Papers
Topics
Authors
Recent
Assistant
AI Research Assistant
Well-researched responses based on relevant abstracts and paper content.
Custom Instructions Pro
Preferences or requirements that you'd like Emergent Mind to consider when generating responses.
Gemini 2.5 Flash
Gemini 2.5 Flash 90 tok/s
Gemini 2.5 Pro 29 tok/s Pro
GPT-5 Medium 14 tok/s Pro
GPT-5 High 17 tok/s Pro
GPT-4o 101 tok/s Pro
Kimi K2 195 tok/s Pro
GPT OSS 120B 456 tok/s Pro
Claude Sonnet 4 39 tok/s Pro
2000 character limit reached

GraphGuard: Detecting and Counteracting Training Data Misuse in Graph Neural Networks (2312.07861v1)

Published 13 Dec 2023 in cs.LG and cs.CR

Abstract: The emergence of Graph Neural Networks (GNNs) in graph data analysis and their deployment on Machine Learning as a Service platforms have raised critical concerns about data misuse during model training. This situation is further exacerbated due to the lack of transparency in local training processes, potentially leading to the unauthorized accumulation of large volumes of graph data, thereby infringing on the intellectual property rights of data owners. Existing methodologies often address either data misuse detection or mitigation, and are primarily designed for local GNN models rather than cloud-based MLaaS platforms. These limitations call for an effective and comprehensive solution that detects and mitigates data misuse without requiring exact training data while respecting the proprietary nature of such data. This paper introduces a pioneering approach called GraphGuard, to tackle these challenges. We propose a training-data-free method that not only detects graph data misuse but also mitigates its impact via targeted unlearning, all without relying on the original training data. Our innovative misuse detection technique employs membership inference with radioactive data, enhancing the distinguishability between member and non-member data distributions. For mitigation, we utilize synthetic graphs that emulate the characteristics previously learned by the target model, enabling effective unlearning even in the absence of exact graph data. We conduct comprehensive experiments utilizing four real-world graph datasets to demonstrate the efficacy of GraphGuard in both detection and unlearning. We show that GraphGuard attains a near-perfect detection rate of approximately 100% across these datasets with various GNN models. In addition, it performs unlearning by eliminating the impact of the unlearned graph with a marginal decrease in accuracy (less than 5%).

