NetFense: Adversarial Defenses against Privacy Attacks on Neural Networks for Graph Data

06/22/2021
by   I-Chung Hsieh, et al.
0

Recent advances in protecting node privacy on graph data and attacking graph neural networks (GNNs) gain much attention. The eye does not bring these two essential tasks together yet. Imagine an adversary can utilize the powerful GNNs to infer users' private labels in a social network. How can we adversarially defend against such privacy attacks while maintaining the utility of perturbed graphs? In this work, we propose a novel research task, adversarial defenses against GNN-based privacy attacks, and present a graph perturbation-based approach, NetFense, to achieve the goal. NetFense can simultaneously keep graph data unnoticeability (i.e., having limited changes on the graph structure), maintain the prediction confidence of targeted label classification (i.e., preserving data utility), and reduce the prediction confidence of private label classification (i.e., protecting the privacy of nodes). Experiments conducted on single- and multiple-target perturbations using three real graph data exhibit that the perturbed graphs by NetFense can effectively maintain data utility (i.e., model unnoticeability) on targeted label classification and significantly decrease the prediction confidence of private label classification (i.e., privacy protection). Extensive studies also bring several insights, such as the flexibility of NetFense, preserving local neighborhoods in data unnoticeability, and better privacy protection for high-degree nodes.

READ FULL TEXT

page 1

page 9

page 12

page 13

page 14

research
08/21/2021

A Hard Label Black-box Adversarial Attack Against Graph Neural Networks

Graph Neural Networks (GNNs) have achieved state-of-the-art performance ...
research
11/10/2022

Heterogeneous Randomized Response for Differential Privacy in Graph Neural Networks

Graph neural networks (GNNs) are susceptible to privacy inference attack...
research
06/12/2023

Graph Agent Network: Empowering Nodes with Decentralized Communications Capabilities for Adversarial Resilience

End-to-end training with global optimization have popularized graph neur...
research
07/27/2022

Label-Only Membership Inference Attack against Node-Level Graph Neural Networks

Graph Neural Networks (GNNs), inspired by Convolutional Neural Networks ...
research
05/28/2022

Large-Scale Privacy-Preserving Network Embedding against Private Link Inference Attacks

Network embedding represents network nodes by a low-dimensional informat...
research
10/19/2019

Improving Privacy in Graphs Through Node Addition

The rapid growth of computer systems which generate graph data necessita...
research
02/21/2022

Degree-Preserving Randomized Response for Graph Neural Networks under Local Differential Privacy

Differentially private GNNs (Graph Neural Networks) have been recently s...

Please sign up or login with your details

Forgot password? Click here to reset