Inference Attacks Against Graph Neural Networks

Zhikun Zhang, Min Chen, Michael Backes, Yun Shen, Yang Zhang

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

Abstract

Graph is an important data representation ubiquitously existing in the real world. However, analyzing the graph data is computationally difficult due to its non-Euclidean nature. Graph embedding is a powerful tool to solve the graph analytics problem by transforming the graph data into low-dimensional vectors. These vectors could also be shared with third parties to gain additional insights of what is behind the data. While sharing graph embedding is intriguing, the associated privacy risks are unexplored. In this paper, we systematically investigate the information leakage of the graph embedding by mounting three inference attacks. First, we can successfully infer basic graph properties, such as the number of nodes, the number of edges, and graph density, of the target graph with up to 0.89 accuracy. Second, given a subgraph of interest and the graph embedding, we can determine with high confidence that whether the subgraph is contained in the target graph. For instance, we achieve 0.98 attack AUC on the DD dataset. Third, we propose a novel graph reconstruction attack that can reconstruct a graph that has similar graph structural statistics to the target graph. We further propose an effective defense mechanism based on graph embedding perturbation to mitigate the inference attacks without noticeable performance degradation for graph classification tasks.
Original languageEnglish
Title of host publicationProceedings of the 31st USENIX Security Symposium. August 10–12, 2022 , Boston, MA, USA
PublisherAssociation for Computing Machinery
Pages4543-4560
Number of pages18
ISBN (Electronic)9781939133311
ISBN (Print)9781939133311
Publication statusPublished - 2022
Event31st USENIX Security Symposium, Security 2022 - Boston, United States
Duration: 10 Aug 202212 Aug 2022

Conference

Conference31st USENIX Security Symposium, Security 2022
Country/TerritoryUnited States
CityBoston
Period10/08/2212/08/22

Funding

We thank the anonymous reviewers for their constructive feedback. This work is partially funded by the Helmholtz Association within the project “Trustworthy Federated Data Analytics” (TFDA) (funding number ZT-I-OO1 4).

FundersFunder number
TFDAZT-I-OO1 4
Helmholtz Association

    Fingerprint

    Dive into the research topics of 'Inference Attacks Against Graph Neural Networks'. Together they form a unique fingerprint.

    Cite this