Gradient Inversion Attack on Graph Neural Networks

• URL: http://arxiv.org/abs/2411.19440v2
• Date: Sun, 03 Aug 2025 01:05:31 GMT
• Title: Gradient Inversion Attack on Graph Neural Networks
• Authors: Divya Anand Sinha, Ruijie Du, Yezi Liu, Athina Markopolou, Yanning Shen,
• Abstract summary: Malicious attackers can steal private image data from the exchange of neural networks during federated learning.<n>This paper studies the problem of whether private data can be reconstructed from leaked gradients in both node classification and graph classification tasks.<n>Two widely used GNN frameworks are analyzed, namely GCN and GraphSAGE.
• Score: 11.075042582118963
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Graph federated learning is of essential importance for training over large graph datasets while protecting data privacy, where each client stores a subset of local graph data, while the server collects the local gradients and broadcasts only the aggregated gradients. Recent studies reveal that a malicious attacker can steal private image data from the gradient exchange of neural networks during federated learning. However, the vulnerability of graph data and graph neural networks under such attacks, i.e., reconstructing both node features and graph structure from gradients, remains largely underexplored. To answer this question, this paper studies the problem of whether private data can be reconstructed from leaked gradients in both node classification and graph classification tasks and proposes a novel attack named Graph Leakage from Gradients (GLG). Two widely used GNN frameworks are analyzed, namely GCN and GraphSAGE. The effects of different model settings on reconstruction are extensively discussed. Theoretical analysis and empirical validation demonstrate that, by leveraging the unique properties of graph data and GNNs, GLG achieves more accurate reconstruction of both nodal features and graph structure from gradients.

