Xiaolin Zheng,Zhongyu Wang,Chaochao Chen,Jiashu Qian,Yao Yang

DOI: https://doi.org/10.48550/arXiv.2308.08072

2023-08-16

Abstract:Building a graph neural network (GNN)-based recommender system without violating user privacy proves challenging. Existing methods can be divided into federated GNNs and decentralized GNNs. But both methods have undesirable effects, i.e., low communication efficiency and privacy leakage. This paper proposes DGREC, a novel decentralized GNN for privacy-preserving recommendations, where users can choose to publicize their interactions. It includes three stages, i.e., graph construction, local gradient calculation, and global gradient passing. The first stage builds a local inner-item hypergraph for each user and a global inter-user graph. The second stage models user preference and calculates gradients on each local device. The third stage designs a local differential privacy mechanism named secure gradient-sharing, which proves strong privacy-preserving of users' private data. We conduct extensive experiments on three public datasets to validate the consistent superiority of our framework.

Information Retrieval,Artificial Intelligence,Cryptography and Security,Machine Learning

Zhaoxing Han,Chengyu Hu,Tongyaqi Li,Qingqiang Qi,Peng Tang,Shanqing Guo

DOI: https://doi.org/10.1016/j.neunet.2024.106574

2024-07-25

Abstract:Graph neural networks (GNN) are widely used in recommendation systems, but traditional centralized methods raise privacy concerns. To address this, we introduce a federated framework for privacy-preserving GNN-based recommendations. This framework allows distributed training of GNN models using local user data. Each client trains a GNN using its own user-item graph and uploads gradients to a central server for aggregation. To overcome limited data, we propose expanding local graphs using Software Guard Extension (SGX) and Local Differential Privacy (LDP). SGX computes node intersections for subgraph exchange and expansion, while local differential privacy ensures privacy. Additionally, we introduce a personalized approach with Prototype Networks (PN) and Model-Agnostic Meta-Learning (MAML) to handle data heterogeneity. This enhances the encoding abilities of the federated meta-learner, enabling precise fine-tuning and quick adaptation to diverse client graph data. We leverage SGX and local differential privacy for secure parameter sharing and defense against malicious servers. Comprehensive experiments across six datasets demonstrate our method's superiority over centralized GNN-based recommendations, while preserving user privacy.

Yeqing Qiu,Chenyu Huang,Jianzong Wang,Zhangcheng Huang,Jing Xiao

DOI: https://doi.org/10.48550/arXiv.2206.03492

2022-06-07

Abstract:Currently, the federated graph neural network (GNN) has attracted a lot of attention due to its wide applications in reality without violating the privacy regulations. Among all the privacy-preserving technologies, the differential privacy (DP) is the most promising one due to its effectiveness and light computational overhead. However, the DP-based federated GNN has not been well investigated, especially in the sub-graph-level setting, such as the scenario of recommendation system. The biggest challenge is how to guarantee the privacy and solve the non independent and identically distributed (non-IID) data in federated GNN simultaneously. In this paper, we propose DP-FedRec, a DP-based federated GNN to fill the gap. Private Set Intersection (PSI) is leveraged to extend the local graph for each client, and thus solve the non-IID problem. Most importantly, DP is applied not only on the weights but also on the edges of the intersection graph from PSI to fully protect the privacy of clients. The evaluation demonstrates DP-FedRec achieves better performance with the graph extension and DP only introduces little computations overhead.

