Related papers: Membership Inference Attack on Graph Neural Networks

Membership Inference Attack on Graph Neural Networks

URL: http://arxiv.org/abs/2101.06570v2
Date: Mon, 22 Mar 2021 21:12:16 GMT
Title: Membership Inference Attack on Graph Neural Networks
Authors: Iyiola E. Olatunji, Wolfgang Nejdl and Megha Khosla
Abstract summary: We focus on how trained GNN models could leak information about the emphmember nodes that they were trained on. We choose the simplest possible attack model that utilizes the posteriors of the trained model. The surprising and worrying fact is that the attack is successful even if the target model generalizes well.
Score: 1.6457778420360536
License: http://creativecommons.org/licenses/by/4.0/
Abstract: Graph Neural Networks (GNNs), which generalize traditional deep neural networks or graph data, have achieved state-of-the-art performance on several graph analytical tasks like node classification, link prediction, or graph classification. We focus on how trained GNN models could leak information about the \emph{member} nodes that they were trained on. We introduce two realistic inductive settings for carrying out a membership inference (MI) attack on GNNs. While choosing the simplest possible attack model that utilizes the posteriors of the trained model, we thoroughly analyze the properties of GNNs which dictate the differences in their robustness towards MI attack. The surprising and worrying fact is that the attack is successful even if the target model generalizes well. While in traditional machine learning models, overfitting is considered the main cause of such leakage, we show that in GNNs the additional structural information is the major contributing factor. We support our findings by extensive experiments on four representative GNN models. On a positive note, we identify properties of certain models which make them less vulnerable to MI attacks than others.

Related papers

Link Stealing Attacks Against Inductive Graph Neural Networks [60.931106032824275]
A graph neural network (GNN) is a type of neural network that is specifically designed to process graph-structured data. Previous work has shown that transductive GNNs are vulnerable to a series of privacy attacks. This paper conducts a comprehensive privacy analysis of inductive GNNs through the lens of link stealing attacks.
arXiv Detail & Related papers (2024-05-09T14:03:52Z)
Securing Graph Neural Networks in MLaaS: A Comprehensive Realization of Query-based Integrity Verification [68.86863899919358]
We introduce a groundbreaking approach to protect GNN models in Machine Learning from model-centric attacks. Our approach includes a comprehensive verification schema for GNN's integrity, taking into account both transductive and inductive GNNs. We propose a query-based verification technique, fortified with innovative node fingerprint generation algorithms.
arXiv Detail & Related papers (2023-12-13T03:17:05Z)
Model Inversion Attacks against Graph Neural Networks [65.35955643325038]
We study model inversion attacks against Graph Neural Networks (GNNs) In this paper, we present GraphMI to infer the private training graph data. Our experimental results show that such defenses are not sufficiently effective and call for more advanced defenses against privacy attacks.
arXiv Detail & Related papers (2022-09-16T09:13:43Z)
Model Stealing Attacks Against Inductive Graph Neural Networks [15.334336995523302]
Graph neural networks (GNNs) have been proposed to fully leverage graph data to build powerful applications. Previous research has shown that machine learning models are prone to model stealing attacks. This paper proposes the first model stealing attacks against inductive GNNs.
arXiv Detail & Related papers (2021-12-15T18:29:22Z)
Adapting Membership Inference Attacks to GNN for Graph Classification: Approaches and Implications [32.631077336656936]
Membership Inference Attack (MIA) against Graph Neural Networks (GNNs) raises severe privacy concerns. We take the first step in MIA against GNNs for graph-level classification. We present and implement two types of attacks, i.e., training-based attacks and threshold-based attacks from different adversarial capabilities.
arXiv Detail & Related papers (2021-10-17T08:41:21Z)
Jointly Attacking Graph Neural Network and its Explanations [50.231829335996814]
Graph Neural Networks (GNNs) have boosted the performance for many graph-related tasks. Recent studies have shown that GNNs are highly vulnerable to adversarial attacks, where adversaries can mislead the GNNs' prediction by modifying graphs. We propose a novel attack framework (GEAttack) which can attack both a GNN model and its explanations by simultaneously exploiting their vulnerabilities.
arXiv Detail & Related papers (2021-08-07T07:44:33Z)
Node-Level Membership Inference Attacks Against Graph Neural Networks [29.442045622210532]
A new family of machine learning (ML) models, namely graph neural networks (GNNs), has been introduced. Previous studies have shown that machine learning models are vulnerable to privacy attacks. This paper performs the first comprehensive analysis of node-level membership inference attacks against GNNs.
arXiv Detail & Related papers (2021-02-10T13:51:54Z)
Adversarial Attack on Hierarchical Graph Pooling Neural Networks [14.72310134429243]
We study the robustness of graph neural networks (GNNs) for graph classification tasks. In this paper, we propose an adversarial attack framework for the graph classification task. To the best of our knowledge, this is the first work on the adversarial attack against hierarchical GNN-based graph classification models.
arXiv Detail & Related papers (2020-05-23T16:19:47Z)
Graph Structure Learning for Robust Graph Neural Networks [63.04935468644495]
Graph Neural Networks (GNNs) are powerful tools in representation learning for graphs. Recent studies show that GNNs are vulnerable to carefully-crafted perturbations, called adversarial attacks. We propose a general framework Pro-GNN, which can jointly learn a structural graph and a robust graph neural network model.
arXiv Detail & Related papers (2020-05-20T17:07:05Z)
Stealing Links from Graph Neural Networks [72.85344230133248]
Recently, neural networks were extended to graph data, which are known as graph neural networks (GNNs) Due to their superior performance, GNNs have many applications, such as healthcare analytics, recommender systems, and fraud detection. We propose the first attacks to steal a graph from the outputs of a GNN model that is trained on the graph.
arXiv Detail & Related papers (2020-05-05T13:22:35Z)

This list is automatically generated from the titles and abstracts of the papers in this site.