Robustness analysis of privacy-preserving model-based recommendation schemes

Privacy-preserving model-based recommendation methods are preferable over privacy-preserving memory-based schemes due to their online efficiency. Model-based prediction algorithms without privacy concerns have been investigated with respect to shilling attacks. Similarly, various privacy-preserving model-based recommendation techniques have been proposed to handle privacy issues. However, privacy-preserving model-based collaborative filtering schemes might be subjected to shilling or profile injection attacks. Therefore, their robustness against such attacks should be scrutinized.In this paper, we investigate robustness of four well-known privacy-preserving model-based recommendation methods against six shilling attacks. We first apply masked data-based profile injection attacks to privacy-preserving k-means-, discrete wavelet transform-, singular value decomposition-, and item-based prediction algorithms. We then perform comprehensive experiments using real data to evaluate their robustness against profile injection attacks. Next, we compare non-private model-based methods with their privacy-preserving correspondences in terms of robustness. Moreover, well-known privacy-preserving memory- and model-based prediction methods are compared with respect to robustness against shilling attacks. Our empirical analysis show that couple of model-based schemes with privacy are very robust.     

一种基于流行度分类特征的托攻击检测算法

基于协同过滤的推荐系统容易受到托攻击的危害, 如何检测托攻击成为推荐系统可靠性的关键. 针对现有托攻击检测手段使用基于评分的分类特征易受混淆技术干扰的局限, 本文从用户选择评分项目方式入手, 分析由此造成的用户概貌中已评分项目的流行度分布情况的不同, 提出用于区分正常用户与虚假用户基于流行度的分类特征, 进而得到基于流行度的托攻击检测算法. 实验表明该算法在托攻击检测中具有更强的检测性能与抗干扰性.     

基于用户声誉的鲁棒协同推荐算法

随着推荐系统在电子商务界的快速发展以及取得的巨大经济收益, 有目的性的托攻击是目前协同过滤系统面临的重大安全威胁, 研究一种可抵御攻击的鲁棒推荐技术已成为目前推荐系统领域的重要课题.本文利用历史记录得到用户声誉, 建立声誉推荐系统, 并结合协同过滤推荐领域内的隐语义模型, 提出基于用户声誉的隐语义模型鲁棒协同算法.本文提出的算法从人为攻击和自然噪声两个方面对系统的鲁棒性进行了改善.在真实的数据集 Movielens 1M 上的实验表明, 与现有的鲁棒性推荐算法相比, 这种算法具有形式简单、可解释性强、稳定的特点, 且在精度得到一定提升的情况下大大增强了系统抵御攻击的能力.     

基于SVD的协同过滤算法的欺诈攻击行为分析

协同过滤是一种个性化推荐系统最常用的技术,但它对用户概貌信息较为敏感,欺诈攻击者很容易通过注入有偏差的用户概貌使系统的推荐结果有利于他们。研究表明欺诈攻击的攻击模型、攻击成本对攻击性能有不同程度的影响。针对这个问题,实验分析基于奇异值分解（SVD）的协同过滤算法在不同攻击模型下的性能表现,并以三种评估参数分析不同填充规模和攻击规模对攻击效率的影响。     

融合层次聚类和粒子群优化的鲁棒推荐算法

针对现有的推荐算法面对托攻击时鲁棒性差的情况,提出一种融合层次聚类和粒子群优化的鲁棒推荐算法.首先,根据用户评分矩阵,使用层次聚类将用户聚为两类,并根据平均类内距离进行类别判定,对攻击概貌进行标记;然后,基于矩阵分解技术,引入粒子群优化技术进行特征矩阵初始化,为模型训练提供初始最优解;最后,根据攻击概貌标识结果构造标记函数,降低对模型训练过程的影响,实现对目标用户的鲁棒推荐.在公共数据集上将本文提出的算法和其他算法进行了实验对比分析,结果显示提出的算法在鲁棒性方面有很大的提升,推荐精度也有提高.     

