Graph neural networks (GNNs) provide important prospective insights in applications such as social behavior analysis and financial risk analysis based on their powerful learning capabilities on graph data. Nevertheless, GNNs' predictive performance relies on the quality of task-specific node labels, so it is common practice to improve the model's generalization ability in the downstream execution of decision-making tasks through pre-training. Graph prompting is a prudent choice but risky without taking measures to prevent data leakage. In other words, in high-risk decision scenarios, prompt learning can infer private information by accessing model parameters trained on private data (publishing model parameters in pre-training, i.e., without directly leaking the raw data, is a tacitly accepted trend). However, myriad graph inference attacks necessitate tailored module design and processing to enhance inference capabilities due to variations in supervision signals. In this paper, we propose a novel Prompt-based unifying Inference Attack framework on GNNs, named ProIA. Specifically, ProIA retains the crucial topological information of the graph during pre-training, enhancing the background knowledge of the inference attack model. It then utilizes a unified prompt and introduces additional disentanglement factors in downstream attacks to adapt to task-relevant knowledge. Finally, extensive experiments show that ProIA enhances attack capabilities and demonstrates remarkable adaptability to various inference attacks.

翻译：图神经网络（GNN）凭借其在图数据上强大的学习能力，为社交行为分析、金融风险分析等应用提供了重要的前瞻性洞察。然而，GNN的预测性能依赖于任务特定节点标签的质量，因此通常通过预训练来提升模型在下游决策任务执行中的泛化能力。图提示学习是一种审慎的选择，但若不采取措施防止数据泄露则存在风险。换言之，在高风险决策场景中，提示学习可通过访问基于私有数据训练的模型参数来推断隐私信息（在预训练中发布模型参数，即不直接泄露原始数据，是一种被默许的趋势）。然而，由于监督信号的差异，现有的多种图推理攻击需要定制化的模块设计与处理以增强推理能力。本文提出了一种新颖的基于提示的统一图神经网络推理攻击框架，命名为ProIA。具体而言，ProIA在预训练阶段保留图的关键拓扑信息，从而增强推理攻击模型的背景知识。随后，它在下游攻击中利用统一的提示并引入额外的解耦因子，以适应任务相关知识。最后，大量实验表明，ProIA显著提升了攻击能力，并对各类推理攻击表现出卓越的适应性。