Stealing Links from Graph Neural Networks
share
Graph data, such as social networks and chemical networks, contains a wealth of information that can help to build powerful applications. To fully unleash the power of graph data, a family of machine learning models, namely graph neural networks (GNNs), is introduced. Empirical results show that GNNs have achieved state-of-the-art performance in various tasks. Graph data is the key to the success of GNNs. High-quality graph is expensive to collect and often contains sensitive information, such as social relations. Various research has shown that machine learning models are vulnerable to attacks against their training data. Most of these models focus on data from the Euclidean space, such as images and texts. Meanwhile, little attention has been paid to the security and privacy risks of graph data used to train GNNs. In this paper, we aim at filling the gap by proposing the first link stealing attacks against graph neural networks. Given a black-box access to a GNN model, the goal of an adversary is to infer whether there exists a link between any pair of nodes in the graph used to train the model. We propose a threat model to systematically characterize the adversary's background knowledge along three dimensions. By combination, we obtain a comprehensive taxonomy of 8 different link stealing attacks. We propose multiple novel methods to realize these attacks. Extensive experiments over 8 real-world datasets show that our attacks are effective at inferring links, e.g., AUC (area under the ROC curve) is above 0.95 in multiple cases.
READ FULL TEXT