面向纵向图联邦学习的数据重构攻击方法

Data Reconstruction Attack for Vertical Graph Federated Learning

近年来,数据隐私保护法规限制了不同图数据拥有者之间的数据直接交换,出现了“数据孤岛”现象。为解决上述问题,纵向图联邦学习通过秘密交换嵌入表示的方式实现图数据分布式训练,在众多现实领域具有广泛应用,如药物研发、用户发掘以及商品推荐等。然而,纵向图联邦学习中的诚实参与方在训练过程中仍然存在隐私泄露的风险,为此提出了一个由诚实但好奇的参与方基于生成式网络发动嵌入表示重构攻击,通过范数损失函数使得生成式网络的输出结果向训练公布的置信度逼近,从而重构参与方的隐私数据。实验结果表明,所提嵌入表示重构攻击在Cora, Citeseer以及Pubmed数据集上均能完整地重构参与方的嵌入表示,凸显了纵向图联邦学习中参与方嵌入表示的隐私泄露风险。

Recently,data privacy protection regulations restrict the direct exchange of raw data between different graph data ow-ners,resulting in the phenomenon of“data silos”.To solve this problem,vertical federated learning graph neural network realizes distributed training of graph data by secretly exchanging embeddings,and has been widely used in many real-world fields,such as drug discovery,user discovery,and product recommendation.However,honest participants in vertical federated learning graph neural network still have the risk of privacy leakage during training.This paper proposes a private embedding representation reconstruction attack based on the generative network,and reconstructs the private data of the participant by the output of the ge-nerative network is approximated with the confidence published from server with the norm loss function.Experimental results show that the embedding representation reconstruction attack can completely reconstruct the embedding representation of the participants on the Cora,Citeseer and Pubmed datasets,which highlights the risk of leakage of the participant embedding representation in VFL-GNN.