LinkThief: Combining Generalized Structure Knowledge with Node Similarity for Link Stealing Attack against GNN
Abstract: Graph neural networks (GNNs) have a wide range of applications in multimedia. Recent studies have shown that GNNs are vulnerable to link stealing attacks, which infers the existence of edges in the target GNN’s training graph. Existing methods are usually based on the assumption that links exist between two nodes that share similar posteriors; however, they fail to focus on links that do not hold under this assumption. To this end, we propose LinkThief, an improved link stealing attack that combines generalized structure knowledge with node similarity, in a scenario where the attackers' background knowledge contains partially leaked target graph and shadow graph.
Specifically, to equip the attack model with insights into the link structure spanning both the shadow graph and the target graph, we introduce the idea of creating a Shadow-Target Bridge Graph and extracting edge subgraph structure features from it.
Through theoretical analysis from the perspective of privacy theft, we first explore how to implement the aforementioned ideas. Building upon the findings, we design the Bridge Graph Generator to construct the Shadow-Target Bridge Graph. Then, the subgraph around the link is sampled by the Edge Subgraph Preparation Module. Finally, the Edge Structure Feature Extractor is designed to obtain generalized structure knowledge, which is combined with node similarity to form the features provided to the attack model.
Extensive experiments validate the correctness of theoretical analysis and demonstrate that LinkThief still effectively steals links without extra assumptions.
Primary Subject Area: [Content] Multimodal Fusion
Secondary Subject Area: [Experience] Multimedia Applications, [Experience] Interactions and Quality of Experience, [Content] Media Interpretation
Relevance To Conference: GNN can efficiently learn features from multi-modal data and generate high-order representations that can reflect global structure and local features, which is crucial for tasks such as multi-modal sentiment analysis, social network analysis, and cross-media retrieval. Despite their excellent performance in various tasks, recent studies have shown that graph neural networks are vulnerable to privacy attacks, such as model extraction attacks, attribute inference attacks, and membership inference attacks. As a link-level membership inference attack, the link stealing attack can infer the relationship between the nodes that are used to train the target multimodal GNN. For example, in a GNN-based physician recommendation system, a patient and a heart specialist are represented as two nodes in a graph. The attacker hijackes the representations of the two nodes and inputs them into the attack model, which infers that there is a link between the two nodes and then infers whether the patient has a heart attack or not. This triggers a crisis of confidence in multimodal GNN systems. Therefore, the study of link stealing attacks is very important for the security of multimedia systems.
Supplementary Material: zip
Submission Number: 3664
Loading