This is a TensorFlow implementation of NetFense:
NetFense can simultaneously keep graph data unnoticeability (i.e., having limited changes on the graph structure), maintain the prediction confidence of targeted label classification (i.e., preserving data utility), and reduce the prediction confidence of private label classification (i.e., protecting the privacy of nodes).
We borrowed part of code from Zugner et. al., ̈ Adversarial attacks on neural networks for graph data." In Proceedings of the 24th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining, AAAI ’18, pages 2847–2856, 2018.
An elaboration of privacy-protected graph perturbation as shown in the Figure below. (Left): we expect a method to perturb the given graph by removing an edge and adding a new one such that two requirements are satisfied: (1) The prediction confidence (y-axis) on private labels (i.e., square and circle) is lowered down, i.e., decreasing the risk of leaking privacy. (2) The prediction confidence on targeted labels (i.e., light green and yellow) is maintained, i.e., keeping the data utility. (Right): The proposed NetFense model can achieve such two requirements, compared to clean and perturbed data generated by Netteck.
pip install -r requirements.txt
- TensorFlow (1.0 or later)
- numpy
- scikit-learn
- scipy
- numba
Run NetFense for one sample of network data (Citeseer), and show margin of TLC and PLC before/after. (The training seed is not fixed so evaluating scores would change for each run.)
python run.py
--data_name Dataset
--verbose Print log
--n_hid hidden size of GCN
--tar target node
--AE_par Perturbation par
--ME_par Maintenance par
Data source can be found by Cora and Citeseer / PIT.