To address the lack of effective intellectual property (IP) protection mechanisms for Graph Neural Networks (GNNs) in link prediction (LP) tasks, this paper proposes the first watermarking framework specifically designed for LP. Methodologically, it introduces a dual-path backdoor strategy that integrates a customized trigger set with a key-driven watermark vector, and innovatively incorporates a Dynamic Watermark Threshold (DWT) mechanism to enhance verification robustness; the framework supports both node-embedding-based and subgraph-based LP paradigms. Extensive experiments on seven real-world datasets demonstrate its efficacy: the scheme achieves >99.99% watermark verification accuracy and exhibits strong robustness against eleven diverse watermark-removal attacks and three categories of model-stealing attacks. Furthermore, an adaptive defense strategy against adversarial attacks is proposed, significantly improving the reliability of ownership authentication.

Graph Neural Networks (GNNs) have become invaluable intellectual property in graph-based machine learning. However, their vulnerability to model stealing attacks when deployed within Machine Learning as a Service (MLaaS) necessitates robust Ownership Demonstration (OD) techniques. Watermarking is a promising OD framework for Deep Neural Networks, but existing methods fail to generalize to GNNs due to the non-Euclidean nature of graph data. Previous works on GNN watermarking have primarily focused on node and graph classification, overlooking Link Prediction (LP). In this paper, we propose GENIE (watermarking Graph nEural Networks for lInk prEdiction), the first-ever scheme to watermark GNNs for LP. GENIE creates a novel backdoor for both node-representation and subgraph-based LP methods, utilizing a unique trigger set and a secret watermark vector. Our OD scheme is equipped with Dynamic Watermark Thresholding (DWT), ensuring high verification probability (>99.99%) while addressing practical issues in existing watermarking schemes. We extensively evaluate GENIE across 4 model architectures (i.e., SEAL, GCN, GraphSAGE and NeoGNN) and 7 real-world datasets. Furthermore, we validate the robustness of GENIE against 11 state-of-the-art watermark removal techniques and 3 model extraction attacks. We also show GENIE's resilience against ownership piracy attacks. Finally, we discuss a defense strategy to counter adaptive attacks against GENIE.