GraphGuard: Detecting and Counteracting Training Data Misuse in Graph
Neural Networks
- URL: http://arxiv.org/abs/2312.07861v1
- Date: Wed, 13 Dec 2023 02:59:37 GMT
- Title: GraphGuard: Detecting and Counteracting Training Data Misuse in Graph
Neural Networks
- Authors: Bang Wu, He Zhang, Xiangwen Yang, Shuo Wang, Minhui Xue, Shirui Pan,
Xingliang Yuan
- Abstract summary: The emergence of Graph Neural Networks (GNNs) in graph data analysis has raised critical concerns about data misuse during model training.
Existing methodologies address either data misuse detection or mitigation, and are primarily designed for local GNN models.
This paper introduces a pioneering approach called GraphGuard, to tackle these challenges.
- Score: 69.97213941893351
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: The emergence of Graph Neural Networks (GNNs) in graph data analysis and
their deployment on Machine Learning as a Service platforms have raised
critical concerns about data misuse during model training. This situation is
further exacerbated due to the lack of transparency in local training
processes, potentially leading to the unauthorized accumulation of large
volumes of graph data, thereby infringing on the intellectual property rights
of data owners. Existing methodologies often address either data misuse
detection or mitigation, and are primarily designed for local GNN models rather
than cloud-based MLaaS platforms. These limitations call for an effective and
comprehensive solution that detects and mitigates data misuse without requiring
exact training data while respecting the proprietary nature of such data. This
paper introduces a pioneering approach called GraphGuard, to tackle these
challenges. We propose a training-data-free method that not only detects graph
data misuse but also mitigates its impact via targeted unlearning, all without
relying on the original training data. Our innovative misuse detection
technique employs membership inference with radioactive data, enhancing the
distinguishability between member and non-member data distributions. For
mitigation, we utilize synthetic graphs that emulate the characteristics
previously learned by the target model, enabling effective unlearning even in
the absence of exact graph data. We conduct comprehensive experiments utilizing
four real-world graph datasets to demonstrate the efficacy of GraphGuard in
both detection and unlearning. We show that GraphGuard attains a near-perfect
detection rate of approximately 100% across these datasets with various GNN
models. In addition, it performs unlearning by eliminating the impact of the
unlearned graph with a marginal decrease in accuracy (less than 5%).
Related papers
- TCGU: Data-centric Graph Unlearning based on Transferable Condensation [36.670771080732486]
Transferable Condensation Graph Unlearning (TCGU) is a data-centric solution to zero-glance graph unlearning.
We show that TCGU can achieve superior performance in terms of model utility, unlearning efficiency, and unlearning efficacy than existing GU methods.
arXiv Detail & Related papers (2024-10-09T02:14:40Z) - Erase then Rectify: A Training-Free Parameter Editing Approach for Cost-Effective Graph Unlearning [17.85404473268992]
Graph unlearning aims to eliminate the influence of nodes, edges, or attributes from a trained Graph Neural Network (GNN)
Existing graph unlearning techniques often necessitate additional training on the remaining data, leading to significant computational costs.
We propose a two-stage training-free approach, Erase then Rectify (ETR), designed for efficient and scalable graph unlearning.
arXiv Detail & Related papers (2024-09-25T07:20:59Z) - GOODAT: Towards Test-time Graph Out-of-Distribution Detection [103.40396427724667]
Graph neural networks (GNNs) have found widespread application in modeling graph data across diverse domains.
Recent studies have explored graph OOD detection, often focusing on training a specific model or modifying the data on top of a well-trained GNN.
This paper introduces a data-centric, unsupervised, and plug-and-play solution that operates independently of training data and modifications of GNN architecture.
arXiv Detail & Related papers (2024-01-10T08:37:39Z) - Addressing the Impact of Localized Training Data in Graph Neural
Networks [0.0]
Graph Neural Networks (GNNs) have achieved notable success in learning from graph-structured data.
This article aims to assess the impact of training GNNs on localized subsets of the graph.
We propose a regularization method to minimize distributional discrepancies between localized training data and graph inference.
arXiv Detail & Related papers (2023-07-24T11:04:22Z) - Model Inversion Attacks against Graph Neural Networks [65.35955643325038]
We study model inversion attacks against Graph Neural Networks (GNNs)
In this paper, we present GraphMI to infer the private training graph data.
Our experimental results show that such defenses are not sufficiently effective and call for more advanced defenses against privacy attacks.
arXiv Detail & Related papers (2022-09-16T09:13:43Z) - Distributionally Robust Semi-Supervised Learning Over Graphs [68.29280230284712]
Semi-supervised learning (SSL) over graph-structured data emerges in many network science applications.
To efficiently manage learning over graphs, variants of graph neural networks (GNNs) have been developed recently.
Despite their success in practice, most of existing methods are unable to handle graphs with uncertain nodal attributes.
Challenges also arise due to distributional uncertainties associated with data acquired by noisy measurements.
A distributionally robust learning framework is developed, where the objective is to train models that exhibit quantifiable robustness against perturbations.
arXiv Detail & Related papers (2021-10-20T14:23:54Z) - GraphMI: Extracting Private Graph Data from Graph Neural Networks [59.05178231559796]
We present textbfGraph textbfModel textbfInversion attack (GraphMI), which aims to extract private graph data of the training graph by inverting GNN.
Specifically, we propose a projected gradient module to tackle the discreteness of graph edges while preserving the sparsity and smoothness of graph features.
We design a graph auto-encoder module to efficiently exploit graph topology, node attributes, and target model parameters for edge inference.
arXiv Detail & Related papers (2021-06-05T07:07:52Z) - Information Obfuscation of Graph Neural Networks [96.8421624921384]
We study the problem of protecting sensitive attributes by information obfuscation when learning with graph structured data.
We propose a framework to locally filter out pre-determined sensitive attributes via adversarial training with the total variation and the Wasserstein distance.
arXiv Detail & Related papers (2020-09-28T17:55:04Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.