Cryptography and Security,Artificial Intelligence,Machine Learning

Lingshuo Meng,Yijie Bai,Yanjiao Chen,Yutong Hu,Wenyuan Xu,Haiqin Weng

DOI: https://doi.org/10.1145/3576915.3623173

2023-01-01

Abstract:Graph neural networks (GNNs) have been developed to mine useful information from graph data of various applications, e.g., health-care, fraud detection, and social recommendation. However, GNNs open up new attack surfaces for privacy attacks on graph data. In this paper, we propose Infiltrator, a privacy attack that is able to pry node-level private information based on black-box access to GNNs. Different from existing works that require prior information of the victim node, we explore the possibility of conducting the attack without any information of the victim node. Our idea is to infiltrate the graph with attacker-created nodes to befriend the victim node. More specifically, we design infiltration schemes that enable the adversary to infer the label, neighboring links, and sensitive attributes of a victim node. We evaluate Infiltrator with extensive experiments on three representative GNN models and six real-world datasets. The results demonstrate that Infiltrator can achieve an attack performance of more than 98% in all three attacks, outperforming baseline approaches. We further evaluate the defense resistance of Infiltrator against the graph homophily defender and the differentially private model.

Chuhan Wu,Fangzhao Wu,Yang Cao,Yongfeng Huang,Xing Xie

DOI: https://doi.org/10.1038/s41467-022-30714-9

2021-03-01

Abstract:Graph neural network (GNN) is widely used for recommendation to model high-order interactions between users and items. Existing GNN-based recommendation methods rely on centralized storage of user-item graphs and centralized model learning. However, user data is privacy-sensitive, and the centralized storage of user-item graphs may arouse privacy concerns and risk. In this paper, we propose a federated framework for privacy-preserving GNN-based recommendation, which can collectively train GNN models from decentralized user data and meanwhile exploit high-order user-item interaction information with privacy well protected. In our method, we locally train GNN model in each user client based on the user-item graph inferred from the local user-item interaction data. Each client uploads the local gradients of GNN to a server for aggregation, which are further sent to user clients for updating local GNN models. Since local gradients may contain private information, we apply local differential privacy techniques to the local gradients to protect user privacy. In addition, in order to protect the items that users have interactions with, we propose to incorporate randomly sampled items as pseudo interacted items for anonymity. To incorporate high-order user-item interactions, we propose a user-item graph expansion method that can find neighboring users with co-interacted items and exchange their embeddings for expanding the local user-item graphs in a privacy-preserving way. Extensive experiments on six benchmark datasets validate that our approach can achieve competitive results with existing centralized GNN-based recommendation methods and meanwhile effectively protect user privacy.

Information Retrieval

Cheng Chen,Guoming Zhang,Bowen Liu,Wanchun Dou

DOI: https://doi.org/10.1109/hpcc-dss-smartcity-dependsys60770.2023.00035

2023-01-01

Abstract:Differential privacy (DP) aims to protect user privacy in the age of ubiquitous data collection through inserting perturbations and achieves great success in the area of recommender systems. However, current recommendation models based on differential privacy treat all users equally, but some users want stronger privacy-preserving while some users pay less attention on privacy and want more accurate recommendations. To overcome the above challenge, this paper proposes a new security recommendation model based on graph convolutional network. It allows the users to decide the level of privacy-preserving by them-selves. The proposed model utilizes a personalized-oriented local differential privacy during collecting user data to protect user data. Then a clustering denoising module rebuilds the connections between users and items by deleting unreliable feedback. In this way, users can adjust their level of privacy-preserving locally and meanwhile, the server can still provide accurate personalized recommendations to those who prefer better recommendation performance. This work conducts comprehensive experiments on several real-world benchmark datasets and the experimental results validate the effectiveness of the proposed model.

