What problem does this paper attempt to address?

The problem that this paper attempts to solve is the efficient model - stealing attack against Inductive Graph Neural Networks (GNNs). Specifically, the authors propose a new unsupervised model - stealing attack method, aiming to efficiently extract information from the target GNN through contrastive learning and spectral graph augmentation techniques. The following is a detailed analysis of this problem: ### Research Background and Motivation 1. **Importance of GNNs**: - Graph Neural Networks (GNNs) perform well in processing graph - structured data, especially in fields such as molecules, social networks, and complex infrastructures. - Inductive GNNs can handle unseen nodes or graphs, which makes them very important in many application scenarios. 2. **Threat of Model - Stealing Attacks**: - Machine - learning models (including GNNs) are vulnerable to model - stealing attacks, where attackers copy their functions or parameters by querying the target model's API. - Although there has been much research on stealing attacks on image and text models, relatively little research has been done on stealing attacks against GNNs. ### Main Contributions of the Paper 1. **Proposal of a New Method**: - A contrastive - learning - based unsupervised GNN model - stealing attack method is proposed. This method is trained by maximizing the consistency of node representations between the target model and the surrogate model. - Spectral graph augmentation techniques (such as spectral cropping and frequency component re - ordering) are introduced to generate multiple graph views, thereby improving the effect of contrastive learning. 2. **Performance Improvement**: - Experiments were carried out on six benchmark datasets, and the results show that this method outperforms the current state - of - the - art method (Shen et al., 2021) in all benchmark tests. - The new method not only improves the fidelity of the stolen model and the accuracy of downstream tasks but also reduces the number of required queries. ### Technical Details 1. **Contrastive Learning Framework**: - For an input graph \( G=(X, A) \), two augmented graph views \( G'=(X', A') \) are generated. - The surrogate model \( M_S \) generates embeddings \( H_S \) according to the augmented graph and maps them to a shared representation space through a nonlinear projection head \( g() \). - A contrastive loss function \( J \) is used to minimize the difference between the target model \( M_T \) and the surrogate model \( M_S \): \[ J =-\frac{1}{2n}\sum_{i = 1}^{n}[\ell_i(t, s)+\ell_i(s, t)] \] where \[ \ell_i(x, y)=\log\frac{\exp(c(x_i, y_i)/\tau)}{\sum_{k = 1}^{n}\exp(c(x_i, y_k)/\tau)+\sum_{k\neq i}\exp(c(y_i, y_k)/\tau)} \] \( c \) represents cosine similarity, and \( \tau \) is a temperature parameter. 2. **Spectral Graph Augmentation**: - The spectral characteristics of the graph are used for augmentation to ensure that changes in different frequency components help the model learn more robust and discriminative features. - For example, for two random augmentations \( V_1 \) and \( V_2 \), if the following condition is met, they form an effective contrastive augmentation pair: \[ |\varphi V_1(\lambda_m)-\varphi V_2(\lambda_m)| > |\varphi V_1(\lambda_n)-\varphi V_2(\lambda_n)| \] ### Experimental Verification - Experiments were carried out on six benchmark datasets (DBLP, Pubmed, Citeseer Full, Coauthor Physics, ACM, Amazon Co - purchase Network for Photos). - The results show that the new method significantly outperforms in terms of accuracy and fidelity.