What problem does this paper attempt to address?

The problem that this paper attempts to solve is the privacy leakage problem in graph neural networks (GNNs), especially for link - stealing attacks. Specifically, the author focuses on how to use the diffusion model to steal the link relationships between nodes in GNNs, thereby revealing the privacy risks of GNNs in application scenarios such as recommendation systems. ### Main problems 1. **Effectiveness of link - stealing attacks**: The performance of existing link - stealing attack methods in different attack scenarios is limited and it is difficult to adapt to multiple attack scenarios. This leads to unstable attack effects, especially poor performance when facing defense mechanisms. 2. **Generalization ability**: Existing methods perform well in specific scenarios but may fail in other scenarios and lack universality. 3. **Adaptability**: Existing methods usually ignore the privacy protection mechanisms of GNNs (such as differential privacy, Dropout, etc.), making them difficult to deal with defensive GNNs in practical applications. ### Solutions proposed in the paper To solve the above problems, the paper proposes a link - stealing attack framework based on the diffusion model, called DM4Steal (Diffusion Model For Link Stealing Attack On Graph Neural Networks). This framework mainly addresses the following three key challenges: 1. **Generality**: - By proposing a new training strategy, the diffusion model can perform effective link - stealing in six different attack scenarios. These scenarios include limited auxiliary knowledge (such as partial sub - graphs, node features, and shadow datasets), thus making DM4Steal widely applicable. 2. **Effectiveness**: - Using the ability of the diffusion model to preserve the semantic structure during the training process, DM4Steal can accurately learn the topological structure of the target graph through the decision - making process of GNNs. Compared with traditional similarity and influence mechanisms, this method reduces the possibility of misjudgment and improves the accuracy of the attack. 3. **Adaptability**: - When GNNs adopt defense mechanisms (such as differential privacy, Dropout), DM4Steal maintains the stability of performance by sampling the scoring model multiple times, thereby achieving a successful adaptive attack on defensive GNNs. ### Experimental verification The paper conducts extensive experiments on eight benchmark datasets and three GNN models, verifying that the performance of DM4Steal in six attack scenarios is better than four baseline methods, and the attack effect on defensive GNNs is still significant. ### Formula display - **Conditional scoring model training loss**: \[ L=\sum_{i = 1}^{L}\frac{\sigma_{i}^{2}}{2}\mathbb{E}\left[\left\|f_{\theta}(\tilde{x},\sigma_{i})-\nabla_{\tilde{x}}\log q_{\sigma_{i}}(\tilde{x}|x)\right\|_{2}^{2}\right] \] - **Annealed Langevin dynamics generation**: \[ \tilde{A}_{t}=\tilde{A}_{t - 1}+\frac{\alpha_{i}}{2}f_{\theta}(\tilde{A}_{t - 1},\sigma_{i})+\sqrt{\alpha_{i}}z_{t} \] where \(\alpha_{i}=\frac{\sigma_{i}^{2}}{\sigma_{L}^{2}}\), \(z_{t}\sim\mathcal{N}(0, 1)\) ### Summary This paper proposes a new link - stealing attack framework DM4Steal by introducing the diffusion model, which effectively solves the deficiencies of existing methods in generalization ability, effectiveness, and adaptability. The experimental results show that DM4Steal performs well in multiple attack scenarios and on defensive GNNs, providing a basis for future research.