenario discussed in this example underlines how our community deception algorithms were able to detect a few updates that significantly increased the deception of in a real network. Even if in this example the Louvain algorithm was used, our algorithms can deceive any community detection algorithm as we will discuss in the experimental evaluation section (Section 5).
3 Community Deception via Modularity
We now introduce the first community deception algorithm () based on modularity [newman2006modularity], a wellstudied measure^{1}^{1}1Other types of modularity (e.g., generalized [ganji2015generalized]) are orthogonal to our study. in the community detection literature. (Modularity). Given a network , the modularity of the partition of this network into communities ={} is given by:
(2) 
where = and =.
Modularity measures the number of edges falling within groups minus their expected number in an equivalent network with edges placed at random The objective of many community detection algorithms is to maximize modularity [brandes2008modularity]. Our first deception algorithm considers the function (see Problem 2) to be the modularity loss = and thus the goal is to find the set of edge updates where is maximized. Newman [newman2006finding] touched the somehow related problem of modularity minimization for the discovery of anticommunities [newman2006finding]. Our approach differs in two main respects. First, community deception strives to maximize w.r.t. , that is, via edge updates performed by members only. Second, Newman’s study did not report on the impact of the different types of edge updates on modularity while we formally tackle this problem in Section 3.1.
As anticipated in the running example, adopts a greedy strategy that at each step identifies the edge update that brings the highest modularity loss. In what follows, we first study the modularity loss for the different types of edge updates and then outline the algorithm.
3.1 Impact of Edge Updates on Modularity
Let be a network and a partitioning having modularity . Let = be the modularity loss and a community.
Edge Addition. We first consider the addition of an intercommunity edge.
Theorem 3.1
For any intercommunity edge addition : , with giving we have that:
if, and only if, .
Proof
By manipulating eq. (2) we have that (sum of edges within communities) remains unchanged while (sum of the degrees in all communities) becomes . This gives the new value of modularity:
(3) 
The possible modularity loss is:
The modularity in that derives from the addition of an intercommunity edge is independent from and as it only depends on the degrees of and ; the higher and the higher the modularity loss. The maximum loss can be obtained by picking as source and target communities for the edge addition the communities having the highest degrees. ∎
If , the possible modularity loss depends on the rank (in terms of degree) of in . To give a hint about the result in Theorem 3.1, consider the network in Fig. 1 (a) where and =24. Note that the edge (26,18) identified by brings the highest modularity loss since 18 is in the community with the highest degree (i.e., =62). If , the result of Theorem 3.1 still holds; the edge insertion with the highest possible loss is : and is maximal. We now consider the addition of an intracommunity edge.
Theorem 3.2
For any intracommunity edge addition : giving we have that:
if, and only if, .
Proof
By manipulating eq. (2) we have that = and giving the new value of modularity:
(4) 
The possible loss is independent from and ; it only depends on the degree of the community . In this case:
∎
If , then the possible modularity loss deriving from an intracommunity edge addition depends on the degree of . If , Theorem 3.2 still holds; the edge insertion with the possible highest loss is : and is maximal. By considering an intercommunity edge addition between communities and (giving the network ) and an intraedge addition in the community (giving the network ) we have that: =. Since , we have that and, thus, .
Corollary 1
The best edge addition, in terms of possible modularity loss, is an intercommunity edge between the communities and having the highest cumulative degree and such that . The modularity loss is the same for each edge addition no matter the pair of nodes and .
Edge Deletion. The proofs of the following theorems, similar in spirit to those of edge additions, are available in the Appendix. We start with the deletion of an intercommunity edge.
Theorem 3.3
For any intercommunity edge deletion : , with giving we have that:
if, and only if,
4 Community Deception via Safeness
In this section we describe , our second algorithm for community deception. Differently from the , this approach is independent from any cluster quality measures. We now introduce the notion of node safeness. (Node Safeness). Let be a network, a community, and a member of . The safeness of in is defined as:
(5) 
where is the set of nodes reachable from passing only via nodes in , is the set of edges between and some node in , is the set of edges between and some node not in .
