A study of graph neural networks for link prediction on vulnerability to membership attacks

Graph neural networks (GNNs) have shown great promise in a variety of tasks involving graph data, including recommendation systems. However, as GNNs become more widely adopted in practical applications, concerns have arisen about their vulnerability to adversarial attacks. These attacks can lead to biased recommendations, potentially causing economic losses and safety risks. In this work, we consider an industrial application of recommendation systems for transport logistics and study their vulnerability to membership inference attacks. The dataset represents real train flows in Russia, published in the ETIS project. Experiments with three popular GNN architectures show that all of them can be successfully attacked even when the adversary has minimal background knowledge. Specifically, an attacker with access to only 1-2% of the actual data can successfully train their own GNN model to infer the membership of a shipper-consignee association in the training set with an accuracy over 94%. Our study also confirms that overfitting is the primary factor that influences the attack performance of recommendation systems.