The deployment of Graph Neural Networks (GNNs) within Machine Learning as a Service (MLaaS) has opened up new attack surfaces and an escalation in security concerns regarding model-centric attacks. These attacks can directly manipulate the GNN model parameters during serving, causing incorrect predictions and posing substantial threats to essential GNN applications. Traditional integrity verification methods falter in this context due to the limitations imposed by MLaaS and the distinct characteristics of GNN models. In this research, we introduce a groundbreaking approach to protect GNN models in MLaaS from model-centric attacks. Our approach includes a comprehensive verification schema for GNN's integrity, taking into account both transductive and inductive GNNs, and accommodating varying pre-deployment knowledge of the models. We propose a query-based verification technique, fortified with innovative node fingerprint generation algorithms. To deal with advanced attackers who know our mechanisms in advance, we introduce randomized fingerprint nodes within our design. The experimental evaluation demonstrates that our method can detect five representative adversarial model-centric attacks, displaying 2 to 4 times greater efficiency compared to baselines.

翻译：图神经网络（GNN）在机器学习即服务（MLaaS）中的部署开辟了新的攻击面，并加剧了关于模型中心攻击的安全担忧。这些攻击可在服务过程中直接操纵GNN模型参数，导致错误预测，对关键GNN应用构成重大威胁。由于MLaaS的限制以及GNN模型的独特特性，传统的完整性验证方法在此情境下失效。在本研究中，我们提出了一种开创性方法，以保护MLaaS中的GNN模型免受模型中心攻击。我们的方法包括一套针对GNN完整性的全面验证方案，同时兼顾直推式与归纳式GNN，并适应模型部署前知识的不同程度。我们提出了一种基于查询的验证技术，该技术通过创新的节点指纹生成算法得到强化。为应对提前知晓我们机制的高级攻击者，我们在设计中引入了随机化指纹节点。实验评估表明，我们的方法能够检测五种具有代表性的对抗性模型中心攻击，其效率相比基线提高2至4倍。