计算机科学

计算机科学 ›› 2023, Vol. 50 ›› Issue (7): 332-338.doi: 10.11896/jsjkx.220900038

• 信息安全 • 上一篇    下一篇

面向纵向图联邦学习的数据重构攻击方法

李荣昌1, 郑海斌1, 赵文红2, 陈晋音1,3   

  1. 1 浙江工业大学信息工程学院 杭州 310023
    2 嘉兴南湖学院信息工程学院 浙江 嘉兴 314001
    3 浙江工业大学网络空间安全研究院 杭州 310023
  • 收稿日期:2022-09-05 修回日期:2022-12-05 出版日期:2023-07-15 发布日期:2023-07-05
  • 通讯作者: 陈晋音(chenjinyin@zjut.edu.cn)
  • 作者简介:(lrcgnn@163.com)
  • 基金资助:
    国家自然科学基金(62072406);信息系统安全技术重点实验室基金(61421110502);浙江省重点研发计划(2021C01117);2020年工业互联网创新发展工程项目(TC200H01V);浙江省“万人计划”科技创新领军人才项目(2020R52011)

Data Reconstruction Attack for Vertical Graph Federated Learning

LI Rongchang1, ZHENG Haibin1, ZHAO Wenhong2, CHEN Jinyin1,3   

  1. 1 College of Information Engineering,Zhejiang University of Technology,Hangzhou 310023,China
    2 College of Information Engineering,Jiaxing Nanhu University,Jiaxing,Zhejiang 314001,China
    3 Institute of Cyberspace Security,Zhejiang University of Technology,Hangzhou 310023,China
  • Received:2022-09-05 Revised:2022-12-05 Online:2023-07-15 Published:2023-07-05
  • About author:LI Rongchang,born in 1998,postgra-duate.His main research interests include federated learning and graph neural network.CHEN Jinyin,born in 1982,Ph.D,professor.Her main research interests include artificial intelligence security,data mining and intelligent computing.
  • Supported by:
    National Natural Science Foundation of China(62072406),National Key Laboratory of Science and Technology on Information System Security(61421110502),Key R & D Projects in Zhejiang Province(2021C01117),2020 Industrial Internet Innovation Development Project(TC200H01V) and “Ten Thousand Talents Program” in Zhejiang Province(2020R52011).

PDF (PC)

760

摘要: 近年来,数据隐私保护法规限制了不同图数据拥有者之间的数据直接交换,出现了“数据孤岛”现象。为解决上述问题,纵向图联邦学习通过秘密交换嵌入表示的方式实现图数据分布式训练,在众多现实领域具有广泛应用,如药物研发、用户发掘以及商品推荐等。然而,纵向图联邦学习中的诚实参与方在训练过程中仍然存在隐私泄露的风险,为此提出了一个由诚实但好奇的参与方基于生成式网络发动嵌入表示重构攻击,通过范数损失函数使得生成式网络的输出结果向训练公布的置信度逼近,从而重构参与方的隐私数据。实验结果表明,所提嵌入表示重构攻击在Cora,Citeseer以及Pubmed数据集上均能完整地重构参与方的嵌入表示,凸显了纵向图联邦学习中参与方嵌入表示的隐私泄露风险。

关键词: 图神经网络, 隐私泄露, 联邦学习, 生成式网络, 差分隐私

Abstract: Recently,data privacy protection regulations restrict the direct exchange of raw data between different graph data ow-ners,resulting in the phenomenon of “data silos”.To solve this problem,vertical federated learning graph neural network realizes distributed training of graph data by secretly exchanging embeddings,and has been widely used in many real-world fields,such as drug discovery,user discovery,and product recommendation.However,honest participants in vertical federated learning graph neural network still have the risk of privacy leakage during training.This paper proposes a private embedding representation reconstruction attack based on the generative network,and reconstructs the private data of the participant by the output of the ge-nerative network is approximated with the confidence published from server with the norm loss function.Experimental results show that the embedding representation reconstruction attack can completely reconstruct the embedding representation of the participants on the Cora,Citeseer and Pubmed datasets,which highlights the risk of leakage of the participant embedding representation in VFL-GNN.

