Data-free model extraction attacks are a class of machine learning security problems based on the fact that the attacker has no knowledge of the training data information required to carry out the attack. Aiming at the research gap of data-free model extraction attacks in the field of Graphical Neural Network （GNN）， a GNN model extraction attack method was proposed. The graph node feature information and edge information were optimized with the graph neural network interpretability method GNNExplainer and the graph data enhancement method GAUG-M， respectively， so as to generate the required graph data and achieve the final GNN model extraction. Firstly， the GNNExplainer method was used to obtain the important graph node feature information from the interpretable analysis of the response results of the target model. Secondly， the overall optimization of the graph node feature information was achieved by up weighting the important graph node features and downweighting the non-important graph node features. Then， the graph autoencoder was used as the edge information prediction module， which obtained the connection probability information between nodes according to the optimized graph node features. Finally， the edge information was optimized by adding or deleting the corresponding edges according to the probability. Three GNN model architectures trained on five graph datasets were experimented as the target models for extraction attacks， and the obtained alternative models achieve 73% to 87% accuracy in node classification task and 76% to 89% fidelity with the target model performance， which verifies the effectiveness of the proposed method.

In data poisoning attacks， backdoor attackers manipulate the distribution of training data by inserting the samples with hidden triggers into the training set to make the test samples misclassified so as to change model behavior and reduce model performance. However， the drawback of the existing triggers is the sample independence， that is， no matter what trigger mode is adopted， different poisoned samples contain the same triggers. Therefore， by combining image steganography and Deep Convolutional Generative Adversarial Network （DCGAN）， an attack method based on sample was put forward to generate image texture feature maps according to the gray level co-occurrence matrix， embed target label character into the texture feature maps as a trigger by using the image steganography technology， and combine texture feature maps with trigger and clean samples into poisoned samples. Then， a large number of fake pictures with trigger were generated through DCGAN. In the training set samples， the original poisoned samples and the fake pictures generated by DCGAN were mixed together to finally achieve the effect that after the poisoner injecting a small number of poisoned samples， the attack rate was high and the effectiveness， sustainability and concealment of the trigger were ensured. Experimental results show that this method avoids the disadvantages of sample independence and has the model accuracy reached 93.78%. When the proportion of poisoned samples is 30%， data preprocessing， pruning defense and AUROR defense have the least influence on the success rate of attack， and the success rate of attack can reach about 56%.

Accurately identifying named entities is helpful to construct professional knowledge graphs and question answering systems. Named Entity Recognition （NER） technology based on deep learning has been widely used in a variety of professional fields. However， there are relatively few researches on NER in the field of materials. Concerning the problem of small scale of datasets and high complexity of entity words for supervised learning in NER of materials field， the large-scale unstructured materials field literature data were used to train the subword embedding word segmentation model based on Unigram Language Model （ULM）， and the information contained in the word structure was fully utilized to enhance the robustness of the model. At the same time， the entity recognition model with BiLSTM-CRF （Bi-directional Long-Short Term Memory-Conditional Random Field） model as the basis and combined with the Relative Multi-Head Attention（RMHA）capable of perceiving direction and distance of words was proposed to improve the sensitivity of the model to keywords. Compared with BiLSTM-CNNs-CRF， SciBERT （Scientific BERT） and other models， the obtained BiLSTM-RMHA-CRF model combining with the ULM subword embedding method increased the value of Macro F1 by 2-4 percentage points on Solid Oxide Fuel Cell （SOFC） NER dataset， and 3-8 percentage points on SOFC fine-grained entity recognition dataset. Experimental results show that the recognition model based on subword embedding and relative attention can effectively improve the recognition accuracy of entities in the materials field.