一种基于流行度分类特征的托攻击检测算法

基于协同过滤的推荐系统容易受到托攻击的危害, 如何检测托攻击成为推荐系统可靠性的关键. 针对现有托攻击检测手段使用基于评分的分类特征易受混淆技术干扰的局限, 本文从用户选择评分项目方式入手, 分析由此造成的用户概貌中已评分项目的流行度分布情况的不同, 提出用于区分正常用户与虚假用户基于流行度的分类特征, 进而得到基于流行度的托攻击检测算法. 实验表明该算法在托攻击检测中具有更强的检测性能与抗干扰性.     

基于属性优化矩阵补全的抗托攻击推荐算法

托攻击是当前推荐系统面临的严峻挑战之一。由于推荐系统的开放性,恶意用户可轻易对其注入精心设计的评分从而影响推荐结果,降低用户体验。基于属性优化结构化噪声矩阵补全技术,提出一种鲁棒的抗托攻击个性化推荐（SATPR）算法,将攻击评分视为评分矩阵中的结构化行噪声并采用L2,1范数进行噪声建模,同时引入用户与物品的属性特征以提高托攻击检测精度。实验表明,SATPR算法在托攻击下可取得比传统推荐算法更精确的个性化评分预测效果。     

推荐系统安全问题及技术研究综述*

从托(shilling)攻击的分类、攻击模型、影响程度评价、检测和防御等几个方面进行系统评述,着重分析了托攻击所面临的关键议题.最后指出了推荐系统托攻击的研究难点和研究方向.     

基于特征指标推荐系统托攻击半监督检测*

推荐系统托攻击检测算法监督学习过度依赖训练集,无监督算法依赖于攻击概貌之间相似性。本文提出一种半监督托攻击检测模型,对标记用户分类计算簇中心,给出中心用户相似度特征属性。对不同攻击选择合适的特征指标,把输入用户划分到不同的簇集中,通过簇集中输入用户全部评分项为最大值的均值与标记用户对该项均值差,确定攻击项。依据特征指标对不同簇集进行两次分类,进而确定攻击对象。实验证明,该检测算法对不同的托攻击有较高的检测准确率。     

用于鲁棒协同推荐的元信息增强变分贝叶斯矩阵分解模型

托攻击是协同过滤推荐系统面临的重大安全威胁. 研究可抵御托攻击的鲁棒协同推荐技术已成为目前的重要课题. 本文在引入用户嫌疑性评估策略的基础上, 通过将用户嫌疑性及项类属等元信息与贝叶斯概率矩阵分解模型相融合, 提出了用于鲁棒协同推荐的元信息增强变分贝叶斯矩阵分解模型(Metadata-enhanced variational Bayesian matrix factorization, MVBMF), 并设计了相应的模型增量学习策略. 实验表明, 与现有推荐模型相比, 这种模型具备更强的攻击耐受力, 能够有效提高推荐系统的鲁棒性.     

基于统计过程控制的协同推荐攻击检测方法

针对恶意攻击者利用协同推荐系统用户偏好敏感的缺陷向系统中注入虚假数据破坏推荐结果真实性的问题,提出基于统计过程控制(SPC)的协同推荐攻击检测方法。该方法将用户概貌项目评价数偏离度作为服务质量控制属性构建休哈特控制图,利用判异规则检测攻击用户,从而完善协同推荐系统模型。实验证明这种检测方法对各种不同的攻击模型都有较高的检测准确率和查全率。     

安全推荐系统中基于信任的检测模型

在网格环境中,推荐系统通过提供高品质的个性化推荐,帮助网格用户选择更好的服务。另外,推荐系统也应用于虚拟机管理平台来评估虚拟机的性能和可靠性。然而,推荐结果对用户偏好信息的敏感性使得推荐系统易受到人为攻击(用户概貌注入攻击或托攻击)。本文中,我们提出并评估了一种新的基于信任的安全检测算法以保护推荐系统抵御用户概貌注入攻击。并且,我们分别在用户级和项目级上讨论了信任检测与RDMA检测的结合。最后,我们通过试验表明这些新的安全检测机制可以取得更好的检测精度。     

