TL;DR
NetFense is a novel graph perturbation method designed to defend against GNN-based privacy attacks by maintaining data utility and reducing private label inference, effectively balancing privacy and utility in graph data.
Contribution
This work introduces a new adversarial defense approach, NetFense, that perturbs graph data to protect node privacy while preserving utility for targeted label classification.
Findings
Effective privacy protection against GNN attacks
Maintains high utility for targeted label prediction
Preserves local neighborhood structures
Abstract
Recent advances in protecting node privacy on graph data and attacking graph neural networks (GNNs) gain much attention. The eye does not bring these two essential tasks together yet. Imagine an adversary can utilize the powerful GNNs to infer users' private labels in a social network. How can we adversarially defend against such privacy attacks while maintaining the utility of perturbed graphs? In this work, we propose a novel research task, adversarial defenses against GNN-based privacy attacks, and present a graph perturbation-based approach, NetFense, to achieve the goal. NetFense can simultaneously keep graph data unnoticeability (i.e., having limited changes on the graph structure), maintain the prediction confidence of targeted label classification (i.e., preserving data utility), and reduce the prediction confidence of private label classification (i.e., protecting the privacy…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
