Many data mining tasks rely on graphs to model relational structures among individuals (nodes). Since relational data are often sensitive, there is an urgent need to evaluate the privacy risks in graph data. One famous privacy attack against data analysis models is the model inversion attack, which aims to infer sensitive data in the training dataset and leads to great privacy concerns. Despite its success in grid-like domains, directly applying model inversion attacks on non-grid domains such as graph leads to poor attack performance. This is mainly due to the failure to consider the unique properties of graphs. To bridge this gap, we conduct a systematic study on model inversion attacks against Graph Neural Networks (GNNs), one of the state-of-the-art graph analysis tools in this paper. Firstly, in the white-box setting where the attacker has full access to the target GNN model, we present GraphMI to infer the private training graph data. Specifically, in GraphMI, a projected gradient module is proposed to tackle the discreteness of graph edges and preserve the sparsity and smoothness of graph features; a graph auto-encoder module is used to efficiently exploit graph topology, node attributes, and target model parameters for edge inference; a random sampling module can finally sample discrete edges. Furthermore, in the hard-label black-box setting where the attacker can only query the GNN API and receive the classification results, we propose two methods based on gradient estimation and reinforcement learning (RL-GraphMI). Our experimental results show that such defenses are not sufficiently effective and call for more advanced defenses against privacy attacks.
翻译:许多数据开采任务都依赖于个人(节点)之间模型关系结构的图表。由于关系数据往往是敏感的,因此迫切需要评估图形数据中的隐私风险。一个著名的针对数据分析模型的隐私攻击是模型反向攻击,其目的是在培训数据集中推断敏感数据,并导致对隐私的极大关切。尽管在网格式域中取得了成功,但直接将模型反向攻击用于非网格域(如图表)导致攻击性能差。这主要是因为没有考虑到图形的独特性能。为了缩小这一差距,我们系统研究了对图形神经网络(GNNS)的反向攻击模型,这是本文中最先进的图表分析工具之一。首先,在攻击者能够完全进入目标GNNN模型的白箱设置中,我们提出图MI来推断非网格域域域域域的反向攻击攻击。具体而言,在图MI中,一个预测的梯度模块是为了解决图形边缘的离散性,并保存图形特征的简洁性;一个针对图形神经网络网络网络网络网络的图式攻击攻击模型,这是本文中最新型的硬图解分析工具分析工具,一个用于高的模型的模型,一个用于实验室的升级的GNNNNNNNGB 。在测试模型模型中,在测试模型模型中,在测试模型中可以显示的GNNNG-borbborborb 。