Label Inference Attacks against Node-level Vertical Federated GNNs

International workshop on Link discovery

The political blogosphere and the 2004 US election: divided they blog

Lada A Adamic, Natalie Glance

Published: 2005

International Conference on Learning Representations

On the bottleneck of graph neural networks and its practical implications

Uri Alon, Eran Yahav

Published: 2020

International Conference on Machine Learning

signsgd: Compressed optimisation for non-convex problems

Jeremy Bernstein, Yu-Xiang Wang, Kamyar Azizzadenesheli, Animashree Anandkumar

Published: 2018

On the Move to Meaningful Internet Systems: OTM 2014 Conferences

A model to support multi-social-network applications

Francesco Buccafurri, Gianluca Lax, Serena Nicolazzo, Antonino Nocera

Published: 2014

Information Sciences

Discovering missing me edges across social networks

Francesco Buccafurri, Gianluca Lax, Antonino Nocera, Domenico Ursino

Published: 2015

arXiv

Vertically federated graph neural network for privacy-preserving node classification

Chaochao Chen, Jun Zhou, Longfei Zheng, Huiwen Wu, Lingjuan Lyu, Jia Wu, Bingzhe Wu, Ziqi Liu, Li Wang, Xiaolin Zheng

Published: 2020

IEEE Transactions on Computational Social Systems

Graph-fraudster: Adversarial attacks on graph neural network-based vertical federated learning

J. Chen, G. Huang, H. Zheng, S. Yu, W. Jiang, C. Cui

Published: 2022

Knowledge and Systems Sciences: 20th International Symposium, KSS 2019

Estimating the optimal number of clusters in categorical data clustering by silhouette coefficient

Duy-Tai Dinh, Tsutomu Fujinami, Van-Nam Huynh

Published: 2019

31st USENIX Security Symposium (USENIX Security 22)

Label inference attacks against vertical federated learning

C. Fu, X. Zhang, S. Ji, J. Chen, J. Wu, S. Guo, J. Zhou, A. X. Liu, T. Wang

Published: 2022

Cryptology ePrint Archive

Optimizations of side-channel attack on AES MixColumns using chosen input

A. Vasselle, A. Wurcker

Published: 2019

Advances in neural information processing systems

Deep learning with label differential privacy

Badih Ghazi, Noah Golowich, Ravi Kumar, Pasin Manurangsi, Chiyuan Zhang

Published: 2021

Proceedings of the third ACM conference on Digital libraries

Citeseer: An automatic citation indexing system

C Lee Giles, Kurt D Bollacker, Steve Lawrence

Published: 1998

Advances in Neural Information Processing Systems

Inductive representation learning on large graphs

Will Hamilton, Zhitao Ying, Jure Leskovec

Published: 2017

arXiv

Fedgraphnn: A federated learning system and benchmark for graph neural networks

Chaoyang He, Keshav Balasubramanian, Emir Ceyani, Carl Yang, Han Xie, Lichao Sun, Lifang He, Liangwei Yang, Philip S Yu, Yu Rong

Published: 2021

arxiv

被引用数 1

Annual ACM Conference on Computer and Communications Security (CCS)

Deep Models Under the GAN: Information Leakage from Collaborative Deep Learning

Briland Hitaj, Giuseppe Ateniese, Fernando Perez-Cruz

Published: 2017.2.24

Deep Learning has recently become hugely popular in machine learning, providing significant improvements in classification accuracy in the presence of highly-structured and large databases. Researchers have also considered privacy implications of deep learning. Models are typically trained in a centralized manner with all the data being processed by the same training algorithm. If the data is a collection of users' private data, including habits, personal pictures, geographical positions, interests, and more, the centralized server will have access to sensitive information that could potentially be mishandled. To tackle this problem, collaborative deep learning models have recently been proposed where parties locally train their deep learning structures and only share a subset of the parameters in the attempt to keep their respective training sets private. Parameters can also be obfuscated via differential privacy (DP) to make information extraction even more challenging, as proposed by Shokri and Shmatikov at CCS'15. Unfortunately, we show that any privacy-preserving collaborative deep learning is susceptible to a powerful attack that we devise in this paper. In particular, we show that a distributed, federated, or decentralized deep learning approach is fundamentally broken and does not protect the training sets of honest participants. The attack we developed exploits the real-time nature of the learning process that allows the adversary to train a Generative Adversarial Network (GAN) that generates prototypical samples of the targeted training set that was meant to be private (the samples generated by the GAN are intended to come from the same distribution as the training data). Interestingly, we show that record-level DP applied to the shared parameters of the model, as suggested in previous work, is ineffective (i.e., record-level DP is not designed to address our attack).

