GraphDLG: Exploring Deep Leakage from Gradients in Federated Graph Learning

Federated graph learning (FGL) has recently emerged as a promising privacy-preserving paradigm that enables distributed graph learning across multiple data owners. A critical privacy concern in federated learning is whether an adversary can recover raw data from shared gradients, a vulnerability known as deep leakage from gradients (DLG). However, most prior studies on the DLG problem focused on image or text data, and it remains an open question whether graphs can be effectively recovered, particularly when the graph structure and node features are uniquely entangled in GNNs. In this work, we first theoretically analyze the components in FGL and derive a crucial insight: once the graph structure is recovered, node features can be obtained through a closed-form recursive rule. Building on this analysis, we propose GraphDLG, a novel approach to recover raw training graphs from shared gradients in FGL, which can utilize randomly generated graphs or client-side training graphs as auxiliaries to enhance recovery. Extensive experiments demonstrate that GraphDLG outperforms existing solutions by successfully decoupling the graph structure and node features, achieving improvements of over 5.46% (by MSE) for node feature reconstruction and over 25.04% (by AUC) for graph structure reconstruction.

Key Contributions

• Theoretical analysis showing that once graph structure is recovered from gradients, node features can be obtained through a closed-form recursive rule, decoupling the joint recovery problem.
• GraphDLG attack framework that reconstructs raw training graphs from shared gradients in federated GNNs, optionally leveraging randomly generated or client-side auxiliary graphs to improve recovery.
• Empirical demonstration that GraphDLG outperforms existing DLG methods by >5.46% (MSE) on node feature reconstruction and >25.04% (AUC) on graph structure reconstruction.

🛡️ Threat Analysis

Details

Similar Papers