Go to ICLR 2026 Conference homepageCold Start in the Dark: Efficient and Practical Model Extraction of GNNs
Keywords: Model Extraction, Graph Neural Networks, Active Learning, Self-Supervised Learning, Black-Box Attacks
TL;DR: We introduce MIME, an attack that efficiently extracts GNN models under realistic, low-information "cold start" conditions by using unsupervised learning to bootstrap a query-efficient active learning strategy.
Abstract: The deployment of Graph Neural Networks (GNNs) on MLaaS platforms makes them vulnerable to Model Extraction Attacks (MEAs), where an adversary queries a proprietary model's API to reconstruct a high-fidelity surrogate. However, the practicality of current methods is limited by unrealistic assumptions, such as access to detailed soft-label probabilities, large initial seed datasets, or permissive query budgets. To address this gap, this work introduces MIME, a framework designed for the more stringent and realistic "Cold Start in the Dark'' problem, where an adversary operates with no initial labels and only hard-label feedback under a tight budget. MIME resolves the critical cold start challenge using unsupervised pre-training to establish a strong structural baseline from the topology alone. This bootstraps a query-efficient active learning loop that strategically balances node uncertainty and diversity, ensuring robustness through adaptive graph regularization. Extensive experiments show that MIME achieves strong performance on both model accuracy and fidelity. The findings demonstrate a practical and stealthy attack vector, exposing a concrete security risk to production GNNs by succeeding under realistic adversarial constraints.
Primary Area: learning on graphs and other geometries & topologies
Submission Number: 17488
Loading