APVFGL: A Robust Vertical Federated Graph Learning Framework Against Poisoning Attacks

Vertical federated graph learning (VFGL) is a distributed graph learning scheme that addresses data isolation and privacy protection in scenarios where different clients hold the same nodes with distinct feature sets. However, VFGL is also vulnerable to poisoning attacks, while current defense methods based on horizontal federated learning and vertical federated learning are not effective in this context. To address this, this paper proposes APVFGL (Anti-Poison Vertical Federated Graph Learning), a robust VFGL framework resilient to poisoning attacks. APVFGL utilizes dual graph encoders and graph contrastive learning during the local training phase to derive robust node representations. The loss function, based on information bottleneck theory, reduces redundant information in the data to enhance the robustness of the model against poisoning attacks without the complexity of constructing negative samples. Additionally, a Shapley-based aggregation method is introduced on the server side to dynamically assign weights to each client, mitigating the impact of malicious feature manipulation. Experimental results on benchmark datasets demonstrate the superior performance of APVFGL against various poisoning attacks. Even in the case where more than half of the clients are poisoned, APVFGL can still achieve an F1 score of 81.6% and 71.5% on the Cora and Citeseer datasets, with an average reduction of 23.6% in attack success rate, highlighting its robustness and practicality in vertical federated graph learning scenarios.