Finding MNEMON: Reviving Memories of Node Embeddings

TL;DR

This paper introduces a novel attack method that can recover graph structures from node embeddings alone, highlighting privacy risks in graph embedding models used in machine learning pipelines.

Contribution

It presents a model-agnostic graph recovery attack that exploits structural information in node embeddings to reconstruct original graphs without model interaction.

Findings

Successfully recovers edges with high accuracy

Demonstrates privacy risks in node embedding models

Applicable to various graph embedding techniques

Abstract

Previous security research efforts orbiting around graphs have been exclusively focusing on either (de-)anonymizing the graphs or understanding the security and privacy issues of graph neural networks. Little attention has been paid to understand the privacy risks of integrating the output from graph embedding models (e.g., node embeddings) with complex downstream machine learning pipelines. In this paper, we fill this gap and propose a novel model-agnostic graph recovery attack that exploits the implicit graph structural information preserved in the embeddings of graph nodes. We show that an adversary can recover edges with decent accuracy by only gaining access to the node embedding matrix of the original graph without interactions with the node embedding models. We demonstrate the effectiveness and applicability of our graph recovery attack through extensive experiments.