TL;DR
Fed-Listing introduces a gradient-based attack that infers private label distributions in federated GNNs, exposing privacy vulnerabilities even with existing defenses and without access to raw data.
Contribution
This work presents Fed-Listing, a novel method for inferring clients' label distributions in FedGNNs using only final-layer gradients, highlighting privacy risks.
Findings
Fed-Listing outperforms existing baselines in experiments.
It effectively infers label distributions under non-i.i.d. scenarios.
Existing defenses are largely ineffective against Fed-Listing.
Abstract
Federated Graph Neural Networks (FedGNNs) facilitate collaborative learning across multiple clients with graph-structured data while preserving user privacy. However, emerging research indicates that within this setting, shared model updates, particularly gradients, can unintentionally leak sensitive information of local users. Numerous privacy inference attacks have been explored in traditional federated learning and extended to graph settings, but the problem of label distribution inference in FedGNNs remains largely underexplored. In this work, we introduce Fed-Listing (Federated Label Distribution Inference in GNNs), a novel gradient-based attack designed to infer the private label statistics of target clients in FedGNNs without access to raw data or node features. Fed-Listing only leverages the final-layer gradients exchanged during training to uncover statistical patterns that…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
