Graph neural network watermarking method against model stealing attack

By adding a watermark resistant to model theft attacks to the graph neural network and training it with randomization and a flexible nearest neighbor loss function, the problem that existing methods cannot prevent model theft attacks is solved, achieving effective watermark preservation and minimal impact on network performance.

CN116402667BActive Publication Date: 2026-06-26ZHEJIANG UNIV

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
ZHEJIANG UNIV
Filing Date
2023-03-03
Publication Date
2026-06-26

AI Technical Summary

Technical Problem

Existing neural network watermarking methods cannot effectively prevent model theft attacks, threatening the intellectual property rights of graph neural networks.

Method used

By incorporating a watermark resistant to model theft attacks into a graph neural network, watermark graph data is generated through randomization and the model is trained using a flexible nearest neighbor loss function. This ensures that the watermark can be maintained under model theft attacks and reduces the impact on network performance.

Benefits of technology

It achieves effective watermark preservation under model theft attacks, can verify ownership of graph neural networks, and reduces the impact of watermarks on network performance to some extent.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN116402667B_ABST
    Figure CN116402667B_ABST
Patent Text Reader

Abstract

The application discloses a graph neural network watermarking method against model stealing attacks, designs a randomization generation method of watermark graph data, and adds a flexible nearest neighbor loss function in training to enable the watermark to remain in the model stolen by the model stealing attack. Secondly, the application optimizes the watermark graph data by designing an optimization method, and improves the performance of the graph neural network with the watermark. Finally, the application designs a matching degree threshold for verifying whether the model contains the watermark.
Need to check novelty before this filing date? Find Prior Art