Related papers: VGFL-SA: Vertical Graph Federated Learning Structure Attack Based on Contrastive Learning

VGFL-SA: Vertical Graph Federated Learning Structure Attack Based on Contrastive Learning

URL: http://arxiv.org/abs/2502.16793v2
Date: Tue, 18 Mar 2025 15:07:23 GMT
Title: VGFL-SA: Vertical Graph Federated Learning Structure Attack Based on Contrastive Learning
Authors: Yang Chen, Bin Zhou,
Abstract summary: Graph Neural Networks (GNNs) have gained attention for their ability to learn representations from graph data.<n>Recent studies have shown that Vertical Graph Federated Learning frameworks are vulnerable to adversarial attacks that degrade performance.<n>We propose a novel graph adversarial attack against VGFL, referred to as VGFL-SA, to degrade the performance of VGFL by modifying the local clients structure without using labels.
Score: 16.681157857248436
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: Graph Neural Networks (GNNs) have gained attention for their ability to learn representations from graph data. Due to privacy concerns and conflicts of interest that prevent clients from directly sharing graph data with one another, Vertical Graph Federated Learning (VGFL) frameworks have been developed. Recent studies have shown that VGFL is vulnerable to adversarial attacks that degrade performance. However, it is a common problem that client nodes are often unlabeled in the realm of VGFL. Consequently, the existing attacks, which rely on the availability of labeling information to obtain gradients, are inherently constrained in their applicability. This limitation precludes their deployment in practical, real-world environments. To address the above problems, we propose a novel graph adversarial attack against VGFL, referred to as VGFL-SA, to degrade the performance of VGFL by modifying the local clients structure without using labels. Specifically, VGFL-SA uses a contrastive learning method to complete the attack before the local clients are trained. VGFL-SA first accesses the graph structure and node feature information of the poisoned clients, and generates the contrastive views by node-degree-based edge augmentation and feature shuffling augmentation. Then, VGFL-SA uses the shared graph encoder to get the embedding of each view, and the gradients of the adjacency matrices are obtained by the contrastive function. Finally, perturbed edges are generated using gradient modification rules. We validated the performance of VGFL-SA by performing a node classification task on real-world datasets, and the results show that VGFL-SA achieves good attack effectiveness and transferability.

Related papers

Query-Efficient Adversarial Attack Against Vertical Federated Graph Learning [5.784274742483707]
A query-efficient hybrid adversarial attack framework is proposed. A shadow model is established based on the manipulated data to simulate the behavior of the server model. Experiments on five real-world benchmarks demonstrate that NA2 improves the performance of the centralized adversarial attacks against VFGL.
arXiv Detail & Related papers (2024-11-05T04:52:20Z)
Deceptive Fairness Attacks on Graphs via Meta Learning [102.53029537886314]
We study deceptive fairness attacks on graphs to answer the question: How can we achieve poisoning attacks on a graph learning model to exacerbate the bias deceptively? We propose a meta learning-based framework named FATE to attack various fairness definitions and graph learning models. We conduct extensive experimental evaluations on real-world datasets in the task of semi-supervised node classification.
arXiv Detail & Related papers (2023-10-24T09:10:14Z)
Understanding Deep Gradient Leakage via Inversion Influence Functions [53.1839233598743]
Deep Gradient Leakage (DGL) is a highly effective attack that recovers private training images from gradient vectors. We propose a novel Inversion Influence Function (I$2$F) that establishes a closed-form connection between the recovered images and the private gradients. We empirically demonstrate that I$2$F effectively approximated the DGL generally on different model architectures, datasets, attack implementations, and perturbation-based defenses.
arXiv Detail & Related papers (2023-09-22T17:26:24Z)
Label Inference Attacks against Node-level Vertical Federated GNNs [26.80658307067889]
We investigate label inference attacks on Vertical Federated Learning (VFL) using a zero-background knowledge strategy. Our proposed attack, BlindSage, provides impressive results in the experiments, achieving nearly 100% accuracy in most cases.
arXiv Detail & Related papers (2023-08-04T17:04:58Z)
Contrastive Graph Few-Shot Learning [67.01464711379187]
We propose a Contrastive Graph Few-shot Learning framework (CGFL) for graph mining tasks. CGFL learns data representation in a self-supervised manner, thus mitigating the distribution shift impact for better generalization. Comprehensive experiments demonstrate that CGFL outperforms state-of-the-art baselines on several graph mining tasks.
arXiv Detail & Related papers (2022-09-30T20:40:23Z)
Model Inversion Attacks against Graph Neural Networks [65.35955643325038]
We study model inversion attacks against Graph Neural Networks (GNNs) In this paper, we present GraphMI to infer the private training graph data. Our experimental results show that such defenses are not sufficiently effective and call for more advanced defenses against privacy attacks.
arXiv Detail & Related papers (2022-09-16T09:13:43Z)
Graph-Fraudster: Adversarial Attacks on Graph Neural Network Based Vertical Federated Learning [2.23816711660697]
vertical federated learning (VFL) is proposed to implement local data protection through training a global model. For graph-structured data, it is natural idea to construct VFL framework with GNN models. GNN models are proven to be vulnerable to adversarial attacks. This paper reveals that GVFL is vulnerable to adversarial attack similar to centralized GNN models.
arXiv Detail & Related papers (2021-10-13T03:06:02Z)
GraphMI: Extracting Private Graph Data from Graph Neural Networks [59.05178231559796]
We present textbfGraph textbfModel textbfInversion attack (GraphMI), which aims to extract private graph data of the training graph by inverting GNN. Specifically, we propose a projected gradient module to tackle the discreteness of graph edges while preserving the sparsity and smoothness of graph features. We design a graph auto-encoder module to efficiently exploit graph topology, node attributes, and target model parameters for edge inference.
arXiv Detail & Related papers (2021-06-05T07:07:52Z)
GraphFL: A Federated Learning Framework for Semi-Supervised Node Classification on Graphs [48.13100386338979]
We propose the first FL framework, namely GraphFL, for semi-supervised node classification on graphs. We propose two GraphFL methods to respectively address the non-IID issue in graph data and handle the tasks with new label domains. We adopt representative graph neural networks as GraphSSC methods and evaluate GraphFL on multiple graph datasets.
arXiv Detail & Related papers (2020-12-08T03:13:29Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.