More is Better (Mostly): On the Backdoor Attacks in Federated Graph Neural Networks

Research output: Chapter in Book/Conference proceedings/Edited volumeConference contributionScientificpeer-review

3 Citations (Scopus)
68 Downloads (Pure)

Abstract

Graph Neural Networks (GNNs) are a class of deep learning-based methods for processing graph domain information. GNNs have recently become a widely used graph analysis method due to their superior ability to learn representations for complex graph data. Due to privacy concerns and regulation restrictions, centralized GNNs can be difficult to apply to data-sensitive scenarios. Federated learning (FL) is an emerging technology developed for privacy-preserving settings when several parties need to train a shared global model collaboratively. Although several research works have applied FL to train GNNs (Federated GNNs), there is no research on their robustness to backdoor attacks.

This paper bridges this gap by conducting two types of backdoor attacks in Federated GNNs: centralized backdoor attacks (CBA) and distributed backdoor attacks (DBA). Our experiments show that the DBA attack success rate is higher than CBA in almost all cases. For CBA, the attack success rate of all local triggers is similar to the global trigger, even if the training set of the adversarial party is embedded with the global trigger. To explore the properties of two backdoor attacks in Federated GNNs, we evaluate the attack performance for a different number of clients, trigger sizes, poisoning intensities, and trigger densities. Finally, we explore the robustness of DBA and CBA against two state-of-the-art defenses. We find that both attacks are robust against the investigated defenses, necessitating the need to consider backdoor attacks in Federated GNNs as a novel threat that requires custom defenses.
Original languageEnglish
Title of host publicationProceedings - 38th Annual Computer Security Applications Conference, ACSAC 2022
PublisherACM
Pages684–698
Number of pages15
ISBN (Electronic)978-1-4503-9759-9
DOIs
Publication statusPublished - 2022
EventACSAC '22: Proceedings of the 38th Annual Computer Security Applications Conference - Austin, United States
Duration: 5 Dec 20229 Dec 2022

Publication series

NameACM International Conference Proceeding Series

Conference

ConferenceACSAC '22: Proceedings of the 38th Annual Computer Security Applications Conference
Country/TerritoryUnited States
CityAustin
Period5/12/229/12/22

Keywords

  • backdoor attacks
  • graph neural networks
  • federated learning

Fingerprint

Dive into the research topics of 'More is Better (Mostly): On the Backdoor Attacks in Federated Graph Neural Networks'. Together they form a unique fingerprint.

Cite this