Saved in:
Bibliographic Details
Main Authors: Song, Zeyu, Kabir, Ehsanul, Mehnaz, Shagufta
Format: Preprint
Published: 2023
Subjects:
Online Access:https://arxiv.org/abs/2311.16139
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866913866232889344
author Song, Zeyu
Kabir, Ehsanul
Mehnaz, Shagufta
author_facet Song, Zeyu
Kabir, Ehsanul
Mehnaz, Shagufta
contents Graph Neural Networks (GNNs) have become indispensable tools for learning from graph structured data, catering to various applications such as social network analysis and fraud detection for financial services. At the heart of these networks are the edges, which are crucial in guiding GNN models' predictions. In many scenarios, these edges represent sensitive information, such as personal associations or financial dealings, which require privacy assurance. However, their contributions to GNN model predictions may, in turn, be exploited by the adversary to compromise their privacy. Motivated by these conflicting requirements, this paper investigates edge privacy in contexts where adversaries possess only black-box access to the target GNN model, restricted further by access controls, preventing direct insights into arbitrary node outputs. Moreover, we are the first to extensively examine situations where the target graph continuously evolves, a common trait of many real-world graphs. In this setting, we present a range of attacks that leverage the message-passing mechanism of GNNs. We evaluated the effectiveness of our attacks using nine real-world datasets, encompassing both static and dynamic graphs, across four different GNN architectures. The results demonstrate that our attack outperforms existing methods across various GNN architectures, consistently achieving an F1 score of at least 0.8 in static scenarios. Furthermore, our attack retains robustness in dynamic graph scenarios, maintaining F1 scores up to 0.8, unlike previous methods that only achieve F1 scores around 0.2.
format Preprint
id arxiv_https___arxiv_org_abs_2311_16139
institution arXiv
publishDate 2023
record_format arxiv
spellingShingle GNNBleed: Inference Attacks to Unveil Private Edges in Graphs with Realistic Access to GNN Models
Song, Zeyu
Kabir, Ehsanul
Mehnaz, Shagufta
Cryptography and Security
Machine Learning
Graph Neural Networks (GNNs) have become indispensable tools for learning from graph structured data, catering to various applications such as social network analysis and fraud detection for financial services. At the heart of these networks are the edges, which are crucial in guiding GNN models' predictions. In many scenarios, these edges represent sensitive information, such as personal associations or financial dealings, which require privacy assurance. However, their contributions to GNN model predictions may, in turn, be exploited by the adversary to compromise their privacy. Motivated by these conflicting requirements, this paper investigates edge privacy in contexts where adversaries possess only black-box access to the target GNN model, restricted further by access controls, preventing direct insights into arbitrary node outputs. Moreover, we are the first to extensively examine situations where the target graph continuously evolves, a common trait of many real-world graphs. In this setting, we present a range of attacks that leverage the message-passing mechanism of GNNs. We evaluated the effectiveness of our attacks using nine real-world datasets, encompassing both static and dynamic graphs, across four different GNN architectures. The results demonstrate that our attack outperforms existing methods across various GNN architectures, consistently achieving an F1 score of at least 0.8 in static scenarios. Furthermore, our attack retains robustness in dynamic graph scenarios, maintaining F1 scores up to 0.8, unlike previous methods that only achieve F1 scores around 0.2.
title GNNBleed: Inference Attacks to Unveil Private Edges in Graphs with Realistic Access to GNN Models
topic Cryptography and Security
Machine Learning
url https://arxiv.org/abs/2311.16139