基于代价敏感支持向量机的推荐系统托攻击检测方法

基于标准支持向量机的托攻击检测方法不能体现由于用户误分代价不同对分类效果带来的影响,提出了一种基于代价敏感支持向量机的托攻击检测新方法,该方法在代价敏感性学习机制下引入支持向量机作为分类工具,对支持向量机输出进行后验概率建模,建立了基于类别隶属度的动态代价函数,更准确地反映不同样本的分类代价,在此基础上设计了代价敏感支持向量机分类器。将该分类器应用在推荐系统托攻击检测中,并与标准的支持向量机方法、代价敏感支持向量机方法进行比较,实验结果表明,本方法可以更精确地控制代价敏感性,进一步提高对攻击用户的检测精度,降低总体的误分类代价。     

基于攻击检测的用户可信度计算方法

目前的用户概貌攻击检测算法无法避免垃圾用户和真实用户的误判现象,从而影响个性化协同推荐系统的精度。为解决该问题,将时间集中性的概念引入到攻击检测中,提出一种基于正态云模型和时间集中性的可疑评分度量方法,并在此基础上给出一种基于攻击检测的用户可信度计算方法。实验结果表明,该方法能够根据用户评分的真实程度为每个用户计算出评分可信度,提高推荐精度。     

基于语义聚类的协作推荐攻击检测模型

协作过滤推荐模型目前已被广泛应用于电子商务等环境。由于其对用户偏好数据敏感,因此攻击者可以通过注入伪造的用户偏好数据来影响推荐系统的预测。提出了一个基于语义聚类的协作过滤攻击检测模型,从分析项目的语义入手,针对攻击数据中的随机性,通过分析用户兴趣的组合来评判用户偏好数据的真实与否。大量的实验证明,该模型能有效地检测协作过滤推荐中的注入攻击,从而大大提高了推荐系统的鲁棒性和可靠性。     

基于数据非随机缺失机制的推荐系统托攻击探测

协同过滤推荐系统极易受到托攻击的侵害. 开发托攻击探测技术已成为保障推荐系统可靠性与鲁棒性的关键. 本文以数据非随机缺失机制为依托,对导致评分缺失的潜在因素进行解析, 并在概率产生模型框架内将这些潜在因素与Dirichlet过程相融合, 提出了用于托攻击探测的缺失评分潜在因素分析(Latent factor analysis for missing ratings, LFAMR)模型. 实验表明,与现有探测技术相比, LFAMR具备更强的普适性和无监督性, 即使缺乏系统相关先验知识,仍可有效探测各种常见托攻击.     

基于用户声誉的鲁棒协同推荐算法

随着推荐系统在电子商务界的快速发展以及取得的巨大经济收益, 有目的性的托攻击是目前协同过滤系统面临的重大安全威胁, 研究一种可抵御攻击的鲁棒推荐技术已成为目前推荐系统领域的重要课题.本文利用历史记录得到用户声誉, 建立声誉推荐系统, 并结合协同过滤推荐领域内的隐语义模型, 提出基于用户声誉的隐语义模型鲁棒协同算法.本文提出的算法从人为攻击和自然噪声两个方面对系统的鲁棒性进行了改善.在真实的数据集 Movielens 1M 上的实验表明, 与现有的鲁棒性推荐算法相比, 这种算法具有形式简单、可解释性强、稳定的特点, 且在精度得到一定提升的情况下大大增强了系统抵御攻击的能力.     

From similarity perspective: a robust collaborative filtering approach for service recommendations

Collaborative filtering (CF) is a technique commonly used for personalized recommendation and Web service quality-of-service (QoS) prediction. However, CF is vulnerable to shilling attackers who inject fake user profiles into the system. In this paper, we first present the shilling attack problem on CF-based QoS recommender systems for Web services. Then, a robust CF recommendation approach is proposed from a user similarity perspective to enhance the resistance of the recommender systems to the shilling attack. In the approach, the generally used similarity measures are analyzed, and the DegSim (the degree of similarities with top k neighbors) with those measures is selected for grouping and weighting the users. Then, the weights are used to calculate the service similarities/differences and predictions.We analyzed and evaluated our algorithms using WS-DREAM and Movielens datasets. The experimental results demonstrate that shilling attacks influence the prediction of QoS values, and our proposed features and algorithms achieve a higher degree of robustness against shilling attacks than the typical CF algorithms.     

