GraphTheft: Quantifying Privacy Risks in Graph Prompt Learning

TL;DR

This paper evaluates privacy risks in Graph Prompt Learning (GPL), revealing high success rates of attribute and link inference attacks, and explores defense mechanisms like Laplacian noise to mitigate these vulnerabilities.

Contribution

First comprehensive assessment of privacy leakage in GPL, comparing attack capabilities and analyzing the effectiveness of defense strategies.

Findings

Attack success rates as high as 98% on some datasets.

Prompt-tuning does not significantly increase privacy risks over traditional GNNs.

Laplacian noise perturbation can reduce inference success, but impacts model performance.

Abstract

Graph Prompt Learning (GPL) represents an innovative approach in graph representation learning, enabling task-specific adaptations by fine-tuning prompts without altering the underlying pre-trained model. Despite its growing prominence, the privacy risks inherent in GPL remain unexplored. In this study, we provide the first evaluation of privacy leakage in GPL across three attacker capabilities: black-box attacks when GPL as a service, and scenarios where node embeddings and prompt representations are accessible to third parties. We assess GPL's privacy vulnerabilities through Attribute Inference Attacks (AIAs) and Link Inference Attacks (LIAs), finding that under any capability, attackers can effectively infer the properties and relationships of sensitive nodes, and the success rate of inference on some data sets is as high as 98%. Importantly, while targeted inference attacks on specific prompts (e.g., GPF-plus) maintain high success rates, our analysis suggests that the prompt-tuning in GPL does not significantly elevate privacy risks compared to traditional GNNs. To mitigate these risks, we explored defense mechanisms, identifying that Laplacian noise perturbation can substantially reduce inference success, though balancing privacy protection with model performance remains challenging. This work highlights critical privacy risks in GPL, offering new insights and foundational directions for future privacy-preserving strategies in graph learning.