LinkThief: Combining Generalized Structure Knowledge with Node Similarity for Link Stealing Attack against GNN

Yuxing Zhang,Siyuan Meng,Chunchun Chen,Mengyao Peng,Hongyan Gu,Xinli Huang
DOI: https://doi.org/10.1145/3664647.3681381
2024-10-01
Abstract:Graph neural networks(GNNs) have a wide range of applications in <a class="link-external link-http" href="http://multimedia.Recent" rel="external noopener nofollow">this http URL</a> studies have shown that Graph neural networks(GNNs) are vulnerable to link stealing attacks,which infers the existence of edges in the target GNN's training <a class="link-external link-http" href="http://graph.Existing" rel="external noopener nofollow">this http URL</a> attacks are usually based on the assumption that links exist between two nodes that share similar posteriors;however,they fail to focus on links that do not hold under this <a class="link-external link-http" href="http://assumption.To" rel="external noopener nofollow">this http URL</a> this end,we propose LinkThief,an improved link stealing attack that combines generalized structure knowledge with node similarity,in a scenario where the attackers' background knowledge contains partially leaked target graph and shadow <a class="link-external link-http" href="http://graph.Specifically" rel="external noopener nofollow">this http URL</a>,to equip the attack model with insights into the link structure spanning both the shadow graph and the target graph,we introduce the idea of creating a Shadow-Target Bridge Graph and extracting edge subgraph structure features from <a class="link-external link-http" href="http://it.Through" rel="external noopener nofollow">this http URL</a> theoretical analysis from the perspective of privacy theft,we first explore how to implement the aforementioned <a class="link-external link-http" href="http://ideas.Building" rel="external noopener nofollow">this http URL</a> upon the findings,we design the Bridge Graph Generator to construct the Shadow-Target Bridge <a class="link-external link-http" href="http://Graph.Then" rel="external noopener nofollow">this http URL</a>,the subgraph around the link is sampled by the Edge Subgraph Preparation <a class="link-external link-http" href="http://Module.Finally" rel="external noopener nofollow">this http URL</a>,the Edge Structure Feature Extractor is designed to obtain generalized structure knowledge,which is combined with node similarity to form the features provided to the attack <a class="link-external link-http" href="http://model.Extensive" rel="external noopener nofollow">this http URL</a> experiments validate the correctness of theoretical analysis and demonstrate that LinkThief still effectively steals links without extra assumptions.
Cryptography and Security,Artificial Intelligence,Machine Learning
What problem does this paper attempt to address?
The problem that this paper attempts to solve is: **How to effectively carry out link - stealing attacks in Graph Neural Networks (GNNs), especially for those links where node - similarity - based attack methods are ineffective**. ### Specific Problem Description 1. **Limitations of Existing Link - Stealing Attacks**: - Existing link - stealing attacks mainly rely on the similarity of node posterior distributions to infer the existence of links. However, this method may fail in some cases. For example, when predicting the gender of users in a social network, users of different genders may have different posterior distributions, resulting in the links between these users being unable to be inferred through similarity. 2. **The Need to Introduce Structural Knowledge**: - In order to overcome the limitations of relying solely on node similarity, additional structural information needs to be introduced. Specifically, the paper proposes to combine generalized structural knowledge and node similarity to improve the effectiveness of link - stealing attacks. ### Solutions Proposed in the Paper The paper proposes an improved link - stealing attack framework named **LinkThief**, whose core idea is to combine generalized structural knowledge and node similarity. Specifically, it includes the following aspects: 1. **Shadow - Target Bridge Graph**: - Construct a bridge graph (Bridge Graph) that connects the partially leaked target graph and the shadow graph to extract the structural features of the edge subgraphs. This helps to transfer structural information between different graphs, thereby improving the attack effectiveness. 2. **Edge Subgraph Preparation Module (ESPM)**: - Design a module for sampling edge subgraphs from the bridge graph and assign structural labels to each subgraph. This can ensure that the sampled subgraphs contain sufficient structural information. 3. **Edge Structure Feature Extractor (ESFE)**: - Extract the structural features of the edge subgraphs and fuse these features with node similarity through cross - view contrastive learning to form the final attack features. ### Validation of the Effectiveness of the Method Through experiments on multiple real - world datasets, the paper verifies the effectiveness of LinkThief in stealing those links where similarity - based attacks are ineffective. The experimental results show that LinkThief can successfully steal links without adding additional assumptions. ### Summary The core problem of this paper is to solve the problem of the failure of existing link - stealing attacks in specific scenarios. By introducing the combination of generalized structural knowledge and node similarity, a more effective attack method is proposed.