モデルの頑健性保証プライバシーリスク管理モデルインバージョン

Open graph benchmark: Datasets for machine learning on graphs

Weihua Hu, Matthias Fey, Marinka Zitnik, Yuxiao Dong, Hongyu Ren, Bowen Liu, Michele Catasta, Jure Leskovec

Published: 2021

Foundations and Trends® in Machine Learning

Advances and open problems in federated learning

Peter Kairouz, H. Brendan McMahan, Brendan Avent, Aurélien Bellet, Mehdi Bennis, Arjun Nitin Bhagoji, Kallista Bonawitz, Zachary Charles, Graham Cormode, Rachel Cummings, Rafael G. L. D’Oliveira, Hubert Eichner, Salim El Rouayheb, David Evans, Josh Gardner, Zachary Garrett, Adrià Gascón, Badih Ghazi, Phillip B. Gibbons, Marco Gruteser, Zaid Harchaoui, Chaoyang He, Lie He, Zhouyuan Huo, Ben Hutchinson, Justin Hsu, Martin Jaggi, Tara Javidi, Gauri Joshi, Mikhail Khodak, Jakub Konecný, Aleksandra Korolova, Farinaz Koushanfar, Sanmi Koyejo, Tancrède Lepoint, Yang Liu, Prateek Mittal, Mehryar Mohri, Richard Nock, Ayfer Özgür, Rasmus Pagh, Hang Qi, Daniel Ramage, Ramesh Raskar, Mariana Raykova, Dawn Song, Weikang Song, Sebastian U. Stich, Ziteng Sun, Ananda Theertha Suresh, Florian Tramèr, Praneeth Vepakomma, Jianyu Wang, Li Xiong, Zheng Xu, Qiang Yang, Felix X. Yu, Han Yu, Sen Zhao

Published: 2021

ICLR

Semi-supervised classification with graph convolutional networks

Thomas N Kipf, Max Welling

Published: 2017

arxiv

被引用数 9

Federated Learning: Strategies for Improving Communication Efficiency

Jakub Konečný, H. Brendan McMahan, Felix X. Yu, Peter Richtárik, Ananda Theertha Suresh, Dave Bacon

Published: 2016.10.18

Federated Learning is a machine learning setting where the goal is to train a high-quality centralized model while training data remains distributed over a large number of clients each with unreliable and relatively slow network connections. We consider learning algorithms for this setting where on each round, each client independently computes an update to the current model based on its local data, and communicates this update to a central server, where the client-side updates are aggregated to compute a new global model. The typical clients in this setting are mobile phones, and communication efficiency is of the utmost importance. In this paper, we propose two ways to reduce the uplink communication costs: structured updates, where we directly learn an update from a restricted space parametrized using a smaller number of variables, e.g. either low-rank or a random mask; and sketched updates, where we learn a full model update and then compress it using a combination of quantization, random rotations, and subsampling before sending it to the server. Experiments on both convolutional and recurrent networks show that the proposed methods can reduce the communication cost by two orders of magnitude.