From similarity perspective: a robust collaborative filtering approach for service recommendations

Collaborative filtering (CF) is a technique commonly used for personalized recommendation and Web service quality-of-service (QoS) prediction. However, CF is vulnerable to shilling attackers who inject fake user profiles into the system. In this paper, we first present the shilling attack problem on CF-based QoS recommender systems for Web services. Then, a robust CF recommendation approach is proposed from a user similarity perspective to enhance the resistance of the recommender systems to the shilling attack. In the approach, the generally used similarity measures are analyzed, and the DegSim (the degree of similarities with top k neighbors) with those measures is selected for grouping and weighting the users. Then, the weights are used to calculate the service similarities/differences and predictions.We analyzed and evaluated our algorithms using WS-DREAM and Movielens datasets. The experimental results demonstrate that shilling attacks influence the prediction of QoS values, and our proposed features and algorithms achieve a higher degree of robustness against shilling attacks than the typical CF algorithms.     

Unsupervised strategies for shilling detection and robust collaborative filtering

Collaborative filtering systems are essentially social systems which base their recommendation on the judgment of a large number of people. However, like other social systems, they are also vulnerable to manipulation by malicious social elements. Lies and Propaganda may be spread by a malicious user who may have an interest in promoting an item, or downplaying the popularity of another one. By doing this systematically, with either multiple identities, or by involving more people, malicious user votes and profiles can be injected into a collaborative recommender system. This can significantly affect the robustness of a system or algorithm, as has been studied in previous work. While current detection algorithms are able to use certain characteristics of shilling profiles to detect them, they suffer from low precision, and require a large amount of training data. In this work, we provide an in-depth analysis of shilling profiles and describe new approaches to detect malicious collaborative filtering profiles. In particular, we exploit the similarity structure in shilling user profiles to separate them from normal user profiles using unsupervised dimensionality reduction. We present two detection algorithms; one based on PCA, while the other uses PLSA. Experimental results show a much improved detection precision over existing methods without the usage of additional training time required for supervised approaches. Finally, we present a novel and highly effective robust collaborative filtering algorithm which uses ideas presented in the detection algorithms using principal component analysis.     

Shilling attack detection utilizing semi-supervised learning method for collaborative recommender system

Collaborative filtering (CF) technique is capable of generating personalized recommendations. However, the recommender systems utilizing CF as their key algorithms are vulnerable to shilling attacks which insert malicious user profiles into the systems to push or nuke the reputations of targeted items. There are only a small number of labeled users in most of the practical recommender systems, while a large number of users are unlabeled because it is expensive to obtain their identities. In this paper, Semi-SAD, a new semi-supervised learning based shilling attack detection algorithm is proposed to take advantage of both types of data. It first trains a naïve Bayes classifier on a small set of labeled users, and then incorporates unlabeled users with EM-λ to improve the initial naïve Bayes classifier. Experiments on MovieLens datasets are implemented to compare the efficiency of Semi-SAD with supervised learning based detector and unsupervised learning based detector. The results indicate that Semi-SAD can better detect various kinds of shilling attacks than others, especially against obfuscated and hybrid shilling attacks.     

Robustness analysis of arbitrarily distributed data-based recommendation methods

Due to different shopping routines of people, rating preferences of many customers might be partitioned between two parties. Since two different e-companies might sell products from the same range to the identical set of customers, the type of data partition is called arbitrarily. In the case of arbitrarily distributed data, it is a challenge to produce accurate recommendations for those customers, because their ratings are split. Therefore, researchers propose methods for enabling data holders’ collaboration. In this scenario, privacy becomes a deterrent barrier for collaboration, accordingly, the introduced solutions include private protocols for protecting parties’ confidentiality. Although, private protocols encourage data owners to collaborate, they introduce a new drawback for partnership. Since, whole data is distributed and parties do not have full control of data, any malicious user, who knows that two parties collaborate, can easily insert shilling profiles to system by partitioning them between data holders. Parties can have trouble to find such profile injection attacks by employing existing detection methods because of they are arbitrarily distributed. Since profile injection attacks can easily performed on arbitrarily distributed data-based recommender systems, quality, and reliability of such systems decreases, and it causes angry customers. Therefore, in this paper, we try to describe aforementioned problems with arbitrarily distributed data-based recommender systems. As a first step, we analyze robustness of proposed arbitrarily distributed data-based recommendation methods against six well-known shilling attack types. Secondly, we explain why existing detection methods cannot detect malicious user profiles in distributed data. We perform experiments on a well-known movie data set, and according to our results, arbitrarily distributed data-based recommendation methods are vulnerable to shilling attacks.     

