摘要
Machine learning models(机器学习模型) are shown to face(面临着) a severe threat(严重的威胁) from Model Extraction Attacks(模型窃取攻击), where a well-trained private model(训练有素的私有模型) owned by a service provider(服务提供商拥有的) can be stolen(窃取) by an attacker pretending as a client(伪装成客户端的攻击者). Unfortunately(不幸的是), prior works(之前的工作) focus on(集中在) the models trained over the Euclidean space(欧几里得空间), e.g., images and texts(图像和文本), while how to extract(提取) a GNN model that contains a graph structure and node features(包含图结构和节点特征) is yet to be explored(还有待探索). In this paper, for the first time(首次), we comprehensively investigate(全面研究ÿ