Adversarial Attacks on Locally Private Graph Neural Networks

TL;DR

This paper examines how adversarial attacks affect graph neural networks protected by local differential privacy, analyzing attack effectiveness and discussing defense strategies to enhance robustness while preserving privacy.

Contribution

It is the first to analyze adversarial vulnerabilities of LDP-protected GNNs and explores the interplay between privacy guarantees and attack resilience.

Findings

Existing attack methods can partially compromise LDP-protected GNNs.

LDP constraints pose challenges for crafting effective adversarial examples.

Directions for improving robustness of privacy-preserving GNNs are discussed.

Abstract

Graph neural network (GNN) is a powerful tool for analyzing graph-structured data. However, their vulnerability to adversarial attacks raises serious concerns, especially when dealing with sensitive information. Local Differential Privacy (LDP) offers a privacy-preserving framework for training GNNs, but its impact on adversarial robustness remains underexplored. This paper investigates adversarial attacks on LDP-protected GNNs. We explore how the privacy guarantees of LDP can be leveraged or hindered by adversarial perturbations. The effectiveness of existing attack methods on LDP-protected GNNs are analyzed and potential challenges in crafting adversarial examples under LDP constraints are discussed. Additionally, we suggest directions for defending LDP-protected GNNs against adversarial attacks. This work investigates the interplay between privacy and security in graph learning, highlighting the need for robust and privacy-preserving GNN architectures.