Definition Search Book Streamline Icon: https://streamlinehq.com
References (82)
  1. [Online]. Available: https://d1.awsstatic.com/events/Summits/awstorontosummit/Scaling_your_ISV_AI_ML_offerings_using_Amazon_Sage_Maker_ISV201.pdf
  2. [Online]. Available: https://cloud.google.com/architecture/ml-on-gcp-best-practices
  3. [Online]. Available: https://cloud.google.com/architecture/guidelines-for-developing-high-quality-ml-solutions
  4. Amazon Web Services. (Accessed 2023) Amazon sagemaker - machine learning platform. [Online]. Available: https://aws.amazon.com/pm/sagemaker/
  5. AWS Labs, “GraphStorm,” https://github.com/awslabs/graphstorm, accessed on June 29, 2023.
  6. L. Bourtoule, V. Chandrasekaran, C. A. Choquette-Choo, H. Jia, A. Travers, B. Zhang, D. Lie, and N. Papernot, “Machine unlearning,” in IEEE Symposium on Security and Privacy.   IEEE, 2021, pp. 141–159.
  7. A. Burky, “Advocate aurora says 3m patients’ health data possibly exposed through tracking technologies,” Oct 2022. [Online]. Available: https://www.fiercehealthcare.com/health-tech/advocate-aurora-health-data-breach-revealed-pixels-protected-health-information-3
  8. Y. Cao and J. Yang, “Towards making systems forget with machine unlearning,” in IEEE Symposium on Security and Privacy.   IEEE Computer Society, 2015, pp. 463–480.
  9. N. Carlini, S. Chien, M. Nasr, S. Song, A. Terzis, and F. Tramèr, “Membership inference attacks from first principles,” in IEEE Symposium on Security and Privacy.   IEEE, 2022, pp. 1897–1914.
  10. L. Chen, Y. Liu, Z. Zheng, and P. S. Yu, “Heterogeneous neural attentive factorization machine for rating prediction,” in CIKM 2018.   ACM, pp. 833–842.
  11. M. Chen, Z. Zhang, T. Wang, M. Backes, M. Humbert, and Y. Zhang, “Graph unlearning,” in CCS.   ACM, 2022, pp. 499–513.
  12. Y. Chen, L. Wu, and M. J. Zaki, “Iterative deep graph learning for graph neural networks: Better and robust node embeddings,” in NeurIPS 2020,.
  13. J. Cheng, G. Dasoulas, H. He, C. Agarwal, and M. Zitnik, “GNNDelete: A general strategy for unlearning in graph neural networks,” in ICLR.   OpenReview.net, 2023.
  14. E. Chien, C. Pan, and O. Milenkovic, “Certified graph unlearning,” in NeurIPS 2022 Workshop: New Frontiers in Graph Learning, 2022.
  15. C. A. Choquette-Choo, F. Tramèr, N. Carlini, and N. Papernot, “Label-only membership inference attacks,” in ICML, ser. Proceedings of Machine Learning Research, vol. 139.   PMLR, 2021, pp. 1964–1974.
  16. V. S. Chundawat, A. K. Tarun, M. Mandal, and M. S. Kankanhalli, “Zero-shot machine unlearning,” IEEE Trans. Inf. Forensics Secur., vol. 18, pp. 2345–2354, 2023.
  17. M. Conti, J. Li, S. Picek, and J. Xu, “Label-only membership inference attack against node-level graph neural networks,” in AISec@CCS.   ACM, 2022, pp. 1–12.
  18. A. Deng and B. Hooi, “Graph neural network-based anomaly detection in multivariate time series,” in AAAI 2021.   AAAI Press, pp. 4027–4035.
  19. S. Frenkel and S. A. Thompson, ““not for machines to harvest”: Data revolts break out against a.i.” Jul 2023. [Online]. Available: https://www.nytimes.com/2023/07/15/technology/artificial-intelligence-models-chat-data.html?searchResultPosition=1
  20. S. Gatlan, “Healthcare giant chs reports first data breach in goanywhere hacks,” Mar 2023. [Online]. Available: https://www.bleepingcomputer.com/news/security/healthcare-giant-chs-reports-first-data-breach-in-goanywhere-hacks/
  21. D. Geer, “Medical informatics engineering breach: The gift that keeps on giving,” Jan 2019. [Online]. Available: https://medium.com/the-aftermath-of-a-data-breach/medical-informatics-engineering-breach-the-gift-that-keeps-on-giving-9948231d2e95
  22. Google Cloud. (Accessed 2023) Google cloud vertex ai. [Online]. Available: https://cloud.google.com/vertex-ai
