GGrantIndex
← Search

SaTC: CORE: Small: Securing Network Embedding against Privacy Attacks

$499,941FY2022CSENSF

Stevens Institute Of Technology, Hoboken NJ

Investigators

Abstract

Many complex systems take the form of networks, such as social networks, biological networks, and information networks. It is well recognized that performing data analysis on large networks is challenging. To tackle this challenge, numerous network representation learning (NRL) approaches have been designed to learn low-dimensional vector representations (embedding) that preserve the network information. Due to their advantages, network embedding, instead of the original network data, is either released to the public or shared with third-party machine learning service providers or other parties for downstream analytics. Since the network embedding inherently captures the structure and properties of the original network, it raises the serious concern whether the embedding also encodes the sensitive information in the input network data. An adversary can launch various privacy attacks on the network embedding to infer the sensitive information in the input network data. Despite significant progress in machine learning privacy, most of the existing privacy attacks mainly focus on the models trained on non-graph data (tabular data, text, and images). Privacy of NRL models and their output network embeddings are largely ignored. The understanding of the nature and extent of vulnerabilities of network embedding against the privacy attacks as well as the investigation of effective defense mechanisms are extremely limited. This project will address the core privacy issues of network embedding through a unified research program that consists of exploring the privacy vulnerabilities of network embedding, investigating the causes of these vulnerabilities, and developing rigorous, yet practical, techniques to mitigate these vulnerabilities. The project plans to tackle three fundamental research problems: (i) design three types of privacy attacks, namely membership inference attacks, attribute inference attacks, and property inference attacks, to infer the sensitive membership/attributes/properties in the original network data from network embedding; (ii) analyze which types of data characteristics and model properties impact the privacy vulnerabilities of network embedding against the three types of attacks; and (iii) design effective defense mechanisms to secure network embedding. The research outcomes of this project will be disseminated broadly through developing new courses, involving students at various levels into cutting-edge research in machine learning, and training of female and underrepresented students. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

View original record on NSF Award Search →