FedGIG: Graph Inversion from Gradient in Federated Learning
This work addresses a security vulnerability in federated graph learning, enabling attacks on sparse and discrete data, which is an incremental advancement over prior methods focused on dense data.
The paper tackles the problem of gradient inversion attacks in federated learning for graph-structured data, which existing methods cannot handle, and introduces FedGIG, a novel method that achieves superior accuracy in reconstructing private graph data from gradients, as demonstrated through experiments on molecular datasets.
Recent studies have shown that Federated learning (FL) is vulnerable to Gradient Inversion Attacks (GIA), which can recover private training data from shared gradients. However, existing methods are designed for dense, continuous data such as images or vectorized texts, and cannot be directly applied to sparse and discrete graph data. This paper first explores GIA's impact on Federated Graph Learning (FGL) and introduces Graph Inversion from Gradient in Federated Learning (FedGIG), a novel GIA method specifically designed for graph-structured data. FedGIG includes the adjacency matrix constraining module, which ensures the sparsity and discreteness of the reconstructed graph data, and the subgraph reconstruction module, which is designed to complete missing common subgraph structures. Extensive experiments on molecular datasets demonstrate FedGIG's superior accuracy over existing GIA techniques.