Privacy-preserving design of graph neural networks with applications to vertical federated learning

• Published in: arXiv.org
• Main Authors: Wu, Ruofan, Zhang, Mingyang, Lyu, Lingjuan, Xu, Xiaolong, Hao, Xiuquan, Fu, Xinyi, Liu, Tengfei, Zhang, Tianyi, Wang, Weiqiang
• Format: Paper
• Language: English
• Published: Ithaca Cornell University Library, arXiv.org 31.10.2023
• Subjects: Datasets; Graph neural networks; Graph representations; Graphical representations; Graphs; Machine learning; Message passing; Privacy; Privatization; Risk management; Structured data
• ISSN: 2331-8422

The paradigm of vertical federated learning (VFL), where institutions collaboratively train machine learning models via combining each other's local feature or label information, has achieved great success in applications to financial risk management (FRM). The surging developments of graph representation learning (GRL) have opened up new opportunities for FRM applications under FL via efficiently utilizing the graph-structured data generated from underlying transaction networks. Meanwhile, transaction information is often considered highly sensitive. To prevent data leakage during training, it is critical to develop FL protocols with formal privacy guarantees. In this paper, we present an end-to-end GRL framework in the VFL setting called VESPER, which is built upon a general privatization scheme termed perturbed message passing (PMP) that allows the privatization of many popular graph neural architectures.Based on PMP, we discuss the strengths and weaknesses of specific design choices of concrete graph neural architectures and provide solutions and improvements for both dense and sparse graphs. Extensive empirical evaluations over both public datasets and an industry dataset demonstrate that VESPER is capable of training high-performance GNN models over both sparse and dense graphs under reasonable privacy budgets.