Go to NeurIPS 2025 Workshop NPGML homepageModel Extraction Without Graphs Structure: How Homophily Drives Attack Effectiveness
Keywords: model extraction attack, graph neural networks, graph homophily, structure-free attack, heterophily resilience, graph structure learning
Abstract: Model extraction attacks on Graph Neural Networks (GNNs) have traditionally been studied under assumptions of high homophily and full access to the graph structure, which oversimplifies real-world attack scenarios. In practice, attackers often lack access to the original graph topology, making structure-free settings more realistic and critical to study, as they reflect common constraints in privacy-sensitive or proprietary graph-based systems. This study investigates model extraction under such constraints and identifies graph homophily as the central factor driving attack success. Through extensive empirical evaluation, we show that homophily between the training and test node partitions is the primary driver of extraction success: higher homophily markedly increases attack fidelity. Counterintuitively, we find that heterophily-resilient GNN architectures are more vulnerable to these attacks than homophily-sensitive models. Furthermore, while Graph Structure Learning (GSL) methods can improve extraction fidelity by inferring proxy graph structures, their benefits are strongly dependent on underlying homophily levels and are most pronounced in high-homophily scenarios. Our findings establish homophily as a central factor in GNN security, providing new insights for designing robust architectures and defenses in structure-limited environments.
Submission Number: 62
Loading