TL;DR
CopyCop is a novel algorithm that verifies ownership of graph neural networks by detecting if one GNN is a transformed copy of another, with proven guarantees and robust experimental validation.
Contribution
We introduce CopyCop, the first method capable of identifying transformed copycat GNNs with theoretical guarantees and extensive empirical validation.
Findings
CopyCop accurately detects copycat GNNs across diverse datasets and architectures.
It remains robust against various adversarial transformations and attacks.
Theoretical guarantees support its effectiveness in ownership verification.
Abstract
Given two GNNs that output node embeddings, how can we determine if they were trained independently? An adversary could have trained one GNN specifically to mimic the other GNN's embeddings. To obscure this relationship between the GNNs, the adversarial GNN might then transform its output embeddings. The two GNNs could have different architectures, weights, and embedding dimensions, and the adversary can transform the embeddings. Despite these stringent conditions, our algorithm (named CopyCop) can identify such copycat GNNs, unlike existing watermarking and fingerprinting methods. We also provide theoretical guarantees for CopyCop. Finally, experiments on 14 datasets and 5 GNN architectures demonstrate that CopyCop is accurate and robust against a broad class of adversarial attacks and transformations. Code is available at:…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
