Computer Science

Computer Science ›› 2023, Vol. 50 ›› Issue (7): 332-338.doi: 10.11896/jsjkx.220900038

• Information Security • Previous Articles     Next Articles

Data Reconstruction Attack for Vertical Graph Federated Learning

LI Rongchang1, ZHENG Haibin1, ZHAO Wenhong2, CHEN Jinyin1,3   

  1. 1 College of Information Engineering,Zhejiang University of Technology,Hangzhou 310023,China
    2 College of Information Engineering,Jiaxing Nanhu University,Jiaxing,Zhejiang 314001,China
    3 Institute of Cyberspace Security,Zhejiang University of Technology,Hangzhou 310023,China
  • Received:2022-09-05 Revised:2022-12-05 Online:2023-07-15 Published:2023-07-05
  • About author:LI Rongchang,born in 1998,postgra-duate.His main research interests include federated learning and graph neural network.CHEN Jinyin,born in 1982,Ph.D,professor.Her main research interests include artificial intelligence security,data mining and intelligent computing.
  • Supported by:
    National Natural Science Foundation of China(62072406),National Key Laboratory of Science and Technology on Information System Security(61421110502),Key R & D Projects in Zhejiang Province(2021C01117),2020 Industrial Internet Innovation Development Project(TC200H01V) and “Ten Thousand Talents Program” in Zhejiang Province(2020R52011).

PDF (PC)

731

Abstract: Recently,data privacy protection regulations restrict the direct exchange of raw data between different graph data ow-ners,resulting in the phenomenon of “data silos”.To solve this problem,vertical federated learning graph neural network realizes distributed training of graph data by secretly exchanging embeddings,and has been widely used in many real-world fields,such as drug discovery,user discovery,and product recommendation.However,honest participants in vertical federated learning graph neural network still have the risk of privacy leakage during training.This paper proposes a private embedding representation reconstruction attack based on the generative network,and reconstructs the private data of the participant by the output of the ge-nerative network is approximated with the confidence published from server with the norm loss function.Experimental results show that the embedding representation reconstruction attack can completely reconstruct the embedding representation of the participants on the Cora,Citeseer and Pubmed datasets,which highlights the risk of leakage of the participant embedding representation in VFL-GNN.

Key words: Graph neural network, Privacy leakage, Federated learning, Generative network, Differential privacy

CLC Number: 

