Robustness analysis of arbitrarily distributed data-based recommendation methods

Due to different shopping routines of people, rating preferences of many customers might be partitioned between two parties. Since two different e-companies might sell products from the same range to the identical set of customers, the type of data partition is called arbitrarily. In the case of arbitrarily distributed data, it is a challenge to produce accurate recommendations for those customers, because their ratings are split. Therefore, researchers propose methods for enabling data holders’ collaboration. In this scenario, privacy becomes a deterrent barrier for collaboration, accordingly, the introduced solutions include private protocols for protecting parties’ confidentiality. Although, private protocols encourage data owners to collaborate, they introduce a new drawback for partnership. Since, whole data is distributed and parties do not have full control of data, any malicious user, who knows that two parties collaborate, can easily insert shilling profiles to system by partitioning them between data holders. Parties can have trouble to find such profile injection attacks by employing existing detection methods because of they are arbitrarily distributed. Since profile injection attacks can easily performed on arbitrarily distributed data-based recommender systems, quality, and reliability of such systems decreases, and it causes angry customers. Therefore, in this paper, we try to describe aforementioned problems with arbitrarily distributed data-based recommender systems. As a first step, we analyze robustness of proposed arbitrarily distributed data-based recommendation methods against six well-known shilling attack types. Secondly, we explain why existing detection methods cannot detect malicious user profiles in distributed data. We perform experiments on a well-known movie data set, and according to our results, arbitrarily distributed data-based recommendation methods are vulnerable to shilling attacks.     

From similarity perspective: a robust collaborative filtering approach for service recommendations

Collaborative filtering (CF) is a technique commonly used for personalized recommendation and Web service quality-of-service (QoS) prediction. However, CF is vulnerable to shilling attackers who inject fake user profiles into the system. In this paper, we first present the shilling attack problem on CF-based QoS recommender systems for Web services. Then, a robust CF recommendation approach is proposed from a user similarity perspective to enhance the resistance of the recommender systems to the shilling attack. In the approach, the generally used similarity measures are analyzed, and the DegSim (the degree of similarities with top k neighbors) with those measures is selected for grouping and weighting the users. Then, the weights are used to calculate the service similarities/differences and predictions.We analyzed and evaluated our algorithms using WS-DREAM and Movielens datasets. The experimental results demonstrate that shilling attacks influence the prediction of QoS values, and our proposed features and algorithms achieve a higher degree of robustness against shilling attacks than the typical CF algorithms.     

融合层次聚类和粒子群优化的鲁棒推荐算法

针对现有的推荐算法面对托攻击时鲁棒性差的情况,提出一种融合层次聚类和粒子群优化的鲁棒推荐算法.首先,根据用户评分矩阵,使用层次聚类将用户聚为两类,并根据平均类内距离进行类别判定,对攻击概貌进行标记;然后,基于矩阵分解技术,引入粒子群优化技术进行特征矩阵初始化,为模型训练提供初始最优解;最后,根据攻击概貌标识结果构造标记函数,降低对模型训练过程的影响,实现对目标用户的鲁棒推荐.在公共数据集上将本文提出的算法和其他算法进行了实验对比分析,结果显示提出的算法在鲁棒性方面有很大的提升,推荐精度也有提高.     

Robust recommendation method based on suspicious users measurement and multidimensional trust

The existing collaborative recommendation algorithms have poor robustness against shilling attacks. To address this problem, in this paper we propose a robust recommendation method based on suspicious users measurement and multidimensional trust. Firstly, we establish the relevance vector machine classifier according to the user profile features to identify and measure the suspicious users in the user rating database. Secondly, we mine the implicit trust relation among users based on the user-item rating data, and construct a reliable multidimensional trust model by integrating the user suspicion information. Finally, we combine the reliable multidimensional trust model, the neighbor model and matrix factorization model to devise a robust recommendation algorithm. The experimental results on the MovieLens dataset show that the proposed method outperforms the existing methods in terms of both recommendation accuracy and robustness.     

