Information Obfuscation of Graph Neural Networks
This addresses privacy vulnerabilities in GNNs for applications like recommender systems and quantum chemistry, offering a robust defense against information leakage.
The paper tackles the problem of protecting sensitive node attributes in graph neural networks from adversarial inference attacks by proposing an adversarial training framework that filters out sensitive information, achieving strong defense with minimal loss in task performance across multiple datasets.
While the advent of Graph Neural Networks (GNNs) has greatly improved node and graph representation learning in many applications, the neighborhood aggregation scheme exposes additional vulnerabilities to adversaries seeking to extract node-level information about sensitive attributes. In this paper, we study the problem of protecting sensitive attributes by information obfuscation when learning with graph structured data. We propose a framework to locally filter out pre-determined sensitive attributes via adversarial training with the total variation and the Wasserstein distance. Our method creates a strong defense against inference attacks, while only suffering small loss in task performance. Theoretically, we analyze the effectiveness of our framework against a worst-case adversary, and characterize an inherent trade-off between maximizing predictive accuracy and minimizing information leakage. Experiments across multiple datasets from recommender systems, knowledge graphs and quantum chemistry demonstrate that the proposed approach provides a robust defense across various graph structures and tasks, while producing competitive GNN encoders for downstream tasks.