NetFense: Adversarial Defenses Against Privacy Attacks on Neural Networks for Graph Data

I. Chung Hsieh, Cheng Te Li

研究成果: Article同行評審

7 引文 斯高帕斯(Scopus)

摘要

Recent advances in protecting node privacy on graph data and attacking graph neural networks (GNNs) gain much attention. The eye does not bring these two essential tasks together yet. Imagine an adversary can utilize the powerful GNNs to infer users' private labels in a social network. How can we adversarially defend against such privacy attacks while maintaining the utility of perturbed graphs? In this work, we propose a novel research task, adversarial defenses against GNN-based privacy attacks, and present a graph perturbation-based approach, NetFense, to achieve the goal. NetFense can simultaneously keep graph data unnoticeability (i.e., having limited changes on the graph structure), maintain the prediction confidence of targeted label classification (i.e., preserving data utility), and reduce the prediction confidence of private label classification (i.e., protecting the privacy of nodes). Experiments conducted on single- and multiple-target perturbations using three real graph data exhibit that the perturbed graphs by NetFense can effectively maintain data utility (i.e., model unnoticeability) on targeted label classification and significantly decrease the prediction confidence of private label classification (i.e., privacy protection). Extensive studies also bring several insights, such as the flexibility of NetFense, preserving local neighborhoods in data unnoticeability, and better privacy protection for high-degree nodes.

原文English
頁(從 - 到)796-809
頁數14
期刊IEEE Transactions on Knowledge and Data Engineering
35
發行號1
DOIs
出版狀態Published - 2023 1月 1

All Science Journal Classification (ASJC) codes

  • 資訊系統
  • 電腦科學應用
  • 計算機理論與數學

指紋

深入研究「NetFense: Adversarial Defenses Against Privacy Attacks on Neural Networks for Graph Data」主題。共同形成了獨特的指紋。

引用此