To address the vulnerability of temporal graph neural networks (TGNNs) to poisoning attacks in high-stakes applications such as financial forecasting and fraud detection, this paper proposes a low-resource, two-stage structural poisoning framework. First, it sparsifies the temporal graph structure using 16 temporal importance metrics; second, it injects camouflaged negative edges via degree-preserving negative sampling—without requiring a surrogate model. The method balances attack efficacy, stealthiness, and robustness against defenses, enabling plug-and-play deployment. Evaluated on four benchmark datasets, it achieves an average 29.47% performance degradation in target models, with a maximum drop of 42.0% on MOOC—substantially outperforming 11 baseline attacks. Moreover, it successfully evades four state-of-the-art anomaly detection systems.

Temporal Graph Neural Networks (TGNNs) are increasingly used in high-stakes domains, such as financial forecasting, recommendation systems, and fraud detection. However, their susceptibility to poisoning attacks poses a critical security risk. We introduce LoReTTA (Low Resource Two-phase Temporal Attack), a novel adversarial framework on Continuous-Time Dynamic Graphs, which degrades TGNN performance by an average of 29.47% across 4 widely benchmark datasets and 4 State-of-the-Art (SotA) models. LoReTTA operates through a two-stage approach: (1) sparsify the graph by removing high-impact edges using any of the 16 tested temporal importance metrics, (2) strategically replace removed edges with adversarial negatives via LoReTTA's novel degree-preserving negative sampling algorithm. Our plug-and-play design eliminates the need for expensive surrogate models while adhering to realistic unnoticeability constraints. LoReTTA degrades performance by upto 42.0% on MOOC, 31.5% on Wikipedia, 28.8% on UCI, and 15.6% on Enron. LoReTTA outperforms 11 attack baselines, remains undetectable to 4 leading anomaly detection systems, and is robust to 4 SotA adversarial defense training methods, establishing its effectiveness, unnoticeability, and robustness.