Yixin Jie,Yixuan Ren,Qingtao Wang,Yankai Xie,Chi Zhang,Lingbo Wei,Jianqing Liu

DOI: https://doi.org/10.1109/ICC45855.2022.9839282

2022-01-01

Abstract:The current privacy-preserving Graph Neural Networks (GNNs) cannot provide security and privacy guarantees against malicious adversaries without sacrificing accuracy and efficiency. For example, the Secure Multi-party Computation (MPC) can resist malicious adversaries while adding severe overhead. Trusted Execution Environment (TEE), such as Intel Software Guard Extension (SGX), can guarantee privacy and faithful execution without compromising efficiency. However, existing attacks can compromise the confidentiality of SGXs. Besides, the CPU-based structure of SGX restricts its extensibility that cannot perform collaborative computation with GPUs. To address the above issues, we propose a novel GNN training and inference framework to support data holders outsourcing their computation tasks to servers. First, we combine the advantage of MPC and the code integrity protection provided by SGXs to resist malicious adversaries without sacrificing efficiency. Second, we adopt a strategy that allows the servers to transfer the parallelizable computation task to the untrusted yet high-performance GPUs, further improving efficiency without hindering privacy. To the best of our knowledge, our proposal is the first privacy-preserving GNN framework against malicious adversaries without sacrificing accuracy and efficiency. Experiments on real-world citation datasets have demonstrated the performance of our framework regarding security, privacy, accuracy, and efficiency.

Xinjun Pei,Xiaoheng Deng,Shengwei Tian,Jianqing Liu,Kaiping Xue

DOI: https://doi.org/10.1109/tifs.2023.3329971

IF: 7.231

2024-01-01

IEEE Transactions on Information Forensics and Security

Abstract:With the ever-growing interest in modeling complex graph structures, graph neural networks (GNN) provide a generalized form of exploiting non-Euclidean space data. However, the global graph may be distributed across multiple data centers, which makes conventional graph-based models incapable of modeling a complete graph structure. This also brings an unprecedented challenge to user privacy protection in distributed graph learning. Due to privacy requirements of legal policies, existing graph-based solutions are difficult to deploy in practice. In this paper, we propose a privacy-preserving graph neural network based on local graph augmentation, named LGA-PGNN, which preserves user privacy by enforcing local differential privacy (LDP) noise into the decentralized local graphs held by different data holders. Moreover, we perform local neighborhood augmentation on low-degree vertices to enhance the expressiveness of the learned model. Specifically, we propose two graph privacy attacks, namely attribute inference attack and link stealing attack, which aim at compromising user privacy. The experimental results demonstrate that LGA-PGNN can effectively mitigate these two attacks and provably avoid potential privacy leakage while ensuring the utility of the learning model.

Xun Ran,Qingqing Ye,Haibo Hu,Xin Huang,Jianliang Xu,Jie Fu

DOI: https://doi.org/10.1109/icde60146.2024.00133

2024-01-01

Abstract:Graph Neural Networks (GNNs) have proven to be highly effective in addressing the link prediction problem. However, the need for large amounts of user data to learn representations of user interactions raises concerns about data privacy. While differential privacy (DP) techniques have been widely used for node-level tasks in graphs, incorporating DP into GNNs for link prediction is challenging due to data dependency. To this end, in this work we propose a differentially private link prediction (DPLP) framework, building upon subgraph-based GNNs. DPLP includes a DP-compliant subgraph extraction module as its core component. We first propose a neighborhood subgraph extraction method, and carefully analyze its data dependency level. To reduce this dependency, we optimize DPLP by integrating a novel path subgraph extraction method, which alleviates the utility loss in GNNs by reducing the noise sensitivity. Theoretical analysis demonstrates that our approaches achieve a good balance between privacy protection and prediction accuracy, even when using GNNs with few layers. We extensively evaluate our approaches on benchmark datasets and show that they can learn accurate privacy-preserving GNNs and outperforms the existing methods for link prediction.

Qinbo Liu,Lichen Yang,Yang Liu,Jiaqi Deng,Guorui Wu

DOI: https://doi.org/10.1109/mic.2023.3349288

IF: 2.68

2024-01-01

IEEE Internet Computing

Abstract:Benefiting from the efficient extraction of high-order structural information in user-item interaction graphs, graph neural network (GNN) is widely used in recommender systems. However, most GNN based recommenders need to collect user data, which may compromise user privacy. Federated learning is a privacy-preserving framework that can assuage customer privacy concerns by training a shared global model without collecting the decentralized private data. To train the GNN based global recommender on decentralized devices without compromising customer privacy, we propose a novel framework that federalizes the common GNN with a shuffler, which can protect both the ratings and the ids of items rated by each user. Experiments on real-world datasets illustrate that our framework can achieve more accurate recommendations than state-of-the-art baselines with privacy protection. In particular, the figure improves up to 2.16% and 1.92% respectively in terms of RMSE and MAE.

