Finding MNEMON: Reviving Memories of Node Embeddings
This addresses a privacy problem for users of graph embedding systems, revealing a previously overlooked vulnerability in integrating embeddings with complex ML pipelines.
The paper tackles the privacy risks of integrating graph node embeddings into downstream ML pipelines by proposing a model-agnostic graph recovery attack that exploits structural information in embeddings, showing it can recover edges with decent accuracy without accessing the embedding models.
Previous security research efforts orbiting around graphs have been exclusively focusing on either (de-)anonymizing the graphs or understanding the security and privacy issues of graph neural networks. Little attention has been paid to understand the privacy risks of integrating the output from graph embedding models (e.g., node embeddings) with complex downstream machine learning pipelines. In this paper, we fill this gap and propose a novel model-agnostic graph recovery attack that exploits the implicit graph structural information preserved in the embeddings of graph nodes. We show that an adversary can recover edges with decent accuracy by only gaining access to the node embedding matrix of the original graph without interactions with the node embedding models. We demonstrate the effectiveness and applicability of our graph recovery attack through extensive experiments.