TY - GEN
T1 - An Imperceptible and Owner-unique Watermarking Method for Graph Neural Networks
AU - Zhang, Linji
AU - Xue, Mingfu
AU - Zhang, Leo Yu
AU - Zhang, Yushu
AU - Liu, Weiqiang
N1 - Publisher Copyright:
© 2024 Owner/Author.
PY - 2024/7/5
Y1 - 2024/7/5
N2 - Graph Neural Networks (GNNs) have found widespread application across various domains, encompassing but not limited to social network analysis, recommendation systems, and fraud detection. Meanwhile, training a sophisticated GNN model is an extremely resource-intensive process. Therefore, protecting the intellectual property of GNN model becomes essential. However, limited research has been conducted on the protection of intellectual property for GNNs. Additionally, current few watermarking methods employed in the context of GNNs overlook the potential vulnerabilities posed by evasion attack and fraudulent declaration attack. To fill this gap, in this paper, we propose a novel GNN watermarking method utilizing a bi-level optimization framework to embed an imperceptible and owner-unique watermark into GNNs. The proposed method achieves indistinguishability and uniqueness of the injected watermark, establishing a secure mechanism for intellectual property protection for GNNs. We evaluate our method on two benchmark datasets and three GNN models. The results indicate that our method effectively verifies model ownership with minimal impact on their primary task performance. Furthermore, the method exhibits remarkable resilience against model fine-tuning and pruning attacks, as well as security against evasion attacks and fraudulent ownership claims.
AB - Graph Neural Networks (GNNs) have found widespread application across various domains, encompassing but not limited to social network analysis, recommendation systems, and fraud detection. Meanwhile, training a sophisticated GNN model is an extremely resource-intensive process. Therefore, protecting the intellectual property of GNN model becomes essential. However, limited research has been conducted on the protection of intellectual property for GNNs. Additionally, current few watermarking methods employed in the context of GNNs overlook the potential vulnerabilities posed by evasion attack and fraudulent declaration attack. To fill this gap, in this paper, we propose a novel GNN watermarking method utilizing a bi-level optimization framework to embed an imperceptible and owner-unique watermark into GNNs. The proposed method achieves indistinguishability and uniqueness of the injected watermark, establishing a secure mechanism for intellectual property protection for GNNs. We evaluate our method on two benchmark datasets and three GNN models. The results indicate that our method effectively verifies model ownership with minimal impact on their primary task performance. Furthermore, the method exhibits remarkable resilience against model fine-tuning and pruning attacks, as well as security against evasion attacks and fraudulent ownership claims.
KW - Backdoor.
KW - Bi-level optimization framework
KW - Graph neural networks
KW - Intellectual property protection
KW - Watermarking
UR - https://www.scopus.com/pages/publications/85200845377
U2 - 10.1145/3674399.3674443
DO - 10.1145/3674399.3674443
M3 - 会议稿件
AN - SCOPUS:85200845377
T3 - ACM International Conference Proceeding Series
SP - 108
EP - 113
BT - Proceedings of ACM Turing Award Celebration Conference - CHINA 2024, TURC 2024
PB - Association for Computing Machinery
T2 - 2024 ACM Turing Award Celebration Conference China, TURC 2024
Y2 - 5 July 2024 through 7 July 2024
ER -