Shilling attack detection utilizing semi-supervised learning method for collaborative recommender system

Collaborative filtering (CF) technique is capable of generating personalized recommendations. However, the recommender systems utilizing CF as their key algorithms are vulnerable to shilling attacks which insert malicious user profiles into the systems to push or nuke the reputations of targeted items. There are only a small number of labeled users in most of the practical recommender systems, while a large number of users are unlabeled because it is expensive to obtain their identities. In this paper, Semi-SAD, a new semi-supervised learning based shilling attack detection algorithm is proposed to take advantage of both types of data. It first trains a naïve Bayes classifier on a small set of labeled users, and then incorporates unlabeled users with EM-λ to improve the initial naïve Bayes classifier. Experiments on MovieLens datasets are implemented to compare the efficiency of Semi-SAD with supervised learning based detector and unsupervised learning based detector. The results indicate that Semi-SAD can better detect various kinds of shilling attacks than others, especially against obfuscated and hybrid shilling attacks.     

一种探测推荐系统托攻击的无监督算法

托攻击是当前推荐系统面临的重大安全性问题之一.开发托攻击探测算法已成为保障推荐系统准确性与鲁棒性的关键.针对现有托攻击探测算法无监督程度较低的局限,在引入攻击概貌群体效应的定量度量及基于此的遗传优化目标函数的基础上,将自适应参数的后验推断与攻击探测过程相融合,提出了迭代贝叶斯推断遗传探测算法,降低了算法探测性能对系统相...     

Robustness analysis of arbitrarily distributed data-based recommendation methods

Due to different shopping routines of people, rating preferences of many customers might be partitioned between two parties. Since two different e-companies might sell products from the same range to the identical set of customers, the type of data partition is called arbitrarily. In the case of arbitrarily distributed data, it is a challenge to produce accurate recommendations for those customers, because their ratings are split. Therefore, researchers propose methods for enabling data holders’ collaboration. In this scenario, privacy becomes a deterrent barrier for collaboration, accordingly, the introduced solutions include private protocols for protecting parties’ confidentiality. Although, private protocols encourage data owners to collaborate, they introduce a new drawback for partnership. Since, whole data is distributed and parties do not have full control of data, any malicious user, who knows that two parties collaborate, can easily insert shilling profiles to system by partitioning them between data holders. Parties can have trouble to find such profile injection attacks by employing existing detection methods because of they are arbitrarily distributed. Since profile injection attacks can easily performed on arbitrarily distributed data-based recommender systems, quality, and reliability of such systems decreases, and it causes angry customers. Therefore, in this paper, we try to describe aforementioned problems with arbitrarily distributed data-based recommender systems. As a first step, we analyze robustness of proposed arbitrarily distributed data-based recommendation methods against six well-known shilling attack types. Secondly, we explain why existing detection methods cannot detect malicious user profiles in distributed data. We perform experiments on a well-known movie data set, and according to our results, arbitrarily distributed data-based recommendation methods are vulnerable to shilling attacks.     

Securing Recommender Systems Against Shilling Attacks Using Social-Based Clustering

Recommender systems (RS) have been found supportive and practical in e-commerce and been established as useful aiding services. Despite their great adoption in the user communities, RS are still vulnerable to unscrupulous producers who try to promote their products by shilling the systems. With the advent of social networks new sources of information have been made available which can potentially render RS more resistant to attacks. In this paper we explore the information provided in the form of social links with clustering for diminishing the impact of attacks. We propose two algorithms, CluTr and WCluTr, to combine clustering with "trust" among users. We demonstrate that CluTr and WCluTr enhance the robustness of RS by experimentally evaluating them on data from a public consumer recommender system Epinions.com.     

基于SVM-KNN的半监督托攻击检测方法

针对支持向量机方法在标记用户数据不充分的情况下无法有效实现托攻击检测的不足,提出一种基于SVM-KNN的半监督托攻击检测方法。根据少量标记用户数据训练一个初始SVM分类器,利用初始SVM对大量未标记用户数据进行分类,挑选出分类边界附近有可能成为支持向量的样本点,利用KNN分类器优化边界向量的标记质量,再将重新标注过的边界向量融入训练集,迭代训练逐步改善SVM的分类边界,最终获得系统决策函数。实验结果表明在标记用户数据较少的情况下,方法能有效提高托攻击的检测精度和效率,具有较强的推广能力。     

基于SVD的协同过滤算法的欺诈攻击行为分析

协同过滤是一种个性化推荐系统最常用的技术,但它对用户概貌信息较为敏感,欺诈攻击者很容易通过注入有偏差的用户概貌使系统的推荐结果有利于他们。研究表明欺诈攻击的攻击模型、攻击成本对攻击性能有不同程度的影响。针对这个问题,实验分析基于奇异值分解（SVD）的协同过滤算法在不同攻击模型下的性能表现,并以三种评估参数分析不同填充规模和攻击规模对攻击效率的影响。