Mengyuan Lee,Guanding Yu,Huaiyu Dai

DOI: https://doi.org/10.1109/twc.2023.3279442

IF: 10.4

2024-01-01

IEEE Transactions on Wireless Communications

Abstract:As an efficient neural network model for graph data, graph neural networks (GNNs) recently find successful applications for various wireless optimization problems. Given that the inference stage of GNNs can be naturally implemented in a decentralized manner, GNN is a potential enabler for decentralized control/management in the next-generation wireless communications. Privacy leakage, however, may occur due to the information exchanges among neighbors during decentralized inference with GNNs. To deal with this issue, in this paper, we analyze and enhance the privacy of decentralized inference with GNNs in wireless networks. Specifically, we adopt local differential privacy as the metric, and design novel privacy-preserving signals as well as privacy-guaranteed training algorithms to achieve privacy-preserving inference. We also define the SNR-privacy trade-off function to analyze the performance upper bound of decentralized inference with GNNs in wireless networks. To further enhance the communication and computation efficiency, we adopt the over-the-air computation technique and theoretically demonstrate its advantage in privacy preservation. Through extensive simulations on the synthetic graph data, we validate our theoretical analysis, verify the effectiveness of proposed privacy-preserving wireless signaling and privacy-guaranteed training algorithm, and offer some guidance on practical implementation.

Wentao Hu,Hui Fang

DOI: https://doi.org/10.1145/3643821

IF: 4.157

2024-01-30

ACM Transactions on Knowledge Discovery from Data

Abstract:With increasing frequency of high-profile privacy breaches in various online platforms, users are becoming more concerned about their privacy. And recommender system is the core component of online platforms for providing personalized service, consequently, its privacy preservation has attracted great attention. As the gold standard of privacy protection, differential privacy has been widely adopted to preserve privacy in recommender systems. However, existing differentially private recommender systems only consider static and independent interactions, so they cannot apply to sequential recommendation where behaviors are dynamic and dependent. Meanwhile, little attention has been paid on the privacy risk of sensitive user features, most of them only protect user feedbacks. In this work, we propose a novel DIfferentially Private Sequential recommendation framework with a noisy Graph Neural Network approach (denoted as DIPSGNN) to address these limitations. To the best of our knowledge, we are the first to achieve differential privacy in sequential recommendation with dependent interactions. Specifically, in DIPSGNN, we first leverage piecewise mechanism to protect sensitive user features. Then, we innovatively add calibrated noise into aggregation step of graph neural network based on aggregation perturbation mechanism. And this noisy graph neural network can protect sequentially dependent interactions and capture user preferences simultaneously. Extensive experiments demonstrate the superiority of our method over state-of-the-art differentially private recommender systems in terms of better balance between privacy and accuracy.

computer science, information systems, software engineering

Songlei Wang,Yifeng Zheng,Xiaohua Jia

DOI: https://doi.org/10.48550/arXiv.2202.07835

2023-01-31

Abstract:Graphs are widely used to model the complex relationships among entities. As a powerful tool for graph analytics, graph neural networks (GNNs) have recently gained wide attention due to its end-to-end processing capabilities. With the proliferation of cloud computing, it is increasingly popular to deploy the services of complex and resource-intensive model training and inference in the cloud due to its prominent benefits. However, GNN training and inference services, if deployed in the cloud, will raise critical privacy concerns about the information-rich and proprietary graph data (and the resulting model). While there has been some work on secure neural network training and inference, they all focus on convolutional neural networks handling images and text rather than complex graph data with rich structural information. In this paper, we design, implement, and evaluate SecGNN, the first system supporting privacy-preserving GNN training and inference services in the cloud. SecGNN is built from a synergy of insights on lightweight cryptography and machine learning techniques. We deeply examine the procedure of GNN training and inference, and devise a series of corresponding secure customized protocols to support the holistic computation. Extensive experiments demonstrate that SecGNN achieves comparable plaintext training and inference accuracy, with promising performance.

