A Unified Framework of Graph Information Bottleneck for Robustness and Membership Privacy

TL;DR

This paper introduces a unified graph information bottleneck framework that enhances the robustness of Graph Neural Networks against adversarial attacks and protects against membership inference attacks, addressing a critical privacy and security challenge.

Contribution

The work proposes a novel graph information bottleneck method that mitigates structural noise and incorporates pseudo labels to improve robustness and privacy in GNNs.

Findings

Achieves robust predictions on real-world datasets.

Simultaneously preserves membership privacy.

Effectively reduces structural noise in graph data.

Abstract

Graph Neural Networks (GNNs) have achieved great success in modeling graph-structured data. However, recent works show that GNNs are vulnerable to adversarial attacks which can fool the GNN model to make desired predictions of the attacker. In addition, training data of GNNs can be leaked under membership inference attacks. This largely hinders the adoption of GNNs in high-stake domains such as e-commerce, finance and bioinformatics. Though investigations have been made in conducting robust predictions and protecting membership privacy, they generally fail to simultaneously consider the robustness and membership privacy. Therefore, in this work, we study a novel problem of developing robust and membership privacy-preserving GNNs. Our analysis shows that Information Bottleneck (IB) can help filter out noisy information and regularize the predictions on labeled samples, which can benefit robustness and membership privacy. However, structural noises and lack of labels in node classification challenge the deployment of IB on graph-structured data. To mitigate these issues, we propose a novel graph information bottleneck framework that can alleviate structural noises with neighbor bottleneck. Pseudo labels are also incorporated in the optimization to minimize the gap between the predictions on the labeled set and unlabeled set for membership privacy. Extensive experiments on real-world datasets demonstrate that our method can give robust predictions and simultaneously preserve membership privacy.