Graph neural networks (GNNs) have brought superb performance to various applications utilizing graph structural data, such as social analysis and fraud detection. The graph links, e.g., social relationships and transaction history, are sensitive and valuable information, which raises privacy concerns when using GNNs. To exploit these vulnerabilities, we propose VertexSerum, a novel graph poisoning attack that increases the effectiveness of graph link stealing by amplifying the link connectivity leakage. To infer node adjacency more accurately, we propose an attention mechanism that can be embedded into the link detection network. Our experiments demonstrate that VertexSerum significantly outperforms the SOTA link inference attack, improving the AUC scores by an average of $9.8\%$ across four real-world datasets and three different GNN structures. Furthermore, our experiments reveal the effectiveness of VertexSerum in both black-box and online learning settings, further validating its applicability in real-world scenarios.

翻译：图神经网络（GNNs）在利用图结构数据的各类应用中取得了卓越性能，例如社交分析和欺诈检测。图中的边（如社交关系和交易历史）是敏感且有价值的信息，这在使用GNN时引发了隐私担忧。为了利用这些漏洞，我们提出了VertexSerum，一种新型图投毒攻击，通过放大边连通性泄露来提高图边窃取的有效性。为了更精确地推断节点邻接关系，我们提出了一种可嵌入链路检测网络的注意力机制。实验结果表明，VertexSerum显著优于最先进的链路推断攻击方法，在四个真实数据集和三种不同GNN结构上，AUC分数平均提升了9.8%。此外，我们的实验揭示了VertexSerum在黑盒和在线学习场景中的有效性，进一步验证了其在真实世界应用中的可行性。