  • TP391
[1]FAN W Q,MA Y,LI Q,et al.Graph neural networks for social recommendation[C]//The World Wide Web Conference.ACM,2019:417-426.
[2]WANG X Y,MA Y,WANG Y Q,et al.Traffic flow prediction via spatial temporal graph neural network[C]//The World Wide Web Conference.ACM,2020:1082-1092.
[3]XIAO C,XU L L.Loosely Coupled Graph Convolutional Neural Network for Text Classification[J].Journal of Chinese Compu-ter Systems,2021,42(3):449-453.
[4]VOIGT P,AXEL VON DEM B.The EU General Data Protection Regulation(Gdpr)[M].Cham:Springer International Publishing,2017.
[5]Data Security Law of the People’s Republic of China [J].Bulletin of the Standing Committee of the National People’s Congress of the People’s Republic of China,2021(5):951-956.
[6]YANG Q,LIU Y,CHENG Y,et al.Federated learning[J].Synthesis Lectures on Artificial Intelligence and Machine Learning,2019,13(3):1-207.
[7]CHEN C C,ZHOU J,ZHENG L F,et al.Vertically Federated Graph Neural Network for Privacy-Preserving Node Classification[C]//Proceedings of the Thirty-First International Joint Conference on Artificial Intelligence.2022:1959-1965.
[8]ZHOU H K,HUA B.Homomorphic Encryption Offloading and Its Application in Privacy-preserving Computing[J].Journal of Chinese Computer Systems,2021,42(3):595-600.
[9]NI X,XU X L,LYU L J,et al.A Vertical Federated Learning Framework for Graph Convolutional Network[J].arXiv:2106.11593,2021.
[10]HE C Y,KESHAV B,EMIR C,et al.Fedgraphnn:A federated learning system and benchmark for graph neural networks[J].arXiv:2104.07145,2021.
[11]DUDDU V,BOUTET A,SHEJWALKAR V.Quantifying Privacy Leakage in Graph Embedding[C]//MobiQuitous’20:Computing,Networking and Services.ACM,2020:76-85.
[12]ZHANG Z K,CHEN M,MICHAEL B,et al.Inference Attacks Against Graph Neural Networks[C]//Proceedings of the 31th USENIX Security Symposium.USENIX,2022:1-18.
[13]WANG Y,SUN L.Membership inference attacks on knowledge graphs[J].arXiv:2104.08273,2021.
[14]WU B,YANG X W,PAN S,et al.Adapting membership infe-rence attacks to gnn for graph classification:Approaches and implications[C]//IEEE International Conference on Data Mining.IEEE,2021:1421-1426.
[15]LIAO P Y,ZHAO H,XU K,et al.Informationobfuscation of graph neural networks[C]//Proceedings of the 38th International Conference on Machine Learning.PMLR,2021:6600-6610.
[16]MCMAHAN B,MOORE E,RAMAGE D,et al.Communica-tion-efficient learning of deep networks from decentralized data[C]//Proceedings of the 20th International Conference on Artificial Intelligence and Statistics.PMLR,2017:1273-1282.
[17]WU C H,WU F Z,CAO Y,et al.Fedgnn:Federated graph neural network for privacy-preserving recommendation[J].arXiv:2102.04925,2021.
[18]LI O,SUN J K,YANG X,et al.Label leakage and protection in two-party split learning[J].arXiv:2102.08504,2021.
[19]FU C,ZHANG X H,JI S L,et al.Label inference attacksagainst vertical federated learning[C]//31st USENIX Security Symposium.USENIX,2022:1-18.
[20]WENG H Q,ZHANG J,XUE F,et al.Privacy leakage of real-world vertical federated learning[J].arXiv:2011.09290,2020.
[21]JIANG X,ZHOU X B,GROSSKLAGS J.Comprehensive analysis of privacy leakage in vertical federated learning during prediction[J].Proceedings of Privacy Enhancing Technologies,2022(2):263-281.
[22]JIN X,CHEN P Y,HSU C Y,et al.CAFE:Catastrophic data leakage in vertical federated learning[C]//Advances in Neural Information Processing Systems.NeurIPS,2021:994-1006.
[23]KIPF T N,WELLING M.Semi-Supervised Classification withGraph Convolutional Networks[C]//5th International Confe-rence on Learning Representations.2017:1-14.
[24]ABADI M,CHU A,GOODFELLOW I,et al.Deep learning with differential privacy[C]//Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security.ACM,2016:308-318.
[25]DWORK C,ROTH A.The Algorithmic Foundations of Diffe-rential Privacy[J].Foundations and Trends in Theoretical Computer Science,2014:9(3/4):211-407.
[1] JIANG Linpu, CHEN Kejia. Self-supervised Dynamic Graph Representation Learning Approach Based on Contrastive Prediction [J]. Computer Science, 2023, 50(7): 207-212.
[2] LI Fan, JIA Dongli, YAO Yumin, TU Jun. Graph Neural Network Few Shot Image Classification Network Based on Residual and Self-attention Mechanism [J]. Computer Science, 2023, 50(6A): 220500104-5.
[3] ZHANG Lianfu, TAN Zuowen. Robust Federated Learning Algorithm Based on Adaptive Weighting [J]. Computer Science, 2023, 50(6A): 230200188-9.
[4] GU Shouke, CHEN Wen. Function Level Code Vulnerability Detection Method of Graph Neural Network Based on Extended AST [J]. Computer Science, 2023, 50(6): 283-290.
[5] WANG Huiyan, YU Minghe, YU Ge. Deep Learning-based Heterogeneous Information Network Representation:A Survey [J]. Computer Science, 2023, 50(5): 103-114.
[6] ZHAO Yuqi, YANG Min. Review of Differential Privacy Research [J]. Computer Science, 2023, 50(4): 265-276.
[7] ZHONG Jialin, WU Yahui, DENG Su, ZHOU Haohao, MA Wubin. Multi-objective Federated Learning Evolutionary Algorithm Based on Improved NSGA-III [J]. Computer Science, 2023, 50(4): 333-342.
[8] DONG Chengyu, LYU Mingqi, CHEN Tieming, ZHU Tiantian. Heterogeneous Provenance Graph Learning Model Based APT Detection [J]. Computer Science, 2023, 50(4): 359-368.
[9] SHAO Yunfei, SONG You, WANG Baohui. Study on Degree of Node Based Personalized Propagation of Neural Predictions forSocial Networks [J]. Computer Science, 2023, 50(4): 16-21.
[10] PENG Yuefeng, ZHAO Bo, LIU Hui, AN Yang. Survey on Membership Inference Attacks Against Machine Learning [J]. Computer Science, 2023, 50(3): 351-359.
[11] CHEN Fuqiang, KOU Jiamin, SU Limin, LI Ke. Multi-information Optimized Entity Alignment Model Based on Graph Neural Network [J]. Computer Science, 2023, 50(3): 34-41.
[12] YU Jian, ZHAO Mankun, GAO Jie, WANG Congyuan, LI Yarong, ZHANG Wenbin. Study on Graph Neural Networks Social Recommendation Based on High-order and Temporal Features [J]. Computer Science, 2023, 50(3): 49-64.
[13] LIU Likang, ZHOU Chunlai. RCP:Mean Value Protection Technology Under Local Differential Privacy [J]. Computer Science, 2023, 50(2): 333-345.
[14] ZHANG Qi, YU Shuangyuan, YIN Hongfeng, XU Baomin. Neural Collaborative Filtering for Social Recommendation Algorithm Based on Graph Attention [J]. Computer Science, 2023, 50(2): 115-122.
[15] HAO Jingyu, WEN Jingxuan, LIU Huafeng, JING Liping, YU Jian. Deep Disentangled Collaborative Filtering with Graph Global Information [J]. Computer Science, 2023, 50(1): 41-51.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.