  23. W. L. Hamilton, Z. Ying, and J. Leskovec, “Inductive representation learning on large graphs,” in NIPS, 2017, pp. 1024–1034.
  24. X. He, J. Jia, M. Backes, N. Z. Gong, and Y. Zhang, “Stealing links from graph neural networks.” in USENIX Security Symposium, 2021, pp. 2669–2686.
  25. X. He, R. Wen, Y. Wu, M. Backes, Y. Shen, and Y. Zhang, “Node-level membership inference attacks against graph neural networks,” CoRR, vol. abs/2102.05429, 2021.
  26. IBM. (Accessed 2023) Ibm watson machine learning for z/os. [Online]. Available: https://www.ibm.com/docs/en/wml-for-zos
  27. D. Jin, L. Wang, H. Zhang, Y. Zheng, W. Ding, F. Xia, and S. Pan, “A survey on fairness-aware recommender systems,” Inf. Fusion, vol. 100, p. 101906, 2023.
  28. W. Jin, Y. Ma, X. Liu, X. Tang, S. Wang, and J. Tang, “Graph structure learning for robust graph neural networks,” in KDD.   ACM, 2020, pp. 66–74.
  29. W. Jin, J. M. Stokes, R. T. Eastman, Z. Itkin, A. V. Zakharov, J. J. Collins, T. S. Jaakkola, and R. Barzilay, “Deep learning identifies synergistic drug combinations for treating covid-19,” Proceedings of the National Academy of Sciences, vol. 118, no. 39, p. e2105070118, 2021.
  30. J. Jumper, R. Evans, A. Pritzel, T. Green, M. Figurnov, O. Ronneberger, K. Tunyasuvunakool, R. Bates, A. Žídek, A. Potapenko et al., “Highly accurate protein structure prediction with alphafold,” Nature, vol. 596, no. 7873, pp. 583–589, 2021.
  31. J. Kim and S. S. Woo, “Efficient two-stage model retraining for machine unlearning,” in CVPR Workshops.   IEEE, 2022, pp. 4360–4368.
  32. T. N. Kipf and M. Welling, “Semi-supervised classification with graph convolutional networks,” in ICLR (Poster).   OpenReview.net, 2017.
  33. C. Kooli and H. Al Muftah, “Artificial intelligence in healthcare: a comprehensive review of its ethical concerns,” Technological Sustainability, 2022.
  34. M. Kop, “Ai & intellectual property: Towards an articulated public domain,” Tex. Intell. Prop. LJ, vol. 28, p. 297, 2019.
  35. X. Liu, B. Wu, X. Yuan, and X. Yi, “Leia: A lightweight cryptographic neural network inference system at the edge,” IEEE Trans. Inf. Forensics Secur., vol. 17, pp. 237–252, 2022.
  36. Y. Liu, H. Yuan, L. Cai, and S. Ji, “Deep learning of high-order interactions for protein interface prediction,” in KDD.   ACM, 2020, pp. 679–687.
  37. Z. Liu, X. Zhang, C. Chen, S. Lin, and J. Li, “Membership inference attacks against robust graph neural network,” in CSS, ser. Lecture Notes in Computer Science, vol. 13547.   Springer, 2022, pp. 259–273.
  38. H. A. K. LLP, “European parliament agrees on position on the ai act,” Jun 2023. [Online]. Available: https://www.huntonprivacyblog.com/2023/06/15/european-parliament-agrees-on-position-on-the-ai-act/
  39. S. E.-D. Mattei, “Artists voice concerns over the signatures in viral lensaai portraits,” Dec 2022. [Online]. Available: https://www.artnews.com/art-news/news/signatures-lensa-ai-portraits-1234649633/
  40. R. Melo, R. Fieldhouse, A. Melo, J. D. Correia, M. N. D. Cordeiro, Z. H. Gümüş, J. Costa, A. M. Bonvin, and I. S. Moreira, “A machine learning approach for hot-spot detection at protein-protein interfaces,” International journal of molecular sciences, vol. 17, no. 8, p. 1215, 2016.
  41. Microsoft, “Deploy machine learning models to online endpoints for inference - azure machine learning.” [Online]. Available: https://learn.microsoft.com/en-us/azure/machine-learning/how-to-deploy-online-endpoints?view=azureml-api-2&tabs=azure-cli
  42. Microsoft Azure. (Accessed 2023) Azure machine learning. [Online]. Available: https://azure.microsoft.com/en-au/products/machine-learning
  43. J. B. Mitchell, “Artificial intelligence in pharmaceutical research and development,” pp. 1529–1531, 2018.
