抗中毒攻击的隐私保护联邦图神经网络

IF 3.6 2区工程技术 Q2 ENGINEERING, ELECTRICAL & ELECTRONIC

Signal Processing Pub Date : 2025-08-09 DOI:10.1016/j.sigpro.2025.110214

Guanghui He, Yanli Ren, Gang He, Guorui Feng, Xinpeng Zhang

{"title":"抗中毒攻击的隐私保护联邦图神经网络","authors":"Guanghui He, Yanli Ren, Gang He, Guorui Feng, Xinpeng Zhang","doi":"10.1016/j.sigpro.2025.110214","DOIUrl":null,"url":null,"abstract":"<div><div>Graph neural network (GNNs) has gradually moved from theory to application, however less attention has been paid to training for privacy preserving. Due to the particularity of the graph structure, the small disturbance of the graph will also reduce its performance. In order to resist poisoning attacks, this paper proposes a privacy defense strategy based on homomorphic encryption (HE). Specifically, we adopt HE to encrypt local embedding and generate global embedding under ciphertext in order to achieve the confidentiality of node embedding. Secondly, by calculating the cosine similarity between node features in ciphertext. Then the backpropagation process is divided into two parts, which are executed by the user and the server respectively to achieve the privacy of the intermediate gradient. During the whole process, the client’s private data and weights are always invisible to the server. Finally, the theoretical and experimental results show that the proposed protocol has a accuracy error of 1.2%–3.3% compared with the GNN model under plaintext data. Meanwhile, the accuracy of the model with the defense framework could be improved by 22%–27% compared to those models without the defense mechanisms under attack.</div></div>","PeriodicalId":49523,"journal":{"name":"Signal Processing","volume":"239 ","pages":"Article 110214"},"PeriodicalIF":3.6000,"publicationDate":"2025-08-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Privacy-preserving federated graph neural network against poisoning attack\",\"authors\":\"Guanghui He, Yanli Ren, Gang He, Guorui Feng, Xinpeng Zhang\",\"doi\":\"10.1016/j.sigpro.2025.110214\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Graph neural network (GNNs) has gradually moved from theory to application, however less attention has been paid to training for privacy preserving. Due to the particularity of the graph structure, the small disturbance of the graph will also reduce its performance. In order to resist poisoning attacks, this paper proposes a privacy defense strategy based on homomorphic encryption (HE). Specifically, we adopt HE to encrypt local embedding and generate global embedding under ciphertext in order to achieve the confidentiality of node embedding. Secondly, by calculating the cosine similarity between node features in ciphertext. Then the backpropagation process is divided into two parts, which are executed by the user and the server respectively to achieve the privacy of the intermediate gradient. During the whole process, the client’s private data and weights are always invisible to the server. Finally, the theoretical and experimental results show that the proposed protocol has a accuracy error of 1.2%–3.3% compared with the GNN model under plaintext data. Meanwhile, the accuracy of the model with the defense framework could be improved by 22%–27% compared to those models without the defense mechanisms under attack.</div></div>\",\"PeriodicalId\":49523,\"journal\":{\"name\":\"Signal Processing\",\"volume\":\"239 \",\"pages\":\"Article 110214\"},\"PeriodicalIF\":3.6000,\"publicationDate\":\"2025-08-09\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Signal Processing\",\"FirstCategoryId\":\"5\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0165168425003287\",\"RegionNum\":2,\"RegionCategory\":\"工程技术\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"ENGINEERING, ELECTRICAL & ELECTRONIC\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Signal Processing","FirstCategoryId":"5","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0165168425003287","RegionNum":2,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"ENGINEERING, ELECTRICAL & ELECTRONIC","Score":null,"Total":0}

引用次数: 0

摘要

图神经网络（GNNs）已逐步从理论走向应用，但对隐私保护的训练关注较少。由于图结构的特殊性，图的小扰动也会降低其性能。为了抵御中毒攻击，提出了一种基于同态加密（HE）的隐私防御策略。具体来说，我们采用HE对局部嵌入进行加密，并在密文下生成全局嵌入，以实现节点嵌入的保密性。其次，通过计算密文中节点特征之间的余弦相似度。然后将反向传播过程分为两部分，分别由用户和服务器执行，以实现中间梯度的私密性。在整个过程中，客户端的私有数据和权重对服务器始终是不可见的。最后，理论和实验结果表明，与明文数据下的GNN模型相比，提出的协议的准确率误差为1.2% ~ 3.3%。同时，与未加防御机制的模型相比，加了防御框架的模型准确率可提高22% ~ 27%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

Privacy-preserving federated graph neural network against poisoning attack

查看原文本刊更多论文

Privacy-preserving federated graph neural network against poisoning attack

Graph neural network (GNNs) has gradually moved from theory to application, however less attention has been paid to training for privacy preserving. Due to the particularity of the graph structure, the small disturbance of the graph will also reduce its performance. In order to resist poisoning attacks, this paper proposes a privacy defense strategy based on homomorphic encryption (HE). Specifically, we adopt HE to encrypt local embedding and generate global embedding under ciphertext in order to achieve the confidentiality of node embedding. Secondly, by calculating the cosine similarity between node features in ciphertext. Then the backpropagation process is divided into two parts, which are executed by the user and the server respectively to achieve the privacy of the intermediate gradient. During the whole process, the client’s private data and weights are always invisible to the server. Finally, the theoretical and experimental results show that the proposed protocol has a accuracy error of 1.2%–3.3% compared with the GNN model under plaintext data. Meanwhile, the accuracy of the model with the defense framework could be improved by 22%–27% compared to those models without the defense mechanisms under attack.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Signal Processing 工程技术-工程：电子与电气

CiteScore

9.20

自引率

9.10%

发文量

309

审稿时长

41 days

期刊介绍： Signal Processing incorporates all aspects of the theory and practice of signal processing. It features original research work, tutorial and review articles, and accounts of practical developments. It is intended for a rapid dissemination of knowledge and experience to engineers and scientists working in the research, development or practical application of signal processing. Subject areas covered by the journal include: Signal Theory; Stochastic Processes; Detection and Estimation; Spectral Analysis; Filtering; Signal Processing Systems; Software Developments; Image Processing; Pattern Recognition; Optical Signal Processing; Digital Signal Processing; Multi-dimensional Signal Processing; Communication Signal Processing; Biomedical Signal Processing; Geophysical and Astrophysical Signal Processing; Earth Resources Signal Processing; Acoustic and Vibration Signal Processing; Data Processing; Remote Sensing; Signal Processing Technology; Radar Signal Processing; Sonar Signal Processing; Industrial Applications; New Applications.