GNNGuard: A Fingerprinting Framework for Verifying Ownerships of Graph Neural Networks
Keywords: Graph Neural Networks, Intellectual Property Protection
TL;DR: To our best knowledge, GNNGuard is the first fingerprinting framework for protecting the intellectual property of GNNs on different graph tasks.
Abstract: Graph neural networks (GNNs) have emerged as the state of the art for a variety of graph-related tasks and have been widely commercialized in real-world scenarios. Behind its revolutionary representation capability, the huge training costs also expose GNNs to the risks of potential model piracy attacks which threaten the intellectual property (IP) of GNNs. In this work, we design a novel and effective ownership verification framework for GNN called \emph{GNNGuard} to safeguard the IP of GNNs. The key design of the proposed framework is two-fold: graph fingerprint construction and robust verification module. With GNNGuard, a GNN model owner can verify if a deployed model is stolen from the source GNN simply by querying with graph inputs. Besides, GNNGuard could be applied to various GNN models and graph-related tasks. We extensively evaluate the proposed framework on various GNNs designed for multiple graph-related tasks including graph classification, graph matching, node classification, and link prediction. Our results show that GNNGuard can robustly distinguish post-processed surrogate GNNs from irrelevant GNNs, e.g., GNNGuard achieves $100\%$ true positives and $100\%$ true negatives on the test of $200$ suspect GNNs of both graph classification and node classification tasks.
Track: Graph Algorithms and Learning for the Web
Submission Guidelines Scope: Yes
Submission Guidelines Blind: Yes
Submission Guidelines Format: Yes
Submission Guidelines Limit: Yes
Submission Guidelines Authorship: Yes
Student Author: Yes
Submission Number: 1091
Loading