关键词: 无数据模型提取攻击, 图数据生成, 图神经网络, 图神经网络可解释性, 图数据增强

Abstract: Abstract: Data-free model extraction attacks are a class of machine learning security problems based on the fact that the attacker has no knowledge of the training data information required to carry out the attack. Aiming at the research gap of data-free model extraction attacks in the field of graph neural networks, optimizing the graph node feature information and edge information with the graph neural network interpretability method GNNExplainer and graph data enhancement method GAUG-M, respectively was proposed, so as to generate the required graph data and achieve the final graph neural network model extraction. Firstly, the GNNExplainer method was used to obtain the important graph node feature information from the interpretable analysis of the response results of the target model.Secondly, the overall optimization of the graph node feature information was achieved by weighting the important graph node features and downweighting the non-important graph node features.Then, the graph autoencoder was used as the edge information prediction module, which obtained the connection probability information between nodes and nodes according to the optimized graph node features.Finally, the edge information was optimized by adding or deleting the corresponding edges according to the probability. The experiments use three graph neural network model architectures trained on five graph datasets as the target model for extraction attack, and the obtained alternative models achieve 73%-87% accuracy in node classification task and 76%-89.2% consistency with the target model performance, which verifies the effectiveness of the method.

Key words: data-free model extraction attack, graph data generation, graph neural networks, graphical neural network interpretability, graph data enhancement