Graph Retrieval-Augmented Generation (GraphRAG) has emerged as a key technique for enhancing Large Language Models (LLMs) with proprietary Knowledge Graphs (KGs) in knowledge-intensive applications. As these KGs often represent an organization's highly valuable intellectual property (IP), they face a significant risk of theft for private use. In this scenario, attackers operate in isolated environments. This private-use threat renders passive defenses like watermarking ineffective, as they require output access for detection. Simultaneously, the low-latency demands of GraphRAG make strong encryption which incurs prohibitive overhead impractical. To address these challenges, we propose AURA, a novel framework based on Data Adulteration designed to make any stolen KG unusable to an adversary. Our framework pre-emptively injects plausible but false adulterants into the KG. For an attacker, these adulterants deteriorate the retrieved context and lead to factually incorrect responses. Conversely, for authorized users, a secret key enables the efficient filtering of all adulterants via encrypted metadata tags before they are passed to the LLM, ensuring query results remain completely accurate. Our evaluation demonstrates the effectiveness of this approach: AURA degrades the performance of unauthorized systems to an accuracy of just 5.3%, while maintaining 100% fidelity for authorized users with negligible overhead. Furthermore, AURA proves robust against various sanitization attempts, retaining 80.2% of its adulterants.

翻译：图检索增强生成（GraphRAG）已成为在知识密集型应用中利用专有知识图谱增强大型语言模型的关键技术。由于这些知识图谱通常代表组织极具价值的智力资产，它们面临着被窃取用于私人用途的重大风险。在此场景中，攻击者在隔离环境中操作。这种私人用途威胁使得水印等被动防御措施失效，因为它们需要访问输出进行检测。同时，GraphRAG的低延迟需求使得会产生过高开销的强加密方案不切实际。为应对这些挑战，我们提出AURA——一种基于数据掺假的新型框架，旨在使任何被盗知识图谱对攻击者变得无用。我们的框架预先向知识图谱中注入看似合理但虚假的掺假信息。对攻击者而言，这些掺假信息会劣化检索上下文并导致事实错误的响应。相反，对于授权用户，可通过加密元数据标签在知识图谱传递给大型语言模型前高效过滤所有掺假信息，从而确保查询结果完全准确。我们的评估证明了该方法的有效性：AURA将未授权系统的性能降低至仅5.3%的准确率，同时以可忽略的开销为授权用户保持100%的保真度。此外，AURA被证明能抵抗各种净化尝试，保留80.2%的掺假信息。