EPS
← All batches·2605.19644

Inferring Sensitive Attributes from Knowledge Graph Embeddings: Attack and Defense Strategies

topic: current_projecttop score: 90released: 2026-05-20first surfaced: 2026-05-20arXivPDFlinked_to_results2026-05-20

Authors: Yasmine Hayder (PETSCRAFT)

arXiv · PDF

Summary

arXiv:2605. 19644v1 Announce Type: new Abstract: Knowledge Graphs (KGs) are a powerful representation of linked data, offering flexibility, semantic richness, and support for knowledge enrichment and reasoning.

Relevance

Read next because Inferring Sensitive Attributes from Knowledge Graph Embeddings: Attack and Defense Strategies overlaps with clean result "Only continuous soft prefixes hit both EM axes at once on Qwen-2.5-7B-Instruct: discrete prompt searches split between the alignment objective and the distributional objective, and both discretizations of the soft prefix collapse (MODERATE confidence)", clean result "The marker is a representational handle, not a behavioural one — sharing it between a villain persona and the assistant transfers no misalignment (HIGH confidence)", experiment "#351 follow-up: broader-vocab position-0 sweep at T=1.0 + position-1 suffix isolation". Matching terms: eval, rate, model. Source: arxiv cs.CR (Cryptography and Security).

Abstract

arXiv:2605.19644v1 Announce Type: new Abstract: Knowledge Graphs (KGs) are a powerful representation of linked data, offering flexibility, semantic richness, and support for knowledge enrichment and reasoning. They help data owners organize and exploit heterogeneous data to provide insightful services (e.g., recommendations), yet real-world KGs are often incomplete, hiding true facts or missing valuable insights. Knowledge graph embedding techniques are commonly used to infer valuable missing information. However, reasoning over KGs can inadvertently expose sensitive user information, even when such data is not explicitly stored. In this work, we investigate the privacy risks associated with KGE-based reasoning, focusing on attribute inference attacks where adversaries attempt to deduce sensitive user attributes from seemingly non-sensitive outputs. We propose and evaluate a framework that mitigates these privacy risks by applying post processing sanitization techniques to KGE outputs. Preliminary results demonstrate the effectiveness of these attacks on the outputs of KGE models, and explore the trade-off between recommendation quality and privacy protection when applying randomization based approaches, highlighting the need to experiment with more advanced techniques in future work to address this issue.