The leftmost part of eq. (5) takes into account the portion of nodes in that can be reached only via other nodes in balanced by the number of intracommunity edges. In the ideal situation a member of will be able to reach all the other members of with the minimum number of edges, that is, one. This gives an account of howwell can transmit information in . The second term of eq. (5) gives an account on how is “hidden” inside the network with respect to its degree. To increase its safeness should diversify its connections, that is, have the right proportion of links with members of communities other than . We now define the safeness of inside a network : (Community Safeness Score). Given a network and a community , the safeness of denoted by is defined as:
Defining the safeness of starting from the safeness of its members allows to identify the least safe and rewire their links to increase the score of the whole . Safeness allows to control different aspects of a community such as reachability and internal/external edge balance that were not taken into account by the modularity loss. members should be able to communicate while at the same time diversify their connections with members outside . Moreover, incorporating reachability in the safeness formula avoids to disconnect , which can occur when using the modularity loss as shown in the example in Fig. 1 (b) where node 24 was disconnected from the other members of .
Our second deception algorithm considers the function to be the safeness gain = and thus the goal is to find the set of edge updates where is maximized.
4.1 Impact of Edge Updates on Safeness
As usual, we treat separately edge additions and deletions. However, note that given a node the safeness score only considers the portion of edges incident to connecting to other members of and the portion of edges that connect to nodes not in . Thus, instead of talking about intracommunity and intercommunity edges, we will talk about intra and inter edges. We assume wlog that for every inter edge we have and . Let be a network and a community having safeness , we have the following results (the proofs of the theorems are available in the Appendix.)
Edge Addition. We start with inter edge additions.
Theorem 4.1
For any inter edge addition s.t. and giving we have that .
Moreover, among all the possible inter edge addition, the more beneficial is that performed by the node with the minimum ratio . We now analyze the case of the addition of an intra edge.
Theorem 4.2
For any intra edge addition s.t. giving we have if: (i) in ; (ii) in and (iii) the following condition holds:
where and are the two disconnected components of in to which and belong before the addition of .
The above theorem deals with the addition of an intra edge where both members belong to . The possibility for such an edge to increase the safeness of the community occurs when it allows to connect previously disconnected portions of . If no new communication paths among nodes of the community are made available, the new edge will certainly decrease the safeness score. Intuitively, this is justified by the fact that if the edge does not bring any advantage in terms of connectivity among the nodes of , it will have only the effect to get and more connected to members of ; thus, it is likely that and will be considered part of the same community. We believe that, because of the notion of community itself, it is reasonable to consider that members of are reachable in from one another via paths involving other members of , and, thus, the induced subgraph of on the nodes in should have a single connected component.
Corollary 2
The best addition is an inter edge from having the lowest ratio . The safeness gain is the same for each edge (u,w) where .
Edge Deletion. We start with the deletion of an inter edge.
Theorem 4.3
For any inter edge deletion such that giving we have that .
We now analyze the case of the deletion of an intra edge by showing that it does not always bring an increase of safeness.
Theorem 4.4
For any intra edge deletion s.t. giving we have that if:

in ; or

in and it holds , where and are the two disconnected components of obtained after deleting to which and belong.
Similarly to the previous case, since is a community, it is reasonable to preserve the possibility for the members of to communicate with each other and thus that induced subgraph of on the nodes in has a single connected component. By looking at the previous theorems, the following corollary holds.
Corollary 3
The best edge deletion is an intra edge with having the highest value .
4.2 The algorithm
The community deception algorithm outlined in Algorithm 1 builds upon the analysis performed in Section 4.1. at each step compares the two most convenient edge updates (line 13) as per Corollary 3 (lines 23) and Corollary 2 (lines 57; lines 911) and returns the update giving the highest safeness gain.
5 Experimental Evaluation
We now report on the experimental evaluation. We start by describing the experimental setting, the evaluation methodology, and then report on the results.
