Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

LinkThief: Combining Generalized Structure Knowledge with Node Similarity for Link Stealing Attack against GNN

Yuxing Zhang, Siyuan Meng, Chunchun Chen, Mengyao Peng, Hongyan Gu, Xinli Huang

TL;DR

This work addresses link privacy in graph neural networks by targeting links that are resistant to similarity-based attacks. It introduces LinkThief, a three-module attack that constructs a Shadow-Target Bridge Graph to extract generalized edge-subgraph structure features and fuses them with node similarity to predict link existence. Through Bridge Graph Generator, Edge Subgraph Preparation Module, and Edge Structure Feature Extractor, the approach achieves substantial improvements over baselines across multiple real-world datasets, supported by theoretical privacy-theft analysis. The findings highlight the practical risk of edge privacy leakage in GNNs and demonstrate effective transfer of structural knowledge across leaked and shadow graphs.

Abstract

Graph neural networks(GNNs) have a wide range of applications in multimedia.Recent studies have shown that Graph neural networks(GNNs) are vulnerable to link stealing attacks,which infers the existence of edges in the target GNN's training graph.Existing attacks are usually based on the assumption that links exist between two nodes that share similar posteriors;however,they fail to focus on links that do not hold under this assumption.To this end,we propose LinkThief,an improved link stealing attack that combines generalized structure knowledge with node similarity,in a scenario where the attackers' background knowledge contains partially leaked target graph and shadow graph.Specifically,to equip the attack model with insights into the link structure spanning both the shadow graph and the target graph,we introduce the idea of creating a Shadow-Target Bridge Graph and extracting edge subgraph structure features from it.Through theoretical analysis from the perspective of privacy theft,we first explore how to implement the aforementioned ideas.Building upon the findings,we design the Bridge Graph Generator to construct the Shadow-Target Bridge Graph.Then,the subgraph around the link is sampled by the Edge Subgraph Preparation Module.Finally,the Edge Structure Feature Extractor is designed to obtain generalized structure knowledge,which is combined with node similarity to form the features provided to the attack model.Extensive experiments validate the correctness of theoretical analysis and demonstrate that LinkThief still effectively steals links without extra assumptions.

LinkThief: Combining Generalized Structure Knowledge with Node Similarity for Link Stealing Attack against GNN

TL;DR

This work addresses link privacy in graph neural networks by targeting links that are resistant to similarity-based attacks. It introduces LinkThief, a three-module attack that constructs a Shadow-Target Bridge Graph to extract generalized edge-subgraph structure features and fuses them with node similarity to predict link existence. Through Bridge Graph Generator, Edge Subgraph Preparation Module, and Edge Structure Feature Extractor, the approach achieves substantial improvements over baselines across multiple real-world datasets, supported by theoretical privacy-theft analysis. The findings highlight the practical risk of edge privacy leakage in GNNs and demonstrate effective transfer of structural knowledge across leaked and shadow graphs.

Abstract

Graph neural networks(GNNs) have a wide range of applications in multimedia.Recent studies have shown that Graph neural networks(GNNs) are vulnerable to link stealing attacks,which infers the existence of edges in the target GNN's training graph.Existing attacks are usually based on the assumption that links exist between two nodes that share similar posteriors;however,they fail to focus on links that do not hold under this assumption.To this end,we propose LinkThief,an improved link stealing attack that combines generalized structure knowledge with node similarity,in a scenario where the attackers' background knowledge contains partially leaked target graph and shadow graph.Specifically,to equip the attack model with insights into the link structure spanning both the shadow graph and the target graph,we introduce the idea of creating a Shadow-Target Bridge Graph and extracting edge subgraph structure features from it.Through theoretical analysis from the perspective of privacy theft,we first explore how to implement the aforementioned ideas.Building upon the findings,we design the Bridge Graph Generator to construct the Shadow-Target Bridge Graph.Then,the subgraph around the link is sampled by the Edge Subgraph Preparation Module.Finally,the Edge Structure Feature Extractor is designed to obtain generalized structure knowledge,which is combined with node similarity to form the features provided to the attack model.Extensive experiments validate the correctness of theoretical analysis and demonstrate that LinkThief still effectively steals links without extra assumptions.
Paper Structure (23 sections, 1 theorem, 17 equations, 5 figures, 5 tables)

This paper contains 23 sections, 1 theorem, 17 equations, 5 figures, 5 tables.

Table of Contents

  1. Introduction
  2. PRELIMINARIES
  3. Victim GNNs Model
  4. Threat Model
  5. EXPLORATORY ANALYSIS
  6. Notations
  7. Bottlenecks of Using Nodes Similarity as Attack Feature
  8. Shadow-Target Bridge Graph
  9. Theoretical Analysis of Privacy Theft
  10. Problem Setup
  11. Theoretical Analysis
  12. THE PROPOSED METHOD
  13. Overview
  14. Bridge Graph Generator (BGG)
  15. Edge Subgraph Preparation Module (ESPM)
  16. ...and 8 more sections

Key Result

proposition 1

Given $\mathcal{G}_{i,j}^{r}\sim(n,p,q,\mu,k\mu,d)$ and $D=\frac{p}{p+q}$,

Figures (5)

  • Figure 1: The framework of vanilla Link Stealing Attacks.
  • Figure 2: T-SNE visualization of attack features for links classified as TP, FP, TN, FN across two attack cases.
  • Figure 3: The top left corner is the framework of LinkThief, surrounded by the three modules used in LinkThief.
  • Figure 4: Purple bars denote bridge building by randomly adding links, while pink bars represent our method which minimizes the representation distance. We use uppercase to represent datasets, e.g., B is Brazil.
  • Figure 5: The number of bridges indirectly reflects the proportion of the target node in the edge subgraph.

Theorems & Definitions (4)

  • definition 1: Shadow-Target Bridge Graph
  • definition 2: Density of target nodes in the edge subgraph
  • definition 3: Measurement of privacy theft for edge subgraph structure feature extraction
  • proposition 1