連合学習通信コスト削減量子化とプライバシー

International Conference on Learning Representations

Label leakage and protection in two-party split learning

O. Li, J. Sun, X. Yang, W. Gao, H. Zhang, J. Xie, V. Smith, C. Wang

Published: 2022

IEEE Transactions on Knowledge and Data Engineering

A survey on federated learning systems: Vision, hype and reality for data privacy and protection

Qinbin Li, Zeyi Wen, Zhaomin Wu, Sixu Hu, Naibo Wang, Yuan Li, Xu Liu, Bingsheng He

Published: 2021

Proceedings of the 43rd international ACM SIGIR conference on research and development in information retrieval

Alleviating the inconsistency problem of applying graph neural network to fraud detection

Zhiwei Liu, Yingtong Dou, Philip S Yu, Yutong Deng, Hao Peng

Published: 2020

ACM Transactions on Intelligent Systems and Technology (TIST)

Federated social recommendation with graph neural network

Zhiwei Liu, Liangwei Yang, Ziwei Fan, Hao Peng, Philip S Yu

Published: 2022

Proceedings of the 27th ACM international conference on information and knowledge management

Heterogeneous graph neural networks for malicious account detection

Ziqi Liu, Chaochao Chen, Xinxing Yang, Jun Zhou, Xiaolong Li, Le Song

Published: 2018

IEEE

Feature inference attack on model predictions in vertical federated learning

X. Luo, Y. Wu, X. Xiao, B. C. Ooi

Published: 2021

Information Retrieval

Automating the construction of internet portals with machine learning

Andrew Kachites McCallum, Kamal Nigam, Jason Rennie, Kristie Seymore

Published: 2000

J. Open Source Softw.

hdbscan: Hierarchical density based clustering

Leland McInnes, John Healy, Steve Astels

Published: 2017

arxiv

被引用数 21

IEEE Symposium on Security and Privacy

Comprehensive Privacy Analysis of Deep Learning: Passive and Active White-box Inference Attacks against Centralized and Federated Learning

Milad Nasr, Reza Shokri, Amir Houmansadr

Published: 2018.12.4

Deep neural networks are susceptible to various inference attacks as they remember information about their training data. We design white-box inference attacks to perform a comprehensive privacy analysis of deep learning models. We measure the privacy leakage through parameters of fully trained models as well as the parameter updates of models during training. We design inference algorithms for both centralized and federated learning, with respect to passive and active inference attackers, and assuming different adversary prior knowledge. We evaluate our novel white-box membership inference attacks against deep learning algorithms to trace their training data records. We show that a straightforward extension of the known black-box attacks to the white-box setting (through analyzing the outputs of activation functions) is ineffective. We therefore design new algorithms tailored to the white-box setting by exploiting the privacy vulnerabilities of the stochastic gradient descent algorithm, which is the algorithm used to train deep neural networks. We investigate the reasons why deep learning models may leak information about their training data. We then show that even well-generalized models are significantly susceptible to white-box membership inference attacks, by analyzing state-of-the-art pre-trained and publicly available models for the CIFAR dataset. We also show how adversarial participants, in the federated learning setting, can successfully run active membership inference attacks against other participants, even when the global model achieves high prediction accuracies.

差分プライバシーモデル抽出攻撃連合学習

arXiv

A vertical federated learning framework for graph convolutional network

Xiang Ni, Xiaolong Xu, Lingjuan Lyu, Changhua Meng, Weiqiang Wang

Published: 2021

International Conference on Learning Representations

Graph neural networks exponentially lose expressive power for node classification

Kenta Oono, Taiji Suzuki

Published: 2019

Findings of the Association for Computational Linguistics: EMNLP 2020

Privacy-preserving news recommendation model learning

Tao Qi, Fangzhao Wu, Chuhan Wu, Yongfeng Huang, Xing Xie

Published: 2020

IEEE Transactions on Dependable and Secure Computing

Your labels are selling you out: Relation leaks in vertical federated learning

Pengyu Qiu, Xuhong Zhang, Shouling Ji, Tianyu Du, Yuwen Pu, Jun Zhou, Ting Wang

Published: 2022

AI magazine

Collective classification in network data

Prithviraj Sen, Galileo Namata, Mustafa Bilgic, Lise Getoor, Brian Galligher, Tina Eliassi-Rad

Published: 2008

Proceedings of the 22nd ACM SIGSAC conference on computer and communications security