Experimental Setting. We performed all the experiments in the worstcase scenario, that is ; we pick a random and assume . We investigated to what extent our algorithms and are able to deceive the following community detection algorithms available in igraph^{2}^{2}2http://igraph.org/r: Louvain [blondel2008fast] (louv), Optimal [brandes2008modularity] (opt), InfoMap [rosvall2008maps] (inf), WalkTrap [pons2005computing] (walk),Greedy [clauset2004finding] (gre), SpinGlass [reichardt2006statistical] (spin), Label propagation [raghavan2007near] (lab
), Leading Eigenvectors
[newman2006finding] (eig), and EdgeBetweeness [girvan2002community] (btw).Datasets. We considered the following networks: Zachary’s Karate Club (kar), Dolphins (dol), Les Miserables (lesm), American College Football (ftb), Madrid Terrorist Network (mad), Books about US Politics (pol), and USA Power Grid (pow) available online^{3}^{3}3http://wwwpersonal.umich.edu/~mejn/netdata. We also generated networks according to the community detection benchmark generator described by Lancichinetti and Fortunato [lancichinetti2009benchmarks]^{4}^{4}4The code is available at https://sites.google.com/site/santofortunato/inthepress2. Experiments have been conducted on a PC i5 CPU 2.6 GHz and 8GB RAM. The code of our implementation in R, the datasets and instructions about how to replicate the experiments are available online^{5}^{5}5https://github.com/giuseppepirro/comdeception.
Evaluation Methodology. To measure the success of community deception algorithms we define the community deception score . (Community Deception Score). Given the output of a detection algorithm , the community deception score is:
(6) 
are the connected components in the subgraph induced by members.
The first multiplicative factor in eq. (6) takes into account the fact that a deception algorithm should preserve as much as possible reachability between nodes in . The best situation is when all nodes are in a single connected component while the worst case occurs when they all belong to a different connected component. The second multiplicative factor includes two terms. The first term measures the community spread, that is, how members are spread within . It reaches its maximum when each member of is placed by in a different community. The second term measures community hiding, that is, the average percentage of members in the communities in . The ideal situation is when each community contains a little percentage of nodes. Summing up, 1 if (i) nodes are in a single connected components and (ii) each such nodes belongs to a different (large) community. Conversely, =0 if (i) each member of belongs to a different connected component or (ii) . The evaluation has been conducted as shown in Algorithm 2. We consider a budget of changes such that and compute the new values of modularity, safeness and deception score after applying all the updates found by the deception algorithms and compare them with their initial values.
5.1 Evaluation Results
We start with real world networks. Fig. 2 reports the values of the deception score (average of 10 runs) after applying our deception algorithms when varying the budget of updates from 1 to 4. Each column represents a dataset and each row a community detection algorithm. The range of the colors reflects the final value of the deception score (green is better). White cell reflect problems with the detection algorithms (e.g., spin does not work with disconnected networks, opt was stopped after 1h). As it can be observed, results vary with the network and detection/deception algorithm. A quick look suggests that deception based on safeness (i.e., ) generally performs better.
Moreover, the level of deception increases as the number of updates allowed increases for almost all the algorithms. When =1, the deception algorithm based on modularity (i.e., ) obtains the worst deception values with the network ftb, which represents the schedule of football games between American college teams. On the same network performs clearly better. Note also that gives the best deception score with =1 for the network (pow), which represents the topology of the Wester USA power grid and the algorithms spin and lab. From a deception point of view, this means that these two algorithms are deceivable with only one update. In general, from Fig. 2 it can be observed that already with a single update (=1) safenessbased deception performs reasonably well, considering that our experiments are conducted in the worst case scenario (i.e., =0). We conducted further experiments (note reported for sake of space) by considering =5 and =6 and observed an increase of for both modularitybased and safenessbased deception.
