Large Language Models for Link Stealing Attacks Against Graph Neural Networks

TL;DR

This paper introduces a novel approach using Large Language Models to perform link stealing attacks on Graph Neural Networks, effectively handling diverse datasets and improving attack success in various scenarios.

Contribution

The paper proposes leveraging LLMs with specialized prompts and multi-dataset fine-tuning to enhance link stealing attacks on GNNs, addressing previous limitations related to data variability.

Findings

Significantly improved attack performance in white-box and black-box scenarios.

Effective handling of diverse dataset features with a single LLM model.

Enhanced generalizability of link stealing attacks across different graph datasets.

Abstract

Graph data contains rich node features and unique edge information, which have been applied across various domains, such as citation networks or recommendation systems. Graph Neural Networks (GNNs) are specialized for handling such data and have shown impressive performance in many applications. However, GNNs may contain of sensitive information and susceptible to privacy attacks. For example, link stealing is a type of attack in which attackers infer whether two nodes are linked or not. Previous link stealing attacks primarily relied on posterior probabilities from the target GNN model, neglecting the significance of node features. Additionally, variations in node classes across different datasets lead to different dimensions of posterior probabilities. The handling of these varying data dimensions posed a challenge in using a single model to effectively conduct link stealing attacks on different datasets. To address these challenges, we introduce Large Language Models (LLMs) to perform link stealing attacks on GNNs. LLMs can effectively integrate textual features and exhibit strong generalizability, enabling attacks to handle diverse data dimensions across various datasets. We design two distinct LLM prompts to effectively combine textual features and posterior probabilities of graph nodes. Through these designed prompts, we fine-tune the LLM to adapt to the link stealing attack task. Furthermore, we fine-tune the LLM using multiple datasets and enable the LLM to learn features from different datasets simultaneously. Experimental results show that our approach significantly enhances the performance of existing link stealing attack tasks in both white-box and black-box scenarios. Our method can execute link stealing attacks across different datasets using only a single model, making link stealing attacks more applicable to real-world scenarios.