Cryptography and Security,Machine Learning

Taolin Guo,Shunshun Peng,Yong Li,Mingliang Zhou,Trieu-Kien Truong

DOI: https://doi.org/10.1016/j.ins.2023.119002

IF: 8.1

2023-01-01

Information Sciences

Abstract:Social recommendation refers to recommendation technology taking social relations as additional input to improve merchandise sales and user satisfaction. It has been widely used in various social networking services. Social recommendation requires the collection of each user's social relations to build a social graph, posing the risk of user privacy intrusion caused by untrusted servers. Local differential privacy is a widely adopted approach for providing privacy protection while allowing acceptable utility of the protected data for analytics. Growing research interest has been applying local differential privacy protection to social graph analysis. However, local differential privacy is suitable for analyzing coarse-grained statistics from perturbed user data, and it is difficult to obtain the fine-grained user relations needed for social recommendation. This paper proposes a novel locally differentially private social recommendation method. It first perturbs the degrees of users in a given interval and discovers coarse-grained communities from them, then generates a fine-grained social graph according to the features of intra-community and inter-community relations, thus ensuring the accuracy of the recommendation results. Experimental results show that the social recommendation accuracy of our proposed method improves by about 20% compared to existing methods in a community-structured ego-network dataset, and by about 10% in two non-community-structured page-page network datasets. The experimental results show that compared with the state-of-the-art methods such as LDPGen, LFGDPR, and AsgLDP, the social recommendation accuracy of our proposed method is improved by about 20% in one community-structured ego-network dataset, and 10% in two non-community-structured page-page network datasets.

Zheng Wang,Wanwan Wang,Yimin Huang,Zhaopeng Peng,Ziqi Yang,Cheng Wang,Xiaoliang Fan

2024-10-16

Abstract:In recent years, graph neural networks (GNNs) have been commonly utilized for social recommendation systems. However, real-world scenarios often present challenges related to user privacy and business constraints, inhibiting direct access to valuable social information from other platforms. While many existing methods have tackled matrix factorization-based social recommendations without direct social data access, developing GNN-based federated social recommendation models under similar conditions remains largely unexplored. To address this issue, we propose a novel vertical federated social recommendation method leveraging privacy-preserving two-party graph convolution networks (P4GCN) to enhance recommendation accuracy without requiring direct access to sensitive social information. First, we introduce a Sandwich-Encryption module to ensure comprehensive data privacy during the collaborative computing process. Second, we provide a thorough theoretical analysis of the privacy guarantees, considering the participation of both curious and honest parties. Extensive experiments on four real-world datasets demonstrate that P4GCN outperforms state-of-the-art methods in terms of recommendation accuracy. The code is available at <a class="link-external link-https" href="https://github.com/WwZzz/P4GCN" rel="external noopener nofollow">this https URL</a>.

Social and Information Networks,Artificial Intelligence,Information Retrieval,Machine Learning

Yanli Yuan,Dian Lei,Qing Fan,Keli Zhao,Liehuang Zhu,Chuan Zhang

DOI: https://doi.org/10.1109/icicn62625.2024.10761771

2024-01-01

Abstract:With the widespread adoption of Graph Neural Network (GNN) technology in industry, concerns regarding graph data privacy have become increasingly prominent. Differential privacy has been demonstrated as an effective method to ensure privacy in graph learning. However, existing differential privacy-based GNN methods often overlook the individual privacy protection needs of users, offering uniform privacy guarantees to all. This approach can result in either over-protection or insufficient protection for certain users. To address this issue, we propose an adaptive privacy-preserving GNN training method that accommodates the varying privacy requirements of nodes while achieving high model training accuracy. Specifically, APPGNN allocates adaptive privacy budgets based on individual user privacy needs. Additionally, to mitigate the impact of noise on data utility, APPGNN incorporates a weighted neighborhood aggregation mechanism to enhance GNN model accuracy. Theoretical analysis indicates that APPGNN provides adaptive privacy protection while ensuring ε-differential privacy on node data. Experimental evaluations on four real-world graph datasets validate the effectiveness of APPGNN.

