Graph Federated Unlearning for Privacy Preservation

TL;DR

This paper proposes a novel graph federated unlearning method to effectively remove user data for privacy preservation, addressing challenges of performance degradation and topology maintenance in decentralized graph learning.

Contribution

It introduces two key adjustments—orthogonal unlearning updates and virtual clients—to improve unlearning effectiveness without sacrificing model performance in GFL.

Findings

Our approach outperforms seven baseline methods in privacy preservation.

The method maintains high model accuracy after user data removal.

A new membership inference framework validates privacy guarantees.

Abstract

Graph federated learning (GFL) facilitates decentralized training on distributed graph data while keeping sensitive user information local, aligning with policies such as GDPR and CCPA that grant users the right to freely join or withdraw from learning systems. However, even decentralized, user information can persist after quitting, potentially propagating to central servers and then redistributing to malicious clients. This privacy leakage during user withdrawal, despite its importance, has received seldom attention in GFL. To fill the gap, we explore the potential of machine unlearning (MU) to thoroughly remove user information. However, classical MU methods are known to degrade overall performance, a problem that is exacerbated in GFL due to local message passing and global model collaboration. To this end, we make two adjustments to mitigate this challenge for GFL. First, we ensure unlearning updates that minimally affect overall performance, steering them in directions orthogonal to the gradients from learning other data. Second, we introduce virtual clients, maintained by the central server, to preserve graph topology and global embeddings without recovering information of removed entities. We conduct comprehensive experiments under a representative user-withdrawal scenario and propose a novel membership inference framework to rigorously evaluate and validate the reliability of our privacy preservation. The experimental results demonstrate the effectiveness of our approach, which also surpasses the performance of seven state-of-the-art baseline methods.