Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Adversarial Attacks on Locally Private Graph Neural Networks

Matta Varun, Ajay Kumar Dhakar, Yuan Hong, Shamik Sural

Abstract

Graph neural network (GNN) is a powerful tool for analyzing graph-structured data. However, their vulnerability to adversarial attacks raises serious concerns, especially when dealing with sensitive information. Local Differential Privacy (LDP) offers a privacy-preserving framework for training GNNs, but its impact on adversarial robustness remains underexplored. This paper investigates adversarial attacks on LDP-protected GNNs. We explore how the privacy guarantees of LDP can be leveraged or hindered by adversarial perturbations. The effectiveness of existing attack methods on LDP-protected GNNs are analyzed and potential challenges in crafting adversarial examples under LDP constraints are discussed. Additionally, we suggest directions for defending LDP-protected GNNs against adversarial attacks. This work investigates the interplay between privacy and security in graph learning, highlighting the need for robust and privacy-preserving GNN architectures.

Adversarial Attacks on Locally Private Graph Neural Networks

Abstract

Graph neural network (GNN) is a powerful tool for analyzing graph-structured data. However, their vulnerability to adversarial attacks raises serious concerns, especially when dealing with sensitive information. Local Differential Privacy (LDP) offers a privacy-preserving framework for training GNNs, but its impact on adversarial robustness remains underexplored. This paper investigates adversarial attacks on LDP-protected GNNs. We explore how the privacy guarantees of LDP can be leveraged or hindered by adversarial perturbations. The effectiveness of existing attack methods on LDP-protected GNNs are analyzed and potential challenges in crafting adversarial examples under LDP constraints are discussed. Additionally, we suggest directions for defending LDP-protected GNNs against adversarial attacks. This work investigates the interplay between privacy and security in graph learning, highlighting the need for robust and privacy-preserving GNN architectures.
Paper Structure (19 sections, 4 equations, 9 figures, 6 tables, 1 algorithm)

This paper contains 19 sections, 4 equations, 9 figures, 6 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Preliminaries
  3. Proposed Attacks
  4. Classical Attacks
  5. Node Injection Attack
  6. Label-Flipping Attack
  7. Inference Attack
  8. Poisoning Attack
  9. Experiments
  10. Classical Attack Experiments
  11. Node Injection Attack Results
  12. Label Flipping Attack Results
  13. Impact of Feature and Label Perturbation Step Sizes
  14. Data Poisoning Attack Results
  15. LPGNN Inference Attack Results
  16. ...and 4 more sections

Figures (9)

  • Figure 1: Visualization of Node Injection Attack on LPGNN.
  • Figure 2: Visualization of Label Flipping Attack on LPGNN.
  • Figure 3: Visualization of Inference Attack on LPGNN.
  • Figure 4: Visualization of Poisoning Attack on LPGNN.
  • Figure 5: Node Injection Attack results against the number of nodes injected into the graph as a percentage of total initial nodes
  • ...and 4 more figures