DP-GPL: Differentially Private Graph Prompt Learning

• URL: http://arxiv.org/abs/2503.10544v2
• Date: Sat, 29 Mar 2025 10:22:06 GMT
• Title: DP-GPL: Differentially Private Graph Prompt Learning
• Authors: Jing Xu, Franziska Boenisch, Iyiola Emmanuel Olatunji, Adam Dziedzic,
• Abstract summary: We propose DP-GPL for differentially private graph prompt learning based on the PATE framework.<n>We show that our algorithm achieves high utility at strong privacy, effectively mitigating privacy concerns.
• Score: 8.885929731174492
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Graph Neural Networks (GNNs) have shown remarkable performance in various applications. Recently, graph prompt learning has emerged as a powerful GNN training paradigm, inspired by advances in language and vision foundation models. Here, a GNN is pre-trained on public data and then adapted to sensitive tasks using lightweight graph prompts. However, using prompts from sensitive data poses privacy risks. In this work, we are the first to investigate these practical risks in graph prompts by instantiating a membership inference attack that reveals significant privacy leakage. We also find that the standard privacy method, DP-SGD, fails to provide practical privacy-utility trade-offs in graph prompt learning, likely due to the small number of sensitive data points used to learn the prompts. As a solution, we propose DP-GPL for differentially private graph prompt learning based on the PATE framework, that generates a graph prompt with differential privacy guarantees. Our evaluation across various graph prompt learning methods, GNN architectures, and pre-training strategies demonstrates that our algorithm achieves high utility at strong privacy, effectively mitigating privacy concerns while preserving the powerful capabilities of prompted GNNs as powerful foundation models in the graph domain.