基于属性优化矩阵补全的抗托攻击推荐算法

托攻击是当前推荐系统面临的严峻挑战之一。由于推荐系统的开放性,恶意用户可轻易对其注入精心设计的评分从而影响推荐结果,降低用户体验。基于属性优化结构化噪声矩阵补全技术,提出一种鲁棒的抗托攻击个性化推荐（SATPR）算法,将攻击评分视为评分矩阵中的结构化行噪声并采用L2,1范数进行噪声建模,同时引入用户与物品的属性特征以提高托攻击检测精度。实验表明,SATPR算法在托攻击下可取得比传统推荐算法更精确的个性化评分预测效果。     

Robust recommendation method based on suspicious users measurement and multidimensional trust

The existing collaborative recommendation algorithms have poor robustness against shilling attacks. To address this problem, in this paper we propose a robust recommendation method based on suspicious users measurement and multidimensional trust. Firstly, we establish the relevance vector machine classifier according to the user profile features to identify and measure the suspicious users in the user rating database. Secondly, we mine the implicit trust relation among users based on the user-item rating data, and construct a reliable multidimensional trust model by integrating the user suspicion information. Finally, we combine the reliable multidimensional trust model, the neighbor model and matrix factorization model to devise a robust recommendation algorithm. The experimental results on the MovieLens dataset show that the proposed method outperforms the existing methods in terms of both recommendation accuracy and robustness.     

基于评分离散度的托攻击检测算法

检测托攻击的本质是对真实用户和虚假用户进行分类,现有的检测算法对于具有选择项的流行攻击、段攻击等攻击方式的检测鲁棒性较差.针对这一问题,通过分析真实用户和虚假用户的评分分布情况,结合ID3决策树提出基于用户评分离散度的托攻击检测Dispersion-C算法.算法通过用户评分极端评分比、去极端评分方差和用户评分标准差3个...     

基于非负矩阵分解的托攻击检测算法

针对现有的无监督检测算法对正常用户误检率较高的问题,提出了一种基于矩阵分解的托攻击检测算法。对评分矩阵采用非负矩阵分解技术提取出用户的特征。采用K-means聚类方法对提取出的用户特征聚类,得到初始正常用户集和初始托用户集。利用初始正常用户集的特征对初始托用户集进行二次分类,进一步提高托攻击用户检测的准确率。实验结果表明,所提出的检测算法与其他检测算法相比较能够更有效地检测出托攻击。     

A novel classification-based shilling attack detection approach for multi-criteria recommender systems

Recommender systems are emerging techniques guiding individuals with provided referrals by considering their past rating behaviors. By collecting multi-criteria preferences concentrating on distinguishing perspectives of the items, a new extension of traditional recommenders, multi-criteria recommender systems reveal how much a user likes an item and why user likes it; thus, they can improve predictive accuracy. However, these systems might be more vulnerable to malicious attacks than traditional ones, as they expose multiple dimensions of user opinions on items. Attackers might try to inject fake profiles into these systems to skew the recommendation results in favor of some particular items or to bring the system into discredit. Although several methods exist to defend systems against such attacks for traditional recommenders, achieving robust systems by capturing shill profiles remains elusive for multi-criteria rating-based ones. Therefore, in this study, we first consider a prominent and novel attack type, that is, the power-item attack model, and introduce its four distinct variants adapted for multi-criteria data collections. Then, we propose a classification method detecting shill profiles based on various generic and model-based user attributes, most of which are new features usually related to item popularity and distribution of rating values. The experiments conducted on three benchmark datasets conclude that the proposed method successfully detects attack profiles from genuine users even with a small selected size and attack size. The empirical outcomes also demonstrate that item popularity and user characteristics based on their rating profiles are highly beneficial features in capturing shilling attack profiles.     

