Heterogeneous Randomized Response for Differential Privacy in Graph Neural Networks

• URL: http://arxiv.org/abs/2211.05766v1
• Date: Thu, 10 Nov 2022 18:52:46 GMT
• Title: Heterogeneous Randomized Response for Differential Privacy in Graph Neural Networks
• Authors: Khang Tran, Phung Lai, NhatHai Phan, Issa Khalil, Yao Ma, Abdallah Khreishah, My Thai, Xintao Wu
• Abstract summary: Graph neural networks (GNNs) are susceptible to privacy inference attacks (PIAs) We propose a novel mechanism to protect nodes' features and edges against PIAs under differential privacy (DP) guarantees. We derive significantly better randomization probabilities and tighter error bounds at both levels of nodes' features and edges.
• Score: 18.4005860362025
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Graph neural networks (GNNs) are susceptible to privacy inference attacks (PIAs), given their ability to learn joint representation from features and edges among nodes in graph data. To prevent privacy leakages in GNNs, we propose a novel heterogeneous randomized response (HeteroRR) mechanism to protect nodes' features and edges against PIAs under differential privacy (DP) guarantees without an undue cost of data and model utility in training GNNs. Our idea is to balance the importance and sensitivity of nodes' features and edges in redistributing the privacy budgets since some features and edges are more sensitive or important to the model utility than others. As a result, we derive significantly better randomization probabilities and tighter error bounds at both levels of nodes' features and edges departing from existing approaches, thus enabling us to maintain high data utility for training GNNs. An extensive theoretical and empirical analysis using benchmark datasets shows that HeteroRR significantly outperforms various baselines in terms of model utility under rigorous privacy protection for both nodes' features and edges. That enables us to defend PIAs in DP-preserving GNNs effectively.

Related papers

• Blink: Link Local Differential Privacy in Graph Neural Networks via Bayesian Estimation [79.64626707978418]
  We propose using link local differential privacy over decentralized nodes to train graph neural networks. Our approach spends the privacy budget separately on links and degrees of the graph for the server to better denoise the graph topology. Our approach outperforms existing methods in terms of accuracy under varying privacy budgets.
  arXiv  Detail & Related papers  (2023-09-06T17:53:31Z)
• Differentially Private Graph Neural Network with Importance-Grained Noise Adaption [6.319864669924721]
  Graph Neural Networks (GNNs) with differential privacy have been proposed to preserve graph privacy when nodes represent personal and sensitive information. We study the problem of importance-grained privacy, where nodes contain personal data that need to be kept private but are critical for training a GNN. We propose NAP-GNN, a node-grained privacy-preserving GNN algorithm with privacy guarantees based on adaptive differential privacy to safeguard node information.
  arXiv  Detail & Related papers  (2023-08-09T13:18:41Z)
• Differentially Private Decoupled Graph Convolutions for Multigranular Topology Protection [38.96828804683783]
  GNNs can inadvertently expose sensitive user information and interactions through their model predictions. Applying standard DP approaches to GNNs directly is not advisable due to two main reasons. We propose a new framework termed Graph Differential Privacy (GDP), specifically tailored to graph learning.
  arXiv  Detail & Related papers  (2023-07-12T19:29:06Z)
• Graph Agent Network: Empowering Nodes with Inference Capabilities for Adversarial Resilience [50.460555688927826]
  We propose the Graph Agent Network (GAgN) to address the vulnerabilities of graph neural networks (GNNs) GAgN is a graph-structured agent network in which each node is designed as an 1-hop-view agent. Agents' limited view prevents malicious messages from propagating globally in GAgN, thereby resisting global-optimization-based secondary attacks.
  arXiv  Detail & Related papers  (2023-06-12T07:27:31Z)
• Privacy-Preserved Neural Graph Similarity Learning [99.78599103903777]
  We propose a novel Privacy-Preserving neural Graph Matching network model, named PPGM, for graph similarity learning. To prevent reconstruction attacks, the proposed model does not communicate node-level representations between devices. To alleviate the attacks to graph properties, the obfuscated features that contain information from both vectors are communicated.
  arXiv  Detail & Related papers  (2022-10-21T04:38:25Z)
• Heterogeneous Graph Neural Network for Privacy-Preserving Recommendation [25.95411320126426]
  Social networks are considered to be heterogeneous graph neural networks (HGNNs) with deep learning technological advances. We propose a novel heterogeneous graph neural network privacy-preserving method based on a differential privacy mechanism named HeteDP.
  arXiv  Detail & Related papers  (2022-10-02T14:41:02Z)
• GAP: Differentially Private Graph Neural Networks with Aggregation Perturbation [19.247325210343035]
  Graph Neural Networks (GNNs) are powerful models designed for graph data that learn node representation. Recent studies have shown that GNNs can raise significant privacy concerns when graph data contain sensitive information. We propose GAP, a novel differentially private GNN that safeguards privacy of nodes and edges.
  arXiv  Detail & Related papers  (2022-03-02T08:58:07Z)
• Gromov-Wasserstein Discrepancy with Local Differential Privacy for Distributed Structural Graphs [7.4398547397969494]
  We propose a privacy-preserving framework to analyze the GW discrepancy of node embedding learned locally from graph neural networks. Our experiments show that, with strong privacy protections guaranteed by the $varilon$-LDP algorithm, the proposed framework not only preserves privacy in graph learning but also presents a noised structural metric under GW distance.
  arXiv  Detail & Related papers  (2022-02-01T23:32:33Z)
• Information Obfuscation of Graph Neural Networks [96.8421624921384]
  We study the problem of protecting sensitive attributes by information obfuscation when learning with graph structured data. We propose a framework to locally filter out pre-determined sensitive attributes via adversarial training with the total variation and the Wasserstein distance.
  arXiv  Detail & Related papers  (2020-09-28T17:55:04Z)
• Graph Backdoor [53.70971502299977]
  We present GTA, the first backdoor attack on graph neural networks (GNNs) GTA departs in significant ways: it defines triggers as specific subgraphs, including both topological structures and descriptive features. It can be instantiated for both transductive (e.g., node classification) and inductive (e.g., graph classification) tasks.
  arXiv  Detail & Related papers  (2020-06-21T19:45:30Z)
• CryptoSPN: Privacy-preserving Sum-Product Network Inference [84.88362774693914]
  We present a framework for privacy-preserving inference of sum-product networks (SPNs) CryptoSPN achieves highly efficient and accurate inference in the order of seconds for medium-sized SPNs.
  arXiv  Detail & Related papers  (2020-02-03T14:49:18Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.