GraphIP-Bench: Unified Benchmark for GNN Model Extraction Attacks and Defenses

GraphIP-Bench, a novel benchmark, assesses model-extraction attacks and defenses for graph neural networks (GNNs) through a unified black-box protocol. It encompasses twelve extraction attacks and twelve defenses, which include techniques like watermarking, output perturbation, and query pattern detection. The benchmark utilizes ten public graphs that span homophilic, heterophilic, and large-scale domains, alongside three GNN backbones and three graph-learning tasks. It measures fidelity, task utility, and ownership verification. Previous studies struggled to evaluate the complexity of attacks or the efficacy of defenses due to varying datasets, threat models, and metrics. GraphIP-Bench fills this void by offering a cohesive framework.