Intellectual Property in Graph-Based Machine Learning as a Service: Attacks and Defenses

TL;DR

This paper surveys threats to and defenses for protecting intellectual property in graph-based machine learning as a service, introducing a taxonomy, evaluation framework, benchmark datasets, and an open-source library for attack and defense evaluation.

Contribution

It provides the first comprehensive taxonomy of threats and defenses in GML IP protection, along with a systematic evaluation framework, benchmark datasets, and an open-source library for practical assessment.

Findings

Introduces a threat-defense taxonomy specific to GML IP protection.

Develops a systematic evaluation framework for attack and defense methods.

Provides benchmark datasets and an open-source library for GML IP security assessment.

Abstract

Graph-structured data, which captures non-Euclidean relationships and interactions between entities, is growing in scale and complexity. As a result, training state-of-the-art graph machine learning (GML) models have become increasingly resource-intensive, turning these models and data into invaluable Intellectual Property (IP). To address the resource-intensive nature of model training, graph-based Machine-Learning-as-a-Service (GMLaaS) has emerged as an efficient solution by leveraging third-party cloud services for model development and management. However, deploying such models in GMLaaS also exposes them to potential threats from attackers. Specifically, while the APIs within a GMLaaS system provide interfaces for users to query the model and receive outputs, they also allow attackers to exploit and steal model functionalities or sensitive training data, posing severe threats to the safety of these GML models and the underlying graph data. To address these challenges, this survey systematically introduces the first taxonomy of threats and defenses at the level of both GML model and graph-structured data. Such a tailored taxonomy facilitates an in-depth understanding of GML IP protection. Furthermore, we present a systematic evaluation framework to assess the effectiveness of IP protection methods, introduce a curated set of benchmark datasets across various domains, and discuss their application scopes and future challenges. Finally, we establish an open-sourced versatile library named PyGIP, which evaluates various attack and defense techniques in GMLaaS scenarios and facilitates the implementation of existing benchmark methods. The library resource can be accessed at: https://labrai.github.io/PyGIP. We believe this survey will play a fundamental role in intellectual property protection for GML and provide practical recipes for the GML community.