Node Injection Link Stealing Attack

TL;DR

This paper introduces a stealthy attack on Graph Neural Networks that infers private links, demonstrating significant privacy vulnerabilities and exploring privacy-preserving defenses like differential privacy.

Contribution

It presents a novel link inference attack on GNNs in an inductive setting and evaluates privacy-preserving methods to counteract this attack.

Findings

The attack outperforms existing methods in link inference accuracy.

Differential privacy mechanisms can reduce attack success but affect model utility.

Privacy vulnerabilities are inherent in GNNs, requiring robust defenses.

Abstract

In this paper, we present a stealthy and effective attack that exposes privacy vulnerabilities in Graph Neural Networks (GNNs) by inferring private links within graph-structured data. Focusing on the inductive setting where new nodes join the graph and an API is used to query predictions, we investigate the potential leakage of private edge information. We also propose methods to preserve privacy while maintaining model utility. Our attack demonstrates superior performance in inferring the links compared to the state of the art. Furthermore, we examine the application of differential privacy (DP) mechanisms to mitigate the impact of our proposed attack, we analyze the trade-off between privacy preservation and model utility. Our work highlights the privacy vulnerabilities inherent in GNNs, underscoring the importance of developing robust privacy-preserving mechanisms for their application.