CEGA: A Cost-Effective Approach for Graph-Based Model Extraction and Acquisition

TL;DR

This paper investigates the vulnerability of Graph Neural Networks to model extraction attacks and introduces a cost-effective node querying strategy that enhances model fidelity and accuracy under strict query limitations, benefiting research with limited labeling resources.

Contribution

The paper proposes a novel iterative node querying strategy tailored for scenarios with limited initial data and restricted queries, improving GNN extraction efficiency and fidelity.

Findings

GNNs are vulnerable to model extraction attacks.

The proposed strategy outperforms baselines in accuracy and fidelity.

Effective for low-resource research environments.

Abstract

Graph Neural Networks (GNNs) have demonstrated remarkable utility across diverse applications, and their growing complexity has made Machine Learning as a Service (MLaaS) a viable platform for scalable deployment. However, this accessibility also exposes GNN to serious security threats, most notably model extraction attacks (MEAs), in which adversaries strategically query a deployed model to construct a high-fidelity replica. In this work, we evaluate the vulnerability of GNNs to MEAs and explore their potential for cost-effective model acquisition in non-adversarial research settings. Importantly, adaptive node querying strategies can also serve a critical role in research, particularly when labeling data is expensive or time-consuming. By selectively sampling informative nodes, researchers can train high-performing GNNs with minimal supervision, which is particularly valuable in domains such as biomedicine, where annotations often require expert input. To address this, we propose a node querying strategy tailored to a highly practical yet underexplored scenario, where bulk queries are prohibited, and only a limited set of initial nodes is available. Our approach iteratively refines the node selection mechanism over multiple learning cycles, leveraging historical feedback to improve extraction efficiency. Extensive experiments on benchmark graph datasets demonstrate our superiority over comparable baselines on accuracy, fidelity, and F1 score under strict query-size constraints. These results highlight both the susceptibility of deployed GNNs to extraction attacks and the promise of ethical, efficient GNN acquisition methods to support low-resource research environments.