Query-Based Model Extraction Attack on GCN: A Surrogate Model Technique for Non-Euclidean Data
DOI:
https://doi.org/10.1609/aaaiss.v7i1.36895Abstract
Machine learning (ML) models are facing serious threats from Model Extraction Attacks, in which a black-box model owned by a private service provider can be cloned to a surrogate model by an attacker pretending to be a client solely through query-based access. Unfortunately, most of the past studies only focus on ML models, which are trained on Euclidean spaces like images and texts, while model extraction attacks on Graph Neural Network (GNN) models containing node features and graph structure need to be explored. The respective study focuses on investigating and developing a model extraction attack strategy against a Graph Convolutional Network (GCN) model by simulating more realistic conditions for the attacker. The study begins by formalizing threat modeling based on GCN extraction attacks, categorizing potential threats in accordance with the levels of background knowledge accessible to the attacker, such as node attributes and neighbor connections. Subsequently, the study presents a novel method that leverages a learnable feature synthesis module in order to infer missing attributes of unknown neighbor nodes, evaluated using fidelity (85-90 percentage) and KL-divergence (0.28-0.10) to assess behavioral similarity with the victim model, rather than exact parameter recovery. Results demonstrate that even with partial knowledge, the majority of inputs in the target domain yield predictions identical to the original model.
Downloads
Published
2025-11-23
How to Cite
Syed, S., Khalil, A. A., Gupta, K. D., Jabeen, S., & Rahman, M. A. (2025). Query-Based Model Extraction Attack on GCN: A Surrogate
Model Technique for Non-Euclidean Data. Proceedings of the AAAI Symposium Series, 7(1), 265–272. https://doi.org/10.1609/aaaiss.v7i1.36895
Issue
Section
AI Trustworthiness and Risk Assessment for Challenged Contexts (ATRACC)
