Xinyi Xie, Haibin Zheng, Hu Li, Ling Pang, Jinyin Chen
{"title":"图垂直联合学习的攻防方法","authors":"Xinyi Xie, Haibin Zheng, Hu Li, Ling Pang, Jinyin Chen","doi":"10.1145/3569966.3570022","DOIUrl":null,"url":null,"abstract":"To further protect citizens' privacy and national data security, graph federation learning has been widely used and rapidly developed. However, with the deployment and landing of graph federation learning tasks, the security issues involved are gradually exposed. To deeply study the application security issues of graph federation learning, this paper proposes an attack method and privacy protection defense method for graph data in the framework of vertical federation learning. The research revolves around the attack method. First, noise is randomly generated, combined with the attacker's embedding features, and fed into the server model, and the calculated results are compared with the real values to obtain the loss values. Then the attacker's attack model is updated to generate a new inference of the attacked embedding. The experiments conducted on two real-world datasets both obtained MSE metrics below 1, which fully illustrates the effectiveness of the attack method. Further research is conducted around the defense method, which uses a computed differential noise added to the uploaded embedding information to achieve the defense against privacy theft. In the experiments, the related attack metrics are significantly reduced with almost no impact on the main task performance.","PeriodicalId":145580,"journal":{"name":"Proceedings of the 5th International Conference on Computer Science and Software Engineering","volume":"18 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-10-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Attack and Defense Methods for Graph Vertical Federation Learning\",\"authors\":\"Xinyi Xie, Haibin Zheng, Hu Li, Ling Pang, Jinyin Chen\",\"doi\":\"10.1145/3569966.3570022\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"To further protect citizens' privacy and national data security, graph federation learning has been widely used and rapidly developed. However, with the deployment and landing of graph federation learning tasks, the security issues involved are gradually exposed. To deeply study the application security issues of graph federation learning, this paper proposes an attack method and privacy protection defense method for graph data in the framework of vertical federation learning. The research revolves around the attack method. First, noise is randomly generated, combined with the attacker's embedding features, and fed into the server model, and the calculated results are compared with the real values to obtain the loss values. Then the attacker's attack model is updated to generate a new inference of the attacked embedding. The experiments conducted on two real-world datasets both obtained MSE metrics below 1, which fully illustrates the effectiveness of the attack method. Further research is conducted around the defense method, which uses a computed differential noise added to the uploaded embedding information to achieve the defense against privacy theft. In the experiments, the related attack metrics are significantly reduced with almost no impact on the main task performance.\",\"PeriodicalId\":145580,\"journal\":{\"name\":\"Proceedings of the 5th International Conference on Computer Science and Software Engineering\",\"volume\":\"18 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-10-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 5th International Conference on Computer Science and Software Engineering\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3569966.3570022\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 5th International Conference on Computer Science and Software Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3569966.3570022","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Attack and Defense Methods for Graph Vertical Federation Learning
To further protect citizens' privacy and national data security, graph federation learning has been widely used and rapidly developed. However, with the deployment and landing of graph federation learning tasks, the security issues involved are gradually exposed. To deeply study the application security issues of graph federation learning, this paper proposes an attack method and privacy protection defense method for graph data in the framework of vertical federation learning. The research revolves around the attack method. First, noise is randomly generated, combined with the attacker's embedding features, and fed into the server model, and the calculated results are compared with the real values to obtain the loss values. Then the attacker's attack model is updated to generate a new inference of the attacked embedding. The experiments conducted on two real-world datasets both obtained MSE metrics below 1, which fully illustrates the effectiveness of the attack method. Further research is conducted around the defense method, which uses a computed differential noise added to the uploaded embedding information to achieve the defense against privacy theft. In the experiments, the related attack metrics are significantly reduced with almost no impact on the main task performance.