  44. R. Mrowka, A. Patzak, and H. Herzel, “Is there a bias in proteome research?” Genome research, vol. 11, no. 12, pp. 1971–1973, 2001.
  45. T. T. Nguyen, T. T. Huynh, P. L. Nguyen, A. W. Liew, H. Yin, and Q. V. H. Nguyen, “A survey of machine unlearning,” CoRR, vol. abs/2209.02299, 2022.
  46. I. E. Olatunji, W. Nejdl, and M. Khosla, “Membership inference attack on graph neural networks,” in TPS-ISA.   IEEE, 2021, pp. 11–20.
  47. A. Oliva, S. Grassi, G. Vetrugno, R. Rossi, G. Della Morte, V. Pinchi, and M. Caputo, “Management of medico-legal risks in digital health era: a scoping review,” Frontiers in medicine, vol. 8, p. 2956, 2022.
  48. C. Pan, E. Chien, and O. Milenkovic, “Unlearning graph classifiers with limited data resources,” in WWW.   ACM, 2023, pp. 716–726.
  49. Y. Qin, J. Hu, and B. Wu, “Toward evaluating the robustness of deep learning based rain removal algorithm in autonomous driving,” in SecTL@AsiaCCS.   ACM, 2023, pp. 1–7.
  50. A. Sablayrolles, M. Douze, C. Schmid, and H. Jégou, “Radioactive data: tracing through training,” in ICML, ser. Proceedings of Machine Learning Research, vol. 119.   PMLR, 2020, pp. 8326–8335.
  51. A. Shafahi, W. R. Huang, M. Najibi, O. Suciu, C. Studer, T. Dumitras, and T. Goldstein, “Poison frogs! targeted clean-label poisoning attacks on neural networks,” in NeurIPS, 2018, pp. 6106–6116.
  52. T. B. Shaik, X. Tao, H. Xie, L. Li, X. Zhu, and Q. Li, “Exploring the landscape of machine unlearning: A comprehensive survey and taxonomy,” CoRR, vol. abs/2305.06360, 2023.
  53. J. Simon, “Now available on amazon sagemaker: The deep graph library,” Dec 2019. [Online]. Available: https://aws.amazon.com/blogs/aws/now-available-on-amazon-sagemaker-the-deep-graph-library/
  54. Themeix, Jul 2018. [Online]. Available: https://www.dgl.ai/pages/about.html
  55. F. Tramèr, R. Shokri, A. S. Joaquin, H. Le, M. Jagielski, S. Hong, and N. Carlini, “Truth serum: Poisoning machine learning models to reveal their secrets,” in CCS.   ACM, 2022, pp. 2779–2792.
  56. P. Velickovic, G. Cucurull, A. Casanova, A. Romero, P. Liò, and Y. Bengio, “Graph attention networks,” in ICLR (Poster).   OpenReview.net, 2018.
  57. Y. Wan, Y. Liu, D. Wang, and Y. Wen, “GLAD-PAW: graph-based log anomaly detection by position aware weighted graph attention network,” in PAKDD 2021, ser. Lecture Notes in Computer Science, vol. 12712.   Springer, pp. 66–77.
  58. J. Wang, P. Huang, H. Zhao, Z. Zhang, B. Zhao, and D. L. Lee, “Billion-scale commodity embedding for e-commerce recommendation in alibaba,” in KDD 2018.   ACM, pp. 839–848.
  59. X.-W. Wang, L. Madeddu, K. Spirohn, L. Martini, A. Fazzone, L. Becchetti, T. P. Wytock, I. A. Kovács, O. M. Balogh, B. Benczik et al., “Assessment of community efforts to advance network-based prediction of protein–protein interactions,” Nature Communications, vol. 14, no. 1, p. 1582, 2023.
  60. A. Warnecke, L. Pirch, C. Wressnegger, and K. Rieck, “Machine unlearning of features and labels,” in NDSS.   The Internet Society, 2023.
  61. B. Wu, S. Wang, X. Yuan, C. Wang, C. Rudolph, and X. Yang, “Defeating misclassification attacks against transfer learning,” IEEE Trans. Dependable Secur. Comput., vol. 20, no. 2, pp. 886–901, 2023.
  62. B. Wu, X. Yang, S. Pan, and X. Yuan, “Adapting membership inference attacks to GNN for graph classification: Approaches and implications,” in ICDM.   IEEE, 2021, pp. 1421–1426.
  63. F. Wu, Y. Long, C. Zhang, and B. Li, “Linkteller: Recovering private edges from graph neural networks via influence analysis,” in 2022 IEEE Symposium on Security and Privacy (SP).   IEEE, 2022, pp. 2005–2024.
  64. J. Wu, Y. Yang, Y. Qian, Y. Sui, X. Wang, and X. He, “GIF: A general graph unlearning strategy via influence function,” in WWW.   ACM, 2023, pp. 651–661.
  65. Z. Xi, R. Pang, S. Ji, and T. Wang, “Graph backdoor,” CoRR, vol. abs/2006.11890, 2020.