Jeyamohan Neera,Xiaomin Chen,Nauman Aslam,Kezhi Wang,Zhan Shu

DOI: https://doi.org/10.48550/arXiv.2102.13453

IF: 5.414

2021-02-26

Machine Learning

Abstract:Recommendation systems rely heavily on users behavioural and preferential data (e.g. ratings, likes) to produce accurate recommendations. However, users experience privacy concerns due to unethical data aggregation and analytical practices carried out by the Service Providers (SP). Local differential privacy (LDP) based perturbation mechanisms add noise to users data at user side before sending it to the SP. The SP then uses the perturbed data to perform recommendations. Although LDP protects the privacy of users from SP, it causes a substantial decline in predictive accuracy. To address this issue, we propose an LDP-based Matrix Factorization (MF) with a Gaussian Mixture Model (MoG). The LDP perturbation mechanism, Bounded Laplace (BLP), regulates the effect of noise by confining the perturbed ratings to a predetermined domain. We derive a sufficient condition of the scale parameter for BLP to satisfy $\epsilon$ LDP. At the SP, The MoG model estimates the noise added to perturbed ratings and the MF algorithm predicts missing ratings. Our proposed LDP based recommendation system improves the recommendation accuracy without violating LDP principles. The empirical evaluations carried out on three real world datasets, i.e., Movielens, Libimseti and Jester, demonstrate that our method offers a substantial increase in predictive accuracy under strong privacy guarantee.

Xinjun Pei,Xiaoheng Deng,Shengwei Tian,Kaiping Xue

DOI: https://doi.org/10.1109/icassp49357.2023.10096911

2023-01-01

Abstract:Graph Neural Networks (GNNs) as an emerging technique have shown excellent performance in a variety of fields, such as social networks and recommendation systems. However, GNNs may have to overcome privacy concerns as large amounts of information about their training datasets may be compromised. In this paper, we develop a privacy-preserving GNN to enforce privacy preservation, which utilizes a private Functional Mechanism (FM) to train the learning model. This mechanism perturbs the polynomial approximation of the objective function to enforce Differential Privacy (DP) in the GNN model. We show that our method can maximize the accuracy of the results with comparable prediction power to the unperturbed results while satisfying the privacy guarantees.

Xuemin Wang,Tianlong Gu,Xuguang Bao,Liang Chang,Long Li

DOI: https://doi.org/10.1016/j.knosys.2023.110490

IF: 8.139

2023-01-01

Knowledge-Based Systems

Abstract:Graph neural networks (GNNs) have shown superior performance in learning node representation for various graph inference tasks and play a pivotal role in high-stakes decision scenarios. However, GNNs may magnify the bias in the original data and make discriminatory decisions toward individuals, reducing user trust. Some research advances have been made to improve the individual fairness of GNNs and increase trust. However, they raise privacy issues when the acquired data involves sensitive information. To address this challenge, we propose a GNN privacy protection method called local private feature-individual​ fairness graph neural network, LPF-IFGNN for node features based on local differential privacy (LDP) that can strike a balance between fairness and privacy. Specially, we propose an LDP mechanism that considers privacy issues in normalization and can compress and perturb features. In addition, we employ a convolution layer that aggregates multi-hop node features using the mean function to denoise and avoid promoting individual fairness about the perturbed features. We consider the situation where node labels are also required to be protected, and we further propose LPL-LPF-IFGNN based on LDP. Experimental results on five real-world datasets show that LPL-LPF-IFGNN outperforms the state-of-the-art fairness baseline by 41.75% on ACC and 5.02% on NDCG@10 on private data with a feature privacy budget of 1 and a label privacy budget of 0.5. Experiments further indicate that our methods can achieve a good balance between model utility and individual fairness for private node data with LDP guarantees.