Graph-Fraudster: Adversarial Attacks on Graph Neural Network-Based Vertical Federated Learning

Graph neural network (GNN) has achieved great success on graph representation learning. Challenged by large-scale private data collected from user side, GNN may not be able to reflect the excellent performance, without rich features and complete adjacent relationships. Addressing problem, vertical federated learning (VFL) is proposed implement local protection through training a global model collaboratively. Consequently, for graph-structured data, it natural idea construct GNN-based VFL (GVFL) framework. However, been proven vulnerable adversarial attacks. Whether vulnerability will brought into GVFL studied. This first study of attacks GVFL. A novel attack method proposed, named Graph-Fraudster. It generates perturbations based noise-added node embeddings via privacy leakage gradient pairwise node. Specifically, first, Graph-Fraudster steals sets up shadow server generator. Second, noise added confuse model. Finally, used generate with guidance embeddings. Extensive experiments five benchmark datasets demonstrate that achieves state-of-the-art performance compared baselines in different GVFLs. Furthermore, can remain threat even if two possible defense mechanisms are applied. In addition, some suggestions put forward future work improve robustness The code downloaded at https://github.com/hgh0545/Graph-Fraudster .