  66. F. Xie, L. Chen, Y. Ye, Z. Zheng, and X. Lin, “Factorization machine based service recommendation on heterogeneous information networks,” in ICWS 2018.   IEEE, pp. 115–122.
  67. K. Xu, W. Hu, J. Leskovec, and S. Jegelka, “How powerful are graph neural networks?” in ICLR.   OpenReview.net, 2019.
  68. H. Yang, “Aligraph: A comprehensive graph neural network platform,” in KDD.   ACM, 2019, pp. 3165–3166.
  69. K. Yang, K. Swanson, W. Jin, C. Coley, P. Eiden, H. Gao, A. Guzman-Perez, T. Hopper, B. Kelley, M. Mathea et al., “Analyzing learned molecular representations for property prediction,” Journal of chemical information and modeling, vol. 59, no. 8, pp. 3370–3388, 2019.
  70. J. Ye, A. Maddi, S. K. Murakonda, V. Bindschaedler, and R. Shokri, “Enhanced membership inference attacks against machine learning models,” in CCS.   ACM, 2022, pp. 3093–3106.
  71. Z. You, M. Zhou, X. Luo, and S. Li, “Highly efficient framework for predicting interactions between proteins,” IEEE Trans. Cybern., vol. 47, no. 3, pp. 731–743, 2017.
  72. X. Yuan and L. Zhang, “Membership inference attacks and defenses in neural network pruning,” in USENIX Security Symposium.   USENIX Association, 2022, pp. 4561–4578.
  73. H. Zeng, H. Zhou, A. Srivastava, R. Kannan, and V. K. Prasanna, “Graphsaint: Graph sampling based inductive learning method,” in ICLR.   OpenReview.net, 2020.
  74. H. Zhang, B. Wu, S. Wang, X. Yang, M. Xue, S. Pan, and X. Yuan, “Demystifying uneven vulnerability of link stealing attacks against graph neural networks,” in ICML, ser. Proceedings of Machine Learning Research, vol. 202.   PMLR, 2023, pp. 41 737–41 752.
  75. H. Zhang, B. Wu, X. Yang, C. Zhou, S. Wang, X. Yuan, and S. Pan, “Projective ranking: A transferable evasion attack method on graph neural networks,” in CIKM.   ACM, 2021, pp. 3617–3621.
  76. H. Zhang, B. Wu, X. Yuan, S. Pan, H. Tong, and J. Pei, “Trustworthy graph neural networks: Aspects, methods and trends,” CoRR, vol. abs/2205.07424, 2022.
  77. H. Zhang, X. Yuan, Q. V. H. Nguyen, and S. Pan, “On the interaction between node fairness and edge privacy in graph neural networks,” CoRR, vol. abs/2301.12951, 2023.
  78. H. Zhang, X. Yuan, C. Zhou, and S. Pan, “Projective ranking-based GNN evasion attacks,” IEEE Trans. Knowl. Data Eng., vol. 35, no. 8, pp. 8402–8416, 2023.
  79. S. Zhang, H. Chen, X. Sun, Y. Li, and G. Xu, “Unsupervised graph poisoning attack via contrastive loss back-propagation,” in WWW.   ACM, 2022, pp. 1322–1330.
  80. Z. Zhang, J. Jia, B. Wang, and N. Z. Gong, “Backdoor attacks to graph neural networks,” in SACMAT 2021.   ACM, pp. 15–26.
  81. Z. Zhang, Y. Zhou, X. Zhao, T. Che, and L. Lyu, “Prompt certified machine unlearning with randomized gradient smoothing and quantization,” in NeurIPS, 2022.
  82. Y. Zheng, H. Zhang, V. C. Lee, Y. Zheng, X. Wang, and S. Pan, “Finding the missing-half: Graph complementary learning for homophily-prone and heterophily-prone graphs,” in ICML, ser. Proceedings of Machine Learning Research, vol. 202.   PMLR, 2023, pp. 42 492–42 505.
Citations (4)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
Lightbulb On Streamline Icon: https://streamlinehq.com

Continue Learning

We haven't generated follow-up questions for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now
List To Do Tasks Checklist Streamline Icon: https://streamlinehq.com

Collections

Sign up for free to add this paper to one or more collections.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up

Don't miss out on important new AI/ML research

See which papers are being discussed right now on X, Reddit, and more:

Explore Trending Papers

“Emergent Mind helps me see which AI papers have caught fire online.”

Philip

Philip

Creator, AI Explained on YouTube