Privacy-Enhanced Federated GNN Inference Against Adversarial Example Attack

IF 5.3 3区计算机科学 Q1 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE

IEEE Transactions on Emerging Topics in Computational Intelligence Pub Date : 2024-11-28 DOI:10.1109/TETCI.2024.3502434

Guanghui He;Yanli Ren;Jingyuan Jiang;Guorui Feng;Xinpeng Zhang

{"title":"Privacy-Enhanced Federated GNN Inference Against Adversarial Example Attack","authors":"Guanghui He;Yanli Ren;Jingyuan Jiang;Guorui Feng;Xinpeng Zhang","doi":"10.1109/TETCI.2024.3502434","DOIUrl":null,"url":null,"abstract":"Graph neural networks (GNNs) have become a powerful tool for processing and learning graph data. However, due to the existence of data silos, the privacy of data and the processing result is an important concern. Meanwhile, the malicious example will result in the incorrect output of the model. For the above concerns, this paper proposes privacy-enhanced federated graph network inference against adversarial example attack. Specifically, we adopt secret sharing and homomorphic encryption to ensure the privacy of graph data, where the user can get the final inference, and the server holds nothing except the model parameters. Moreover, in order to prevent malicious users from interfering with the accuracy of the model, an adversarial example detection mechanism on the ciphertext is designed to identify local embedding submitted by malicious users. During the whole process, both local and global embedding are both protected. The experimental results show that the model accuracy is about 69% and 66% with malicious samples on Cora and Citeseer in the domain of ciphertext respectively and they are nearly same as 70% and 69% in the domain of plaintext, which shows the effectiveness of our protocol.","PeriodicalId":13135,"journal":{"name":"IEEE Transactions on Emerging Topics in Computational Intelligence","volume":"9 4","pages":"2818-2829"},"PeriodicalIF":5.3000,"publicationDate":"2024-11-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Emerging Topics in Computational Intelligence","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10770842/","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 0

Abstract

Graph neural networks (GNNs) have become a powerful tool for processing and learning graph data. However, due to the existence of data silos, the privacy of data and the processing result is an important concern. Meanwhile, the malicious example will result in the incorrect output of the model. For the above concerns, this paper proposes privacy-enhanced federated graph network inference against adversarial example attack. Specifically, we adopt secret sharing and homomorphic encryption to ensure the privacy of graph data, where the user can get the final inference, and the server holds nothing except the model parameters. Moreover, in order to prevent malicious users from interfering with the accuracy of the model, an adversarial example detection mechanism on the ciphertext is designed to identify local embedding submitted by malicious users. During the whole process, both local and global embedding are both protected. The experimental results show that the model accuracy is about 69% and 66% with malicious samples on Cora and Citeseer in the domain of ciphertext respectively and they are nearly same as 70% and 69% in the domain of plaintext, which shows the effectiveness of our protocol.

查看原文本刊更多论文

针对对抗性示例攻击的隐私增强联邦GNN推理

图神经网络（gnn）已成为处理和学习图数据的有力工具。然而，由于数据孤岛的存在，数据的隐私性和处理结果是一个重要的问题。同时，恶意示例会导致模型输出错误。针对上述问题，本文提出了针对对抗性示例攻击的隐私增强联邦图网络推理。具体来说，我们采用秘密共享和同态加密来保证图数据的私密性，用户可以得到最终的推断，服务器除了模型参数之外什么都不持有。此外，为了防止恶意用户干扰模型的准确性，在密文上设计了一种对抗性示例检测机制，对恶意用户提交的局部嵌入进行识别。在整个过程中，局部嵌入和全局嵌入都受到保护。实验结果表明，Cora和Citeseer上的恶意样本在密文领域的准确率分别为69%和66%，在明文领域的准确率为70%和69%，表明了该协议的有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Transactions on Emerging Topics in Computational Intelligence Mathematics-Control and Optimization

CiteScore

10.30

自引率

7.50%

发文量

147

期刊介绍： The IEEE Transactions on Emerging Topics in Computational Intelligence (TETCI) publishes original articles on emerging aspects of computational intelligence, including theory, applications, and surveys. TETCI is an electronics only publication. TETCI publishes six issues per year. Authors are encouraged to submit manuscripts in any emerging topic in computational intelligence, especially nature-inspired computing topics not covered by other IEEE Computational Intelligence Society journals. A few such illustrative examples are glial cell networks, computational neuroscience, Brain Computer Interface, ambient intelligence, non-fuzzy computing with words, artificial life, cultural learning, artificial endocrine networks, social reasoning, artificial hormone networks, computational intelligence for the IoT and Smart-X technologies.