VertexSerum: Poisoning Graph Neural Networks for Link Inference

TL;DR

VertexSerum is a novel graph poisoning attack that enhances link inference accuracy in GNNs by amplifying connectivity leakage, outperforming state-of-the-art methods across multiple datasets and settings.

Contribution

We introduce VertexSerum, a new poisoning attack with an attention-based mechanism that significantly improves link inference in GNNs compared to existing methods.

Findings

VertexSerum improves AUC scores by 9.8% on average.

It outperforms SOTA link inference attacks across datasets.

Effective in black-box and online learning scenarios.

Abstract

Graph neural networks (GNNs) have brought superb performance to various applications utilizing graph structural data, such as social analysis and fraud detection. The graph links, e.g., social relationships and transaction history, are sensitive and valuable information, which raises privacy concerns when using GNNs. To exploit these vulnerabilities, we propose VertexSerum, a novel graph poisoning attack that increases the effectiveness of graph link stealing by amplifying the link connectivity leakage. To infer node adjacency more accurately, we propose an attention mechanism that can be embedded into the link detection network. Our experiments demonstrate that VertexSerum significantly outperforms the SOTA link inference attack, improving the AUC scores by an average of $9.8\%$ across four real-world datasets and three different GNN structures. Furthermore, our experiments reveal the effectiveness of VertexSerum in both black-box and online learning settings, further validating its applicability in real-world scenarios.