VertexSerum: Poisoning Graph Neural Networks for Link Inference

Ruyi Ding, Shijin Duan, Xiaolin Xu, Yunsi Fei; Proceedings of the IEEE/CVF International Conference on Computer Vision (ICCV), 2023, pp. 4532-4541


Graph neural networks (GNNs) have brought superb performance to various applications utilizing graph structural data, such as social analysis and fraud detection. The graph links, e.g., social relationships and transaction history, are sensitive and valuable information, which raises privacy concerns when using GNNs. To exploit these vulnerabilities, we propose VertexSerum, a novel graph poisoning attack that increases the effectiveness of graph link stealing by amplifying the link connectivity leakage. To infer node adjacency more accurately, we propose an attention mechanism that can be embedded into the link detection network. Our experiments demonstrate that VertexSerum significantly outperforms the SOTA link inference attack, improving the AUC scores by an average of 9.8% across four real-world datasets and three different GNN structures. Furthermore, our experiments reveal the effectiveness of VertexSerum in both black-box and online learning settings, further validating its applicability in real-world scenarios.

Related Material

[pdf] [arXiv]
@InProceedings{Ding_2023_ICCV, author = {Ding, Ruyi and Duan, Shijin and Xu, Xiaolin and Fei, Yunsi}, title = {VertexSerum: Poisoning Graph Neural Networks for Link Inference}, booktitle = {Proceedings of the IEEE/CVF International Conference on Computer Vision (ICCV)}, month = {October}, year = {2023}, pages = {4532-4541} }