Figures (6)(6) provide a more detailed view of modularity, safeness and deception score for four of the considered networks. We also report the size of the networks, average number of communities (Avg ) considering all the detection algorithms and average size of the community to hide (Avg ). It can be noted that modularity decreases and safeness increases when the budget increases. This confirm the analyses performed in Section 3.1 for modularity and Section 4.1 for safeness. For modularitybased deception, does not always increase when increases while for safenessbased deception always increases. We explain this behavior by the fact that modularitybased deception simply aims at maximizing the modularity loss, while safeness also looks at reachability, which is in some form incorporated in the deception score (see Definition 6). Indeed, we observed that in some cases the modularitybased deception algorithm disconnects the community while this is avoided by safenessbased deception. Figures (6)(6) also suggest that when the size of the network, the size of and the number of communities increases, the deception score is higher; it reaches the maximum value in the pow network (Avg is the 0.025% of the size of ) and the lab detection algorithm.
We conducted experiments also on artificially generated networks.The goal was to investigate the impact of the number of communities and size of on our deception algorithms because of the correlation observed in the experiments on real networks previously discussed. The community detection benchmark generator [lancichinetti2009benchmarks] allows to generate networks having certain characteristics such as: size (nodes) average node degree (avgD), max degree (maxD), min size (minC) and max size (maxC) of the communities generated belonging to the ground truth. In this paper we are not interested in evaluating the performance of detection algorithms (viz. comparing their output with the ground truth). However, we noticed that the size of the communities found reflects pretty well the values of the parameters minC and maxC used in the generation of the networks.
We fixed the size and degree of nodes and generated networks having different community sizes. For sake fo space, we report in Fig. 7 results on four of the ten generated networks. Moreover, we report the average results of 10 runs only for detection algorithms did not generate errors (e.g., the igraph implementation of spin and opt threw exceptions). As our experiments are performed in the worstcase scenario (i.e., ) we were able to investigate how a variation of the size of affects deception. It emerges (Fig 7) that when maxC decreases (i.e., net4) our deception algorithms are able to deceive a larger number of detection algorithms. We observed the same behavior in all the 10 networks.
Summary. In all the networks and for both deception algorithms we observed a dependency among size of (and ), budget and deception score . When the size of increases by keeping constant and the deception score decreases. This can be explained by the fact that spreading a larger number of nodes (as done by our deception algorithms) requires more network updates. In general, the lower the ratio the higher (no matter the detection algorithm).
We observed that safenessbased deception in 80% of the cases does not change the number of communities while for modularity this happens in 60% of the cases. We leave a more detailed study of this aspect for future work. As for the running times, they range from 1s to up to 15s (e.g., for the pow network); in general, safenessbased deception requires more time than modularitybased deception as it needs to check and preserve reachability among nodes in .
6 Concluding Remarks and Future Work
So far the literature has focused on the design of community detection algorithms. While this is certainly useful in some contexts where one wants to understand the structure of a (complex) network, in some others there is the need to hide the presence of a community. In this paper we initiate the study of this problem that we dubbed as community deception. Our community deception algorithms are based on update rules and thus suitable to deal with network dynamics [rozenshtein2014discovering]. Although we did not deal with node addition/deletions, it is immediate to see that a node addition corresponds to the creation of a node followed by (at least) an edge insertion, while a node deletion amounts at a set of edge deletions. To measure the performance of deception algorithms we introduced the deception score . One may be tempted to devise algorithms that directly optimize . has been defined as a measure computed after updating the network as suggested by the deception algorithms and recomputing the communities via detection algorithms. Our algorithms do not need to recompute communities for each update and thus provide a more efficient way to pursue community deception. From our experimental evaluation it emerged that the success of deception algorithms depends on the size of the community to be hidden, the total number of communities, and the size of .
Devising other instantiation of the general function is an interesting line of future work. While we have studied how to deceive detection algorithms, it is also interesting to investigate how detection algorithms can be made deceptionaware. In this respect, a more speculative line of future work is to investigate whether certain types of complex networks such as biological networks exhibit some (natural) form of deceptive behavior. Another line of future work is to consider overlapping communities [galbrun2014overlapping] and networks with attributes [yang2013community].