基于数据非随机缺失机制的推荐系统托攻击探测

协同过滤推荐系统极易受到托攻击的侵害. 开发托攻击探测技术已成为保障推荐系统可靠性与鲁棒性的关键. 本文以数据非随机缺失机制为依托,对导致评分缺失的潜在因素进行解析, 并在概率产生模型框架内将这些潜在因素与Dirichlet过程相融合, 提出了用于托攻击探测的缺失评分潜在因素分析(Latent factor analysis for missing ratings, LFAMR)模型. 实验表明,与现有探测技术相比, LFAMR具备更强的普适性和无监督性, 即使缺乏系统相关先验知识,仍可有效探测各种常见托攻击.     

一种结合用户可信度与相似度的鲁棒性推荐算法

协同过滤推荐系统面临着托攻击的安全威胁。研究抵御托攻击的鲁棒性推荐算法已成为一个迫切的课题。传统的鲁棒性推荐算法在算法稳定性与推荐准确度之间难以权衡。针对该问题,首先定义一种用户可信度指标,其次改进传统的相似度计算方法,通过结合用户可信度与改进的相似度,滤除攻击概貌,为目标用户作出推荐。实验表明,与传统算法相比,本文算法具备更强的稳定性,同时保持了良好的推荐准确度。     

一种探测推荐系统托攻击的无监督算法

托攻击是当前推荐系统面临的重大安全性问题之一.开发托攻击探测算法已成为保障推荐系统准确性与鲁棒性的关键.针对现有托攻击探测算法无监督程度较低的局限,在引入攻击概貌群体效应的定量度量及基于此的遗传优化目标函数的基础上,将自适应参数的后验推断与攻击探测过程相融合,提出了迭代贝叶斯推断遗传探测算法,降低了算法探测性能对系统相...     

基于深度自动编码器的托攻击集成检测方法

在采用协同过滤技术的推荐系统中,恶意用户通过注入大量虚假概貌使系统的推荐结果产生偏离,达到其攻击目的。为了检测托攻击,根据用户的评分值或基于攻击时间的集中性假设,从不同视角提取攻击概貌的特征。但是,这些基于人工特征的检测方法严重依赖于特征工程的质量,而且人工提取的检测特征多限于特定类型的攻击,提取特征也需要较高的知识成本。针对这些问题,从用户评分项目的时间偏好信息入手,提出一种利用深度稀疏自动编码器自动提取检测特征的托攻击集成检测方法。利用小波变换将项目在不同时间间隔内的流行度设定为多个等级,对用户的评分数据预处理得到用户-项目时间流行度等级矩阵。然后,采用深度稀疏自动编码器对用户-项目时间流行度等级矩阵自动进行特征提取,得到用户评分模式的低层特征表达,消除了传统的人工特征工程。以SVM作为基分类器,在深度稀疏自动编码器的每层提取特征并进行攻击检测,生成最终的集成检测结果。在Netflix数据集上的实验表明,提出的检测方法对均值攻击、AoP攻击、偏移攻击、高级项目攻击、高级用户攻击具有较好的检测效果。     

基于标签分类的协同过滤推荐算法

传统的协同过滤根据用户的行为去预测可能喜欢的产品,是当前应用最广泛的推荐算法之一。但随着用户规模的急剧扩大,有价值的信息占比较少,存在稀疏性等问题,导致推荐质量不高。针对这一问题,提出了一种基于标签分类的协同过滤推荐算法。将不完整的数据样本根据标签进行分类,使分解的矩阵依赖于类,随后使用迭代投影寻踪的方法计算类依赖矩阵的线性组合及其对应的权重。开放数据集实验表明,该方法在保持一定分类准确率的前提下,平均降低了35.23%的插补误差,优于传统协同过滤推荐算法。     

Preventing Recommendation Attack in Trust-Based Recommender Systems

Despite its success, similarity-based collaborative filtering suffers from some limitations, such as scalability, sparsity and recommendation attack. Prior work has shown incorporating trust mechanism into traditional collaborative filtering recommender systems can improve these limitations. We argue that trust-based recommender systems are facing novel recommendation attack which is different from the profile injection attacks in traditional recommender system. To the best of our knowledge, there has not any prior study on recommendation attack in a trust-based recommender system. We analyze the attack problem, and find that “victim” nodes play a significant role in the attack. Furthermore, we propose a data provenance method to trace malicious users and identify the “victim” nodes as distrust users of recommender system. Feasibility study of the defend method is done with the dataset crawled from Epinions website.