Inferring Sensitive Attributes from Knowledge Graph Embeddings: Attack and Defense Strategies

TL;DR

This paper investigates privacy risks in knowledge graph embeddings, demonstrating how sensitive user attributes can be inferred and proposing sanitization methods to mitigate these risks.

Contribution

It introduces a framework for privacy-preserving knowledge graph embeddings using post-processing sanitization techniques to reduce attribute inference attacks.

Findings

Attacks can successfully infer sensitive attributes from KGE outputs.

Sanitization techniques can mitigate privacy risks but may affect recommendation quality.

Trade-offs exist between privacy protection and utility in KGE outputs.

Abstract

Knowledge Graphs (KGs) are a powerful representation of linked data, offering flexibility, semantic richness, and support for knowledge enrichment and reasoning. They help data owners organize and exploit heterogeneous data to provide insightful services (e.g., recommendations), yet real-world KGs are often incomplete, hiding true facts or missing valuable insights. Knowledge graph embedding techniques are commonly used to infer valuable missing information. However, reasoning over KGs can inadvertently expose sensitive user information, even when such data is not explicitly stored. In this work, we investigate the privacy risks associated with KGE-based reasoning, focusing on attribute inference attacks where adversaries attempt to deduce sensitive user attributes from seemingly non-sensitive outputs. We propose and evaluate a framework that mitigates these privacy risks by applying post processing sanitization techniques to KGE outputs. Preliminary results demonstrate the effectiveness of these attacks on the outputs of KGE models, and explore the trade-off between recommendation quality and privacy protection when applying randomization based approaches, highlighting the need to experiment with more advanced techniques in future work to address this issue.