Vertical Federated Graph Learning (VFGL) is a novel privacy-preserving technology that enables entities to collaborate on training Machine Learning (ML) models without exchanging their raw data. In VGFL, some of the entities hold a graph dataset capturing sensitive user relations, as in the case of social networks. This collaborative effort aims to leverage diverse features from each entity about shared users to enhance predictive models or recommendation systems, while safeguarding data privacy in the process. Despite these advantages, recent studies have revealed a critical vulnerability that appears in intermediate data representations, which may inadvertently expose link information in the graph. This work proposes a novel Link Inference Attack (LIA) that exploits gradients as a new source of link information leakage. Assuming a semi-honest adversary, we demonstrate through extensive experiments on seven real-world datasets that our LIA outperforms state-of-the-art attacks, achieving over 10% higher Area Under the Curve (AUC) in some instances, thereby highlighting a significant risk of link information leakage through gradients. Further probing into the reasons behind our attackâ??s effectiveness, we find that its success primarily stems from the label information embedded within gradients by comparing our method to a label-only LIA that we also developed. Moreover, we analytically derive the accuracy of our Label-based LIA using graph characteristics, thereby assessing the vulnerability of target graphs against LIAs. Our comprehensive analysis not only sheds light on why LIAs are effective but also underscores the urgent need for more advanced defenses in VFGL to protect against gradient-based link information leakage.
Link inference attacks in vertical federated graph learning
ACSAC 2024, 40th Annual Computer Security Applications Conference, 9-13 December 2024, Waikiki, Hawaii, USA
Type:
Conference
City:
Waikiki
Date:
2024-12-09
Department:
Digital Security
Eurecom Ref:
7929
Copyright:
© ACM, 2024. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in ACSAC 2024, 40th Annual Computer Security Applications Conference, 9-13 December 2024, Waikiki, Hawaii, USA
See also:
PERMALINK : https://www.eurecom.fr/publication/7929