Related papers

• GRAIN: Exact Graph Reconstruction from Gradients [5.697251900862886]
  Federated learning claims to enable collaborative model training among multiple clients with data privacy. Recent studies have shown the client privacy is still at risk due to the, so called, gradient inversion attacks. We present GRAIN, the first exact gradient inversion attack on graph data in the honest-but-curious setting.
  arXiv  Detail & Related papers  (2025-03-03T18:58:12Z)
• GraphBridge: Towards Arbitrary Transfer Learning in GNNs [65.01790632978962]
  GraphBridge is a novel framework to enable knowledge transfer across disparate tasks and domains in GNNs.<n>It allows for the augmentation of any pre-trained GNN with prediction heads and a bridging network that connects the input to the output layer.<n> Empirical validation, conducted over 16 datasets representative of these scenarios, confirms the framework's capacity for task- and domain-agnostic transfer learning.
  arXiv  Detail & Related papers  (2025-02-26T15:57:51Z)
• Line Graph Vietoris-Rips Persistence Diagram for Topological Graph Representation Learning [3.6881508872690825]
  We introduce a novel edge filtration-based persistence diagram, named Topological Edge Diagram (TED)<n>TED is mathematically proven to preserve node embedding information as well as contain additional topological information.<n>We propose a neural network based algorithm, named Line Graph Vietoris-Rips (LGVR) Persistence Diagram, that extracts edge information by transforming a graph into its line graph.
  arXiv  Detail & Related papers  (2024-12-23T10:46:44Z)
• Gradient Rewiring for Editable Graph Neural Network Training [84.77778876113099]
  underlineGradient underlineRewiring method for underlineEditable graph neural network training, named textbfGRE. We propose a simple yet effective underlineGradient underlineRewiring method for underlineEditable graph neural network training, named textbfGRE.
  arXiv  Detail & Related papers  (2024-10-21T01:01:50Z)
• Talos: A More Effective and Efficient Adversarial Defense for GNN Models Based on the Global Homophily of Graphs [2.4866716181615467]
  Graph neural network (GNN) models are susceptible to adversarial attacks. We propose a new defense method named Talos, which enhances the global, rather than local, homophily of graphs as a defense.
  arXiv  Detail & Related papers  (2024-06-06T08:08:01Z)
• Deep Manifold Graph Auto-Encoder for Attributed Graph Embedding [51.75091298017941]
  This paper proposes a novel Deep Manifold (Variational) Graph Auto-Encoder (DMVGAE/DMGAE) for attributed graph data. The proposed method surpasses state-of-the-art baseline algorithms by a significant margin on different downstream tasks across popular datasets.
  arXiv  Detail & Related papers  (2024-01-12T17:57:07Z)
• GraphGuard: Detecting and Counteracting Training Data Misuse in Graph Neural Networks [69.97213941893351]
  The emergence of Graph Neural Networks (GNNs) in graph data analysis has raised critical concerns about data misuse during model training. Existing methodologies address either data misuse detection or mitigation, and are primarily designed for local GNN models. This paper introduces a pioneering approach called GraphGuard, to tackle these challenges.
  arXiv  Detail & Related papers  (2023-12-13T02:59:37Z)
• Model Inversion Attacks against Graph Neural Networks [65.35955643325038]
  We study model inversion attacks against Graph Neural Networks (GNNs) In this paper, we present GraphMI to infer the private training graph data. Our experimental results show that such defenses are not sufficiently effective and call for more advanced defenses against privacy attacks.
  arXiv  Detail & Related papers  (2022-09-16T09:13:43Z)
• Learning Graph Structure from Convolutional Mixtures [119.45320143101381]
  We propose a graph convolutional relationship between the observed and latent graphs, and formulate the graph learning task as a network inverse (deconvolution) problem. In lieu of eigendecomposition-based spectral methods, we unroll and truncate proximal gradient iterations to arrive at a parameterized neural network architecture that we call a Graph Deconvolution Network (GDN) GDNs can learn a distribution of graphs in a supervised fashion, perform link prediction or edge-weight regression tasks by adapting the loss function, and they are inherently inductive.
  arXiv  Detail & Related papers  (2022-05-19T14:08:15Z)
• Inference Attacks Against Graph Neural Networks [33.19531086886817]
  Graph embedding is a powerful tool to solve the graph analytics problem. While sharing graph embedding is intriguing, the associated privacy risks are unexplored. We systematically investigate the information leakage of the graph embedding by mounting three inference attacks.
  arXiv  Detail & Related papers  (2021-10-06T10:08:11Z)
• GraphMI: Extracting Private Graph Data from Graph Neural Networks [59.05178231559796]
  We present textbfGraph textbfModel textbfInversion attack (GraphMI), which aims to extract private graph data of the training graph by inverting GNN. Specifically, we propose a projected gradient module to tackle the discreteness of graph edges while preserving the sparsity and smoothness of graph features. We design a graph auto-encoder module to efficiently exploit graph topology, node attributes, and target model parameters for edge inference.
  arXiv  Detail & Related papers  (2021-06-05T07:07:52Z)
• Stealing Links from Graph Neural Networks [72.85344230133248]
  Recently, neural networks were extended to graph data, which are known as graph neural networks (GNNs) Due to their superior performance, GNNs have many applications, such as healthcare analytics, recommender systems, and fraud detection. We propose the first attacks to steal a graph from the outputs of a GNN model that is trained on the graph.
  arXiv  Detail & Related papers  (2020-05-05T13:22:35Z)
• Geom-GCN: Geometric Graph Convolutional Networks [15.783571061254847]
  We propose a novel geometric aggregation scheme for graph neural networks to overcome the two weaknesses. The proposed aggregation scheme is permutation-invariant and consists of three modules, node embedding, structural neighborhood, and bi-level aggregation. We also present an implementation of the scheme in graph convolutional networks, termed Geom-GCN, to perform transductive learning on graphs.
  arXiv  Detail & Related papers  (2020-02-13T00:03:09Z)
• Adversarial Attacks on Graph Neural Networks via Meta Learning [4.139895092509202]
  We investigate training time attacks on graph neural networks for node classification perturbing the discrete graph structure. Our core principle is to use meta-gradients to solve the bilevel problem underlying training-time attacks.
  arXiv  Detail & Related papers  (2019-02-22T09:20:05Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.