Graph-Fraudster: Adversarial Attacks on Graph Neural Network-Based Vertical Federated Learning

Chen, Jinyin; Huang, Guohan; Yu, Shanqing; Jiang, Wenrong

doi:10.1109/tcss.2022.3161016

Cited by 18 publications

(10 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…FedVGCN [97] transfers homomorphic encrypted intermediate results between two clients to complete node feature space with the semihonest server creating encryption key pairs and doing FL aggregation. Graph-Fraudster [98] studies the adversarial attacks on the local raw data and node embedding. It proves that the DP mechanism and top-k mechanism are two possible defenses to the attacks.…”

Section: B Vertical Fedgnnsmentioning

confidence: 99%

Federated Graph Neural Networks: Overview, Techniques, and Challenges

Liu,

Xing,

Deng

et al. 2024

IEEE Trans. Neural Netw. Learning Syst.

View full text Add to dashboard Cite

Graph neural networks (GNNs) have attracted extensive research attention in recent years due to their capability to progress with graph data and have been widely used in practical applications. As societies become increasingly concerned with the need for data privacy protection, GNNs face the need to adapt to this new normal. Besides, as clients in federated learning (FL) may have relationships, more powerful tools are required to utilize such implicit information to boost performance. This has led to the rapid development of the emerging research field of federated GNNs (FedGNNs). This promising interdisciplinary field is highly challenging for interested researchers to grasp. The lack of an insightful survey on this topic further exacerbates the entry difficulty. In this article, we bridge this gap by offering a comprehensive survey of this emerging field. We propose a 2-D taxonomy of the FedGNN literature: 1) the main taxonomy provides a clear perspective on the integration of GNNs and FL by analyzing how GNNs enhance FL training as well as how FL assists GNN training and 2) the auxiliary taxonomy provides a view on how FedGNNs deal with heterogeneity across FL clients. Through discussions of key ideas, challenges, and limitations of existing works, we envision future research directions that can help build more robust, explainable, efficient, fair, inductive, and comprehensive FedGNNs.

show abstract

Section: B Vertical Fedgnnsmentioning

confidence: 99%

Federated Graph Neural Networks: Overview, Techniques, and Challenges

Liu,

Xing,

Deng

et al. 2024

IEEE Trans. Neural Netw. Learning Syst.

View full text Add to dashboard Cite

show abstract

“…Security attacks demonstrated against VFL include backdoor attacks introduced during the training phase to compromise the integrity of the model [59], and adversarial example attacks occurred solely during the inference phase [60]. The active participant and passive participants have different levels of threats to the VFL due to their differing knowledge and control capabilities over the VFL.…”

Section: A Security Threatsmentioning

confidence: 99%

“…Chen et al proposed an AE attack against graph VFL in the inference phase, namely graph fraudster [60]. Firstly, a malicious participant is randomly selected from all passive participants.…”

Section: A Security Threatsmentioning

confidence: 99%

Vertical Federated Learning: Taxonomies, Threats, and Prospects

Li¹,

Thapa²,

Ong³

et al. 2023

Preprint

View full text Add to dashboard Cite

Federated learning (FL) is the most popular distributed machine learning technique. FL allows machine-learning models to be trained without acquiring raw data to a single point for processing. Instead, local models are trained with local data; the models are then shared and combined. This approach preserves data privacy as locally trained models are shared instead of the raw data themselves. Broadly, FL can be divided into horizontal federated learning (HFL) and vertical federated learning (VFL). For the former, different parties hold different samples over the same set of features; for the latter, different parties hold different feature data belonging to the same set of samples. In a number of practical scenarios, VFL is more relevant than HFL as different companies (e.g., bank and retailer) hold different features (e.g., credit history and shopping history) for the same set of customers. Although VFL is an emerging area of research, it is not well-established compared to HFL. Besides, VFL-related studies are dispersed, and their connections are not intuitive. Thus, this survey aims to bring these VFL-related studies to one place. Firstly, we classify existing VFL structures and algorithms. Secondly, we present the threats from security and privacy perspectives to VFL. Thirdly, for the benefit of future researchers, we discussed the challenges and prospects of VFL in detail.

show abstract

“…FedGNN present a distributed machine learning paradigm that facilitates collaborative training of GNNs among multiple parties, ensuring the privacy of their sensitive data. In recent years, extensive research has been conducted on FedGNN, with a particular focus on addressing security concerns [15,16,17,18]. Among these concerns, poisoning attacks have garnered significant attention, encompassing both data poisoning attacks and model poisoning attacks.…”

Section: Related Workmentioning

confidence: 99%

“…Currently, the majority of attacks on FedGNN primarily concentrate on data poisoning attacks. Chen et al [15] proposed adversarial attacks on vertical federated learning, utilizing adversarial perturbations on global node embeddings based on gradient leakage from pairwise nodes. Additionally, Xu et al [16] investigated centralized and distributed backdoor attacks on FedGNN.…”

Section: Related Workmentioning

confidence: 99%

Exploring metadiscourse in university lectures in Hong Kong

Liu¹

View full text Add to dashboard Cite

Federated Graph Neural Network (FedGNN) has recently emerged as a rapidly growing research topic, as it integrates the strengths of graph neural networks and federated learning to enable advanced machine learning applications without direct access to sensitive data. Despite its advantages, the distributed nature of FedGNN introduces additional vulnerabilities, particularly backdoor attacks stemming from malicious participants. Although graph backdoor attacks have been explored, the compounded complexity introduced by the combination of GNNs and federated learning has hindered a comprehensive understanding of these attacks, as existing research lacks extensive benchmark coverage and in-depth analysis of critical factors. To address these limitations, we propose Bkd-FedGNN, a benchmark for backdoor attacks on FedGNN. Specifically, Bkd-FedGNN decomposes the graph backdoor attack into trigger generation and injection steps, and extending the attack to the node-level federated setting, resulting in a unified framework that covers both node-level and graph-level classification tasks. Moreover, we thoroughly investigate the impact of multiple critical factors in backdoor attacks on FedGNN. These factors are categorized into global-level and local-level factors, including data distribution, the number of malicious attackers, attack time, overlapping rate, trigger size, trigger type, trigger position, and poisoning rate. Finally, we conduct comprehensive evaluations on 13 benchmark datasets and 13 critical factors, comprising 1,725 experimental configurations for node-level and graphlevel tasks from six domains. These experiments encompass over 8,000 individual tests, allowing us to provide a thorough evaluation and insightful observations that advance our understanding of backdoor attacks on FedGNN. The Bkd-FedGNN benchmark is publicly available at https://github.com/usail-hkust/ BkdFedGCN.Preprint. Under review.

show abstract

Graph-Fraudster: Adversarial Attacks on Graph Neural Network-Based Vertical Federated Learning

Cited by 18 publications

References 21 publications

Federated Graph Neural Networks: Overview, Techniques, and Challenges

Federated Graph Neural Networks: Overview, Techniques, and Challenges

Vertical Federated Learning: Taxonomies, Threats, and Prospects

Exploring metadiscourse in university lectures in Hong Kong

Contact Info

Product

Resources

About