Although powerful graph neural networks (GNNs) have boosted numerous real-world applications, the potential privacy risk is still underexplored. To close this gap, we perform the first comprehensive study of graph reconstruction attack that aims to reconstruct the adjacency of nodes. We show that a range of factors in GNNs can lead to the surprising leakage of private links. Especially by taking GNNs as a Markov chain and attacking GNNs via a flexible chain approximation, we systematically explore the underneath principles of graph reconstruction attack, and propose two information theory-guided mechanisms: (1) the chain-based attack method with adaptive designs for extracting more private information; (2) the chain-based defense method that sharply reduces the attack fidelity with moderate accuracy loss. Such two objectives disclose a critical belief that to recover better in attack, you must extract more multi-aspect knowledge from the trained GNN; while to learn safer for defense, you must forget more link-sensitive information in training GNNs. Empirically, we achieve state-of-the-art results on six datasets and three common GNNs. The code is publicly available at: https://github.com/tmlr-group/MC-GRA.

翻译：尽管强大的图神经网络（GNN）已推动众多实际应用的发展，但其潜在的隐私风险仍未得到充分探索。为填补这一空白，我们首次对图重构攻击进行了全面研究，旨在重构节点间的邻接关系。研究表明，GNN中的一系列因素可能导致私有链接的惊人泄露。特别是通过将GNN视为马尔可夫链，并利用灵活的链近似对GNN进行攻击，我们系统性地探索了图重构攻击的底层原理，并提出了两种信息论引导机制：（1）基于链的自适应攻击方法，用于提取更多私有信息；（2）基于链的防御方法，在适度牺牲精度的条件下显著降低攻击保真度。这两个目标揭示了一个关键信念：若要实现更优的攻击恢复效果，必须从训练好的GNN中提取更多多维知识；而要实现更安全的防御学习，则必须在训练GNN时遗忘更多链接敏感信息。在六个数据集和三种常见GNN上的实验结果表明，我们取得了当前最优性能。代码已开源：https://github.com/tmlr-group/MC-GRA。