Data Poisoning Attacks to Local Differential Privacy Protocols for Graphs
Xi He, Kai Huang, Qingqing Ye, Haibo Hu
TL;DR
The paper addresses privacy-preserving graph analysis under Local Differential Privacy (LDP) and demonstrates that attackers can inject fake users to corrupt graph metrics. It introduces three data-poisoning attacks—Random Value Attack (RVA), Random Node Attack (RNA), and Maximal Gain Attack (MGA)—and proves that MGA can maximally distort targeted metrics via an optimization that increases connections to target nodes within budget constraints; two countermeasures are proposed but shown largely ineffective. Experimental results on four real-world graphs show substantial degradation in degree centrality and clustering coefficient under MGA, with MGA consistently outperforming baselines across varying privacy budgets and attacker fractions—and the countermeasures failing to offset the impact. The work highlights a critical security gap in graph-LDP protocols and motivates the development of novel defenses for decentralized graph data analysis pipelines.
Abstract
Graph analysis has become increasingly popular with the prevalence of big data and machine learning. Traditional graph data analysis methods often assume the existence of a trusted third party to collect and store the graph data, which does not align with real-world situations. To address this, some research has proposed utilizing Local Differential Privacy (LDP) to collect graph data or graph metrics (e.g., clustering coefficient). This line of research focuses on collecting two atomic graph metrics (the adjacency bit vectors and node degrees) from each node locally under LDP to synthesize an entire graph or generate graph metrics. However, they have not considered the security issues of LDP for graphs. In this paper, we bridge the gap by demonstrating that an attacker can inject fake users into LDP protocols for graphs and design data poisoning attacks to degrade the quality of graph metrics. In particular, we present three data poisoning attacks to LDP protocols for graphs. As a proof of concept, we focus on data poisoning attacks on two classical graph metrics: degree centrality and clustering coefficient. We further design two countermeasures for these data poisoning attacks. Experimental study on real-world datasets demonstrates that our attacks can largely degrade the quality of collected graph metrics, and the proposed countermeasures cannot effectively offset the effect, which calls for the development of new defenses.