Skip to Main content Skip to Navigation
Conference papers

Quantifying Privacy Leakage in Graph Embedding

Vasisht Duddu 1 Antoine Boutet 1 Virat Shejwalkar 2
1 PRIVATICS - Privacy Models, Architectures and Tools for the Information Society
Inria Grenoble - Rhône-Alpes, CITI - CITI Centre of Innovation in Telecommunications and Integration of services
Abstract : Graph embeddings have been proposed to map graph data to low dimensional space for downstream processing (e.g., node classification or link prediction). With the increasing collection of personal data, graph embeddings can be trained on private and sensitive data. For the first time, we quantify the privacy leakage in graph embeddings through three inference attacks targeting Graph Neural Networks. We propose a membership inference attack to infer whether a graph node corresponding to an individual user's data was a member of the model's training or not. We consider a blackbox setting where the adversary exploits the output prediction scores and a whitebox setting where the adversary has also access to the released node embeddings. This attack provides accuracy up to 28% (blackbox) and 36% (whitebox) beyond random guess by exploiting the distinguishable footprint between train and test data records left by the graph embedding. We propose a Graph Reconstruction attack where the adversary aims to reconstruct the target graph given the corresponding graph embeddings. Here, the adversary can reconstruct the graph with more than 80% of accuracy and link inference between two nodes with around 30% more confidence than a random guess. We then propose an attribute inference attack where the adversary aims to infer a sensitive attribute. We show that graph embeddings are strongly correlated to the node attributes letting the adversary inferring sensitive information (e.g., gender or location). CCS CONCEPTS • Security and privacy → Privacy protections; • Computing methodologies → Machine learning.
Complete list of metadatas

Cited literature [46 references]  Display  Hide  Download

https://hal.inria.fr/hal-03013638
Contributor : Antoine Boutet <>
Submitted on : Thursday, November 19, 2020 - 9:27:36 AM
Last modification on : Monday, November 30, 2020 - 2:42:13 PM

File

hal.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-03013638, version 1

Collections

Citation

Vasisht Duddu, Antoine Boutet, Virat Shejwalkar. Quantifying Privacy Leakage in Graph Embedding. Mobiquitous 2020 - 17th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services, Dec 2020, Cyberspace, United States. pp.1-11. ⟨hal-03013638⟩

Share

Metrics

Record views

36

Files downloads

23