VertexSerum: Poisoning Graph Neural Networks for Link Inference
This addresses privacy concerns for users of GNNs in applications like social analysis and fraud detection, representing a novel attack method rather than an incremental improvement.
The paper tackles the problem of privacy vulnerabilities in graph neural networks (GNNs) by proposing VertexSerum, a graph poisoning attack that amplifies link connectivity leakage, resulting in an average 9.8% improvement in AUC scores for link inference across datasets and GNN structures.
Graph neural networks (GNNs) have brought superb performance to various applications utilizing graph structural data, such as social analysis and fraud detection. The graph links, e.g., social relationships and transaction history, are sensitive and valuable information, which raises privacy concerns when using GNNs. To exploit these vulnerabilities, we propose VertexSerum, a novel graph poisoning attack that increases the effectiveness of graph link stealing by amplifying the link connectivity leakage. To infer node adjacency more accurately, we propose an attention mechanism that can be embedded into the link detection network. Our experiments demonstrate that VertexSerum significantly outperforms the SOTA link inference attack, improving the AUC scores by an average of $9.8\%$ across four real-world datasets and three different GNN structures. Furthermore, our experiments reveal the effectiveness of VertexSerum in both black-box and online learning settings, further validating its applicability in real-world scenarios.