Key words: Graph neural network, Privacy leakage, Federated learning, Generative network, Differential privacy

中图分类号: 

  • TP391
[1]FAN W Q,MA Y,LI Q,et al.Graph neural networks for social recommendation[C]//The World Wide Web Conference.ACM,2019:417-426.
[2]WANG X Y,MA Y,WANG Y Q,et al.Traffic flow prediction via spatial temporal graph neural network[C]//The World Wide Web Conference.ACM,2020:1082-1092.
[3]XIAO C,XU L L.Loosely Coupled Graph Convolutional Neural Network for Text Classification[J].Journal of Chinese Compu-ter Systems,2021,42(3):449-453.
[4]VOIGT P,AXEL VON DEM B.The EU General Data Protection Regulation(Gdpr)[M].Cham:Springer International Publishing,2017.
[5]Data Security Law of the People’s Republic of China [J].Bulletin of the Standing Committee of the National People’s Congress of the People’s Republic of China,2021(5):951-956.
[6]YANG Q,LIU Y,CHENG Y,et al.Federated learning[J].Synthesis Lectures on Artificial Intelligence and Machine Learning,2019,13(3):1-207.
[7]CHEN C C,ZHOU J,ZHENG L F,et al.Vertically Federated Graph Neural Network for Privacy-Preserving Node Classification[C]//Proceedings of the Thirty-First International Joint Conference on Artificial Intelligence.2022:1959-1965.
[8]ZHOU H K,HUA B.Homomorphic Encryption Offloading and Its Application in Privacy-preserving Computing[J].Journal of Chinese Computer Systems,2021,42(3):595-600.
[9]NI X,XU X L,LYU L J,et al.A Vertical Federated Learning Framework for Graph Convolutional Network[J].arXiv:2106.11593,2021.
[10]HE C Y,KESHAV B,EMIR C,et al.Fedgraphnn:A federated learning system and benchmark for graph neural networks[J].arXiv:2104.07145,2021.
[11]DUDDU V,BOUTET A,SHEJWALKAR V.Quantifying Privacy Leakage in Graph Embedding[C]//MobiQuitous’20:Computing,Networking and Services.ACM,2020:76-85.
[12]ZHANG Z K,CHEN M,MICHAEL B,et al.Inference Attacks Against Graph Neural Networks[C]//Proceedings of the 31th USENIX Security Symposium.USENIX,2022:1-18.
[13]WANG Y,SUN L.Membership inference attacks on knowledge graphs[J].arXiv:2104.08273,2021.
[14]WU B,YANG X W,PAN S,et al.Adapting membership infe-rence attacks to gnn for graph classification:Approaches and implications[C]//IEEE International Conference on Data Mining.IEEE,2021:1421-1426.
[15]LIAO P Y,ZHAO H,XU K,et al.Informationobfuscation of graph neural networks[C]//Proceedings of the 38th International Conference on Machine Learning.PMLR,2021:6600-6610.
[16]MCMAHAN B,MOORE E,RAMAGE D,et al.Communica-tion-efficient learning of deep networks from decentralized data[C]//Proceedings of the 20th International Conference on Artificial Intelligence and Statistics.PMLR,2017:1273-1282.
[17]WU C H,WU F Z,CAO Y,et al.Fedgnn:Federated graph neural network for privacy-preserving recommendation[J].arXiv:2102.04925,2021.
[18]LI O,SUN J K,YANG X,et al.Label leakage and protection in two-party split learning[J].arXiv:2102.08504,2021.
[19]FU C,ZHANG X H,JI S L,et al.Label inference attacksagainst vertical federated learning[C]//31st USENIX Security Symposium.USENIX,2022:1-18.
[20]WENG H Q,ZHANG J,XUE F,et al.Privacy leakage of real-world vertical federated learning[J].arXiv:2011.09290,2020.
[21]JIANG X,ZHOU X B,GROSSKLAGS J.Comprehensive analysis of privacy leakage in vertical federated learning during prediction[J].Proceedings of Privacy Enhancing Technologies,2022(2):263-281.
[22]JIN X,CHEN P Y,HSU C Y,et al.CAFE:Catastrophic data leakage in vertical federated learning[C]//Advances in Neural Information Processing Systems.NeurIPS,2021:994-1006.
[23]KIPF T N,WELLING M.Semi-Supervised Classification withGraph Convolutional Networks[C]//5th International Confe-rence on Learning Representations.2017:1-14.
[24]ABADI M,CHU A,GOODFELLOW I,et al.Deep learning with differential privacy[C]//Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security.ACM,2016:308-318.
[25]DWORK C,ROTH A.The Algorithmic Foundations of Diffe-rential Privacy[J].Foundations and Trends in Theoretical Computer Science,2014:9(3/4):211-407.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发