Privacy-preserving deep learning

Reza Shokri, Vitaly Shmatikov

Published: 2015

KDWeb

Linking accounts across social networks: the case of stackoverflow, github and twitter

Giuseppe Silvestri, Jie Yang, Alessandro Bozzon, Andrea Tagarelli

Published: 2015

2021 International Joint Conference on Neural Networks (IJCNN)

Soft-label dataset distillation and text dataset distillation

Ilia Sucholutsky, Matthias Schonlau

Published: 2021

International Conference on Learning Representations

Graph Attention Networks

Petar Velickovic, Guillem Cucurull, Arantxa Casanova, Adriana Romero, Pietro Lio, Yoshua Bengio

Published: 2018

2009 first international conference on networked digital technologies

User identification across multiple social networks

Jan Vosecky, Dan Hong, Vincent Y Shen

Published: 2009

2022 IEEE International Conference on Data Mining (ICDM)

Graphfl: A federated learning framework for semi-supervised node classification on graphs

Binghui Wang, Ang Li, Meng Pang, Hai Li, Yiran Chen

Published: 2022

arXiv

Interpret federated learning with shapley values

Guan Wang

Published: 2019

Proceedings of the 28th ACM SIGKDD Conference on Knowledge Discovery and Data Mining

Graph neural networks: foundation, frontiers and applications

Lingfei Wu, Peng Cui, Jian Pei, Liang Zhao, Xiaojie Guo

Published: 2022

IEEE Transactions on Neural Networks and Learning Systems

A comprehensive survey on graph neural networks

Z. Wu, S. Pan, F. Chen, G. Long, C. Zhang, P.S. Yu

Published: 2020

ICLR

How powerful are graph neural networks?

K. Xu, W. Hu, J. Leskovec, S. Jegelka

Published: 2019

ACM Transactions on Intelligent Systems and Technology (TIST)

Federated machine learning: Concept and applications

Qiang Yang, Yang Liu, Tianjian Chen, Yongxin Tong

Published: 2019

Proceedings of the 24th ACM SIGKDD international conference on knowledge discovery & data mining

Graph convolutional neural networks for web-scale recommender systems

Rex Ying, Ruining He, Kaifeng Chen, Pong Eksombatchai, William L Hamilton, Jure Leskovec

Published: 2018

idlg: Improved deep leakage from gradients

Bo Zhao, Konda Reddy Mopuri, Hakan Bilen

Published: 2020

Peer-to-Peer Networking and Applications

Asfgnn: Automated separated-federated graph neural network

Longfei Zheng, Jun Zhou, Chaochao Chen, Bingzhe Wu, Li Wang, Benyu Zhang

Published: 2021

AI open

Graph neural networks: A review of methods and applications

Jie Zhou, Ganqu Cui, Shengding Hu, Zhengyan Zhang, Cheng Yang, Zhiyuan Liu, Lifeng Wang, Changcheng Li, Maosong Sun

Published: 2020

arxiv

被引用数 1

Federated Learning

Deep Leakage from Gradients

Ligeng Zhu, Zhijian Liu, Song Han

Published: 2019.6.21

Exchanging gradients is a widely used method in modern multi-node machine learning system (e.g., distributed training, collaborative learning). For a long time, people believed that gradients are safe to share: i.e., the training data will not be leaked by gradient exchange. However, we show that it is possible to obtain the private training data from the publicly shared gradients. We name this leakage as Deep Leakage from Gradient and empirically validate the effectiveness on both computer vision and natural language processing tasks. Experimental results show that our attack is much stronger than previous approaches: the recovery is pixel-wise accurate for images and token-wise matching for texts. We want to raise people's awareness to rethink the gradient's safety. Finally, we discuss several possible strategies to prevent such deep leakage. The most effective defense method is gradient pruning.

プライバシー保護防御的欺瞞敵対的攻撃

IEEE Transactions on Big Data

Defending batch-level label inference and replacement attacks in vertical federated learning

T. Zou, Y. Liu, Y. Kang, W. Liu, Y. He, Z. Yi, Q. Yang, Y.-Q. Zhang

Published: 2022