Graph neural network watermarking method against model stealing attack
By adding a watermark resistant to model theft attacks to the graph neural network and training it with randomization and a flexible nearest neighbor loss function, the problem that existing methods cannot prevent model theft attacks is solved, achieving effective watermark preservation and minimal impact on network performance.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- ZHEJIANG UNIV
- Filing Date
- 2023-03-03
- Publication Date
- 2026-06-26
AI Technical Summary
Existing neural network watermarking methods cannot effectively prevent model theft attacks, threatening the intellectual property rights of graph neural networks.
By incorporating a watermark resistant to model theft attacks into a graph neural network, watermark graph data is generated through randomization and the model is trained using a flexible nearest neighbor loss function. This ensures that the watermark can be maintained under model theft attacks and reduces the impact on network performance.
It achieves effective watermark preservation under model theft attacks, can verify ownership of graph neural networks, and reduces the impact of watermarks on network performance to some extent.
Smart Images

Figure CN116402667B_ABST