204 research outputs found
Graph Analysis in Decentralized Online Social Networks with Fine-Grained Privacy Protection
Graph analysts cannot directly obtain the global structure in decentralized
social networks, and analyzing such a network requires collecting local views
of the social graph from individual users. Since the edges between users may
reveal sensitive social interactions in the local view, applying differential
privacy in the data collection process is often desirable, which provides
strong and rigorous privacy guarantees. In practical decentralized social
graphs, different edges have different privacy requirements due to the distinct
sensitivity levels. However, the existing differentially private analysis of
social graphs provide the same protection for all edges. To address this issue,
this work proposes a fine-grained privacy notion as well as novel algorithms
for private graph analysis. We first design a fine-grained relationship
differential privacy (FGR-DP) notion for social graph analysis, which enforces
different protections for the edges with distinct privacy requirements. Then,
we design algorithms for triangle counting and k-stars counting, respectively,
which can accurately estimate subgraph counts given fine-grained protection for
social edges. We also analyze upper bounds on the estimation error, including
k-stars and triangle counts, and show their superior performance compared with
the state-of-the-arts. Finally, we perform extensive experiments on two real
social graph datasets and demonstrate that the proposed mechanisms satisfying
FGR-DP have better utility than the state-of-the-art mechanisms due to the
finer-grained protection
Private Graph Data Release: A Survey
The application of graph analytics to various domains have yielded tremendous
societal and economical benefits in recent years. However, the increasingly
widespread adoption of graph analytics comes with a commensurate increase in
the need to protect private information in graph databases, especially in light
of the many privacy breaches in real-world graph data that was supposed to
preserve sensitive information. This paper provides a comprehensive survey of
private graph data release algorithms that seek to achieve the fine balance
between privacy and utility, with a specific focus on provably private
mechanisms. Many of these mechanisms fall under natural extensions of the
Differential Privacy framework to graph data, but we also investigate more
general privacy formulations like Pufferfish Privacy that can deal with the
limitations of Differential Privacy. A wide-ranging survey of the applications
of private graph data release mechanisms to social networks, finance, supply
chain, health and energy is also provided. This survey paper and the taxonomy
it provides should benefit practitioners and researchers alike in the
increasingly important area of private graph data release and analysis
Privacy-Preserving Graph Machine Learning from Data to Computation: A Survey
In graph machine learning, data collection, sharing, and analysis often
involve multiple parties, each of which may require varying levels of data
security and privacy. To this end, preserving privacy is of great importance in
protecting sensitive information. In the era of big data, the relationships
among data entities have become unprecedentedly complex, and more applications
utilize advanced data structures (i.e., graphs) that can support network
structures and relevant attribute information. To date, many graph-based AI
models have been proposed (e.g., graph neural networks) for various domain
tasks, like computer vision and natural language processing. In this paper, we
focus on reviewing privacy-preserving techniques of graph machine learning. We
systematically review related works from the data to the computational aspects.
We first review methods for generating privacy-preserving graph data. Then we
describe methods for transmitting privacy-preserved information (e.g., graph
model parameters) to realize the optimization-based computation when data
sharing among multiple parties is risky or impossible. In addition to
discussing relevant theoretical methodology and software tools, we also discuss
current challenges and highlight several possible future research opportunities
for privacy-preserving graph machine learning. Finally, we envision a unified
and comprehensive secure graph machine learning system.Comment: Accepted by SIGKDD Explorations 2023, Volume 25, Issue
A Comprehensive Survey on Trustworthy Graph Neural Networks: Privacy, Robustness, Fairness, and Explainability
Graph Neural Networks (GNNs) have made rapid developments in the recent
years. Due to their great ability in modeling graph-structured data, GNNs are
vastly used in various applications, including high-stakes scenarios such as
financial analysis, traffic predictions, and drug discovery. Despite their
great potential in benefiting humans in the real world, recent study shows that
GNNs can leak private information, are vulnerable to adversarial attacks, can
inherit and magnify societal bias from training data and lack interpretability,
which have risk of causing unintentional harm to the users and society. For
example, existing works demonstrate that attackers can fool the GNNs to give
the outcome they desire with unnoticeable perturbation on training graph. GNNs
trained on social networks may embed the discrimination in their decision
process, strengthening the undesirable societal bias. Consequently, trustworthy
GNNs in various aspects are emerging to prevent the harm from GNN models and
increase the users' trust in GNNs. In this paper, we give a comprehensive
survey of GNNs in the computational aspects of privacy, robustness, fairness,
and explainability. For each aspect, we give the taxonomy of the related
methods and formulate the general frameworks for the multiple categories of
trustworthy GNNs. We also discuss the future research directions of each aspect
and connections between these aspects to help achieve trustworthiness
PrivGraph: Differentially Private Graph Data Publication by Exploiting Community Information
Graph data is used in a wide range of applications, while analyzing graph
data without protection is prone to privacy breach risks. To mitigate the
privacy risks, we resort to the standard technique of differential privacy to
publish a synthetic graph. However, existing differentially private graph
synthesis approaches either introduce excessive noise by directly perturbing
the adjacency matrix, or suffer significant information loss during the graph
encoding process. In this paper, we propose an effective graph synthesis
algorithm PrivGraph by exploiting the community information. Concretely,
PrivGraph differentially privately partitions the private graph into
communities, extracts intra-community and inter-community information, and
reconstructs the graph from the extracted graph information. We validate the
effectiveness of PrivGraph on six real-world graph datasets and seven commonly
used graph metrics.Comment: To Appear in the 32nd USENIX Security Symposiu
Who started this rumor? Quantifying the natural differential privacy guarantees of gossip protocols
Gossip protocols are widely used to disseminate information in massive
peer-to-peer networks. These protocols are often claimed to guarantee privacy
because of the uncertainty they introduce on the node that started the
dissemination. But is that claim really true? Can the source of a gossip safely
hide in the crowd? This paper examines, for the first time, gossip protocols
through a rigorous mathematical framework based on differential privacy to
determine the extent to which the source of a gossip can be traceable.
Considering the case of a complete graph in which a subset of the nodes are
curious, we study a family of gossip protocols parameterized by a ``muting''
parameter : nodes stop emitting after each communication with a fixed
probability . We first prove that the standard push protocol,
corresponding to the case , does not satisfy differential privacy for
large graphs. In contrast, the protocol with achieves optimal privacy
guarantees but at the cost of a drastic increase in the spreading time compared
to standard push, revealing an interesting tension between privacy and
spreading time. Yet, surprisingly, we show that some choices of the muting
parameter lead to protocols that achieve an optimal order of magnitude in
both privacy and speed. We also confirm empirically that, with appropriate
choices of , we indeed obtain protocols that are very robust against
concrete source location attacks while spreading the information almost as fast
as the standard (and non-private) push protocol
- …