Related papers

• Devil's Hand: Data Poisoning Attacks to Locally Private Graph Learning Protocols [46.94619400437805]
  This work introduces the first data poisoning attack targeting locally private graph learning protocols.<n>The attacker injects fake users into the protocol, manipulates these fake users to establish links with genuine users, and sends carefully crafted data to the server.<n>The effectiveness of the attack is demonstrated both theoretically and empirically.
  arXiv  Detail & Related papers  (2025-06-11T14:46:11Z)
• IDEA: A Flexible Framework of Certified Unlearning for Graph Neural Networks [68.6374698896505]
  Graph Neural Networks (GNNs) have been increasingly deployed in a plethora of applications. Privacy leakage may happen when the trained GNNs are deployed and exposed to potential attackers. We propose a principled framework named IDEA to achieve flexible and certified unlearning for GNNs.
  arXiv  Detail & Related papers  (2024-07-28T04:59:59Z)
• Privacy-Preserving Graph Embedding based on Local Differential Privacy [26.164722283887333]
  We introduce a novel privacy-preserving graph embedding framework, named PrivGE, to protect node data privacy. Specifically, we propose an LDP mechanism to obfuscate node data and utilize personalized PageRank as the proximity measure to learn node representations. Experiments on several real-world graph datasets demonstrate that PrivGE achieves an optimal balance between privacy and utility.
  arXiv  Detail & Related papers  (2023-10-17T08:06:08Z)
• A Survey on Privacy in Graph Neural Networks: Attacks, Preservation, and Applications [76.88662943995641]
  Graph Neural Networks (GNNs) have gained significant attention owing to their ability to handle graph-structured data. To address this issue, researchers have started to develop privacy-preserving GNNs. Despite this progress, there is a lack of a comprehensive overview of the attacks and the techniques for preserving privacy in the graph domain.
  arXiv  Detail & Related papers  (2023-08-31T00:31:08Z)
• Independent Distribution Regularization for Private Graph Embedding [55.24441467292359]
  Graph embeddings are susceptible to attribute inference attacks, which allow attackers to infer private node attributes from the learned graph embeddings. To address these concerns, privacy-preserving graph embedding methods have emerged. We propose a novel approach called Private Variational Graph AutoEncoders (PVGAE) with the aid of independent distribution penalty as a regularization term.
  arXiv  Detail & Related papers  (2023-08-16T13:32:43Z)
• ProGAP: Progressive Graph Neural Networks with Differential Privacy Guarantees [8.79398901328539]
  Graph Neural Networks (GNNs) have become a popular tool for learning on graphs, but their widespread use raises privacy concerns. We propose a new differentially private GNN called ProGAP that uses a progressive training scheme to improve such accuracy-privacy trade-offs.
  arXiv  Detail & Related papers  (2023-04-18T12:08:41Z)
• Privacy-Preserved Neural Graph Similarity Learning [99.78599103903777]
  We propose a novel Privacy-Preserving neural Graph Matching network model, named PPGM, for graph similarity learning. To prevent reconstruction attacks, the proposed model does not communicate node-level representations between devices. To alleviate the attacks to graph properties, the obfuscated features that contain information from both vectors are communicated.
  arXiv  Detail & Related papers  (2022-10-21T04:38:25Z)
• DPAR: Decoupled Graph Neural Networks with Node-Level Differential Privacy [30.15971370844865]
  We aim to achieve node-level differential privacy (DP) for training GNNs so that a node and its edges are protected. We propose a Decoupled GNN with Differentially Private Approximate Personalized PageRank (DPAR) for training GNNs with an enhanced privacy-utility tradeoff.
  arXiv  Detail & Related papers  (2022-10-10T05:34:25Z)
• MentorGNN: Deriving Curriculum for Pre-Training GNNs [61.97574489259085]
  We propose an end-to-end model named MentorGNN that aims to supervise the pre-training process of GNNs across graphs. We shed new light on the problem of domain adaption on relational data (i.e., graphs) by deriving a natural and interpretable upper bound on the generalization error of the pre-trained GNNs.
  arXiv  Detail & Related papers  (2022-08-21T15:12:08Z)
• GAP: Differentially Private Graph Neural Networks with Aggregation Perturbation [19.247325210343035]
  Graph Neural Networks (GNNs) are powerful models designed for graph data that learn node representation. Recent studies have shown that GNNs can raise significant privacy concerns when graph data contain sensitive information. We propose GAP, a novel differentially private GNN that safeguards privacy of nodes and edges.
  arXiv  Detail & Related papers  (2022-03-02T08:58:07Z)
• Releasing Graph Neural Networks with Differential Privacy Guarantees [0.81308403220442]
  We propose PrivGNN, a privacy-preserving framework for releasing GNN models in a centralized setting. PrivGNN combines the knowledge-distillation framework with the two noise mechanisms, random subsampling, and noisy labeling, to ensure rigorous privacy guarantees.
  arXiv  Detail & Related papers  (2021-09-18T11:35:19Z)
• GraphMI: Extracting Private Graph Data from Graph Neural Networks [59.05178231559796]
  We present textbfGraph textbfModel textbfInversion attack (GraphMI), which aims to extract private graph data of the training graph by inverting GNN. Specifically, we propose a projected gradient module to tackle the discreteness of graph edges while preserving the sparsity and smoothness of graph features. We design a graph auto-encoder module to efficiently exploit graph topology, node attributes, and target model parameters for edge inference.
  arXiv  Detail & Related papers  (2021-06-05T07:07:52Z)
• Adversarial Privacy Preserving Graph Embedding against Inference Attack [9.90348608491218]
  Graph embedding has been proved extremely useful to learn low-dimensional feature representations from graph structured data. Existing graph embedding methods do not consider users' privacy to prevent inference attacks. We propose Adrial Privacy Graph Embedding (APGE), a graph adversarial training framework that integrates the disentangling and purging mechanisms to remove users' private information from learned node representations.
  arXiv  Detail & Related papers  (2020-08-30T00:06:49Z)
• Locally Private Graph Neural Networks [12.473486843211573]
  We study the problem of node data privacy, where graph nodes have potentially sensitive data that is kept private. We develop a privacy-preserving, architecture-agnostic GNN learning algorithm with formal privacy guarantees. Experiments conducted over real-world datasets demonstrate that our method can maintain a satisfying level of accuracy with low privacy loss.
  arXiv  Detail & Related papers  (2020-06-09T22:36:06Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.