Label-Flipping Attacks in GNN-Based Federated Learning

IF 6.7 2区计算机科学 Q1 ENGINEERING, MULTIDISCIPLINARY

IEEE Transactions on Network Science and Engineering Pub Date : 2025-01-15 DOI:10.1109/TNSE.2025.3528831

Shanqing Yu;Jie Shen;Shaocong Xu;Jinhuan Wang;Zeyu Wang;Qi Xuan

{"title":"Label-Flipping Attacks in GNN-Based Federated Learning","authors":"Shanqing Yu;Jie Shen;Shaocong Xu;Jinhuan Wang;Zeyu Wang;Qi Xuan","doi":"10.1109/TNSE.2025.3528831","DOIUrl":null,"url":null,"abstract":"Federated learning offers multi-party collaborative training but also poses several potential security risks. These security issues have been studied more extensively in the context of basic image models, but it is relatively less explored in the field of graphs. Compared to various existing graph-based attack methods, the label-flipping attack does not need to change the graph structure and it is highly stealthy. Therefore, this paper explores a Graph Federated Label Flipping Attack (Graph-FLFA) and proposes a new malicious gradient computation strategy for federated graph models. The goal of this attack method is to maximally disrupt the classification results of specific nodes in the node classification task, without affecting the classification performance of other nodes. This strategy exhibits strong specificity and stealthiness, effectively balancing the influence of various labels and ensuring significant attack effects even when the poisoning ratio is very low. Extensive experiments on four benchmark datasets demonstrate that Graph-FLFA has a high attack success rate in different GNN-based models, achieving the most advanced attack performance. Furthermore, it has the capability to evade detection methods employed in defensive measures.","PeriodicalId":54229,"journal":{"name":"IEEE Transactions on Network Science and Engineering","volume":"12 2","pages":"1357-1368"},"PeriodicalIF":6.7000,"publicationDate":"2025-01-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Network Science and Engineering","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10839587/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"ENGINEERING, MULTIDISCIPLINARY","Score":null,"Total":0}

引用次数: 0

Abstract

Federated learning offers multi-party collaborative training but also poses several potential security risks. These security issues have been studied more extensively in the context of basic image models, but it is relatively less explored in the field of graphs. Compared to various existing graph-based attack methods, the label-flipping attack does not need to change the graph structure and it is highly stealthy. Therefore, this paper explores a Graph Federated Label Flipping Attack (Graph-FLFA) and proposes a new malicious gradient computation strategy for federated graph models. The goal of this attack method is to maximally disrupt the classification results of specific nodes in the node classification task, without affecting the classification performance of other nodes. This strategy exhibits strong specificity and stealthiness, effectively balancing the influence of various labels and ensuring significant attack effects even when the poisoning ratio is very low. Extensive experiments on four benchmark datasets demonstrate that Graph-FLFA has a high attack success rate in different GNN-based models, achieving the most advanced attack performance. Furthermore, it has the capability to evade detection methods employed in defensive measures.

查看原文本刊更多论文

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Transactions on Network Science and Engineering Engineering-Control and Systems Engineering

CiteScore

12.60

自引率

9.10%

发文量

393

期刊介绍： The proposed journal, called the IEEE Transactions on Network Science and Engineering (TNSE), is committed to timely publishing of peer-reviewed technical articles that deal with the theory and applications of network science and the interconnections among the elements in a system that form a network. In particular, the IEEE Transactions on Network Science and Engineering publishes articles on understanding, prediction, and control of structures and behaviors of networks at the fundamental level. The types of networks covered include physical or engineered networks, information networks, biological networks, semantic networks, economic networks, social networks, and ecological networks. Aimed at discovering common principles that govern network structures, network functionalities and behaviors of networks, the journal seeks articles on understanding, prediction, and control of structures and behaviors of networks. Another trans-disciplinary focus of the IEEE Transactions on Network Science and Engineering is the interactions between and co-evolution of different genres of networks.