Privacy-preserving identity-based broadcast encryption

Broadcast encryption enables a broadcaster to encrypt messages and transmit them to some subset S of authorized users. In identity-based broadcast encryption schemes, a broadcasting sender typically encrypts a message by combining public identities of receivers in S and system parameters. However, previous identity-based broadcast encryption schemes have not been concerned about preserving the privacy of receivers. Consequently, all of the identities of broadcast receivers in S are exposed to the public in the previous schemes, which may be subject to attacks on user privacy in lots of pragmatic applications. We propose a novel privacy-preserving identity-based broadcast encryption scheme against an active attacker. The proposed scheme protects the privacy of receivers of broadcasted messages by hiding the identities of receivers in S. Additionally, it achieves less storage and computation costs required to encrypt and decrypt the broadcast message, compared to the previous identity-based broadcast encryption schemes that do not provide user privacy.     

Shilling attack detection utilizing semi-supervised learning method for collaborative recommender system

Collaborative filtering (CF) technique is capable of generating personalized recommendations. However, the recommender systems utilizing CF as their key algorithms are vulnerable to shilling attacks which insert malicious user profiles into the systems to push or nuke the reputations of targeted items. There are only a small number of labeled users in most of the practical recommender systems, while a large number of users are unlabeled because it is expensive to obtain their identities. In this paper, Semi-SAD, a new semi-supervised learning based shilling attack detection algorithm is proposed to take advantage of both types of data. It first trains a naïve Bayes classifier on a small set of labeled users, and then incorporates unlabeled users with EM-λ to improve the initial naïve Bayes classifier. Experiments on MovieLens datasets are implemented to compare the efficiency of Semi-SAD with supervised learning based detector and unsupervised learning based detector. The results indicate that Semi-SAD can better detect various kinds of shilling attacks than others, especially against obfuscated and hybrid shilling attacks.     

基于评分离散度的托攻击检测算法

检测托攻击的本质是对真实用户和虚假用户进行分类,现有的检测算法对于具有选择项的流行攻击、段攻击等攻击方式的检测鲁棒性较差。针对这一问题,通过分析真实用户和虚假用户的评分分布情况,结合ID3决策树提出基于用户评分离散度的托攻击检测Dispersion-C算法。算法通过用户评分极端评分比、去极端评分方差和用户评分标准差3个特征衡量用户评分离散度,并将其作为ID3决策树算法的分类特征,根据不同特征的信息增益选择特征作为分类属性,训练分类器。实验结果表明,Dispersion-C算法对各类托攻击均有良好的检测效果,具有较好的鲁棒性。     

Defending recommender systems: detection of profile injection attacks

Collaborative recommender systems are known to be highly vulnerable to profile injection attacks, attacks that involve the insertion of biased profiles into the ratings database for the purpose of altering the system’s recommendation behavior. Prior work has shown when profiles are reverse engineered to maximize influence; even a small number of malicious profiles can significantly bias the system. This paper describes a classification approach to the problem of detecting and responding to profile injection attacks. A number of attributes are identified that distinguish characteristics present in attack profiles in general, as well as an attribute generation approach for detecting profiles based on reverse engineered attack models. Three well-known classification algorithms are then used to demonstrate the combined benefit of these attributes and the impact the selection of classifier has with respect to improving the robustness of the recommender system. Our study demonstrates this technique significantly reduces the impact of the most powerful attack models previously studied, particularly when combined with a support vector machine classifier. This research was supported in part by the National Science Foundation Cyber Trust program under Grant IIS-0430303 and the National Science Foundation IGERT program under Grant DGE-0549489.     

Unsupervised strategies for shilling detection and robust collaborative filtering

Collaborative filtering systems are essentially social systems which base their recommendation on the judgment of a large number of people. However, like other social systems, they are also vulnerable to manipulation by malicious social elements. Lies and Propaganda may be spread by a malicious user who may have an interest in promoting an item, or downplaying the popularity of another one. By doing this systematically, with either multiple identities, or by involving more people, malicious user votes and profiles can be injected into a collaborative recommender system. This can significantly affect the robustness of a system or algorithm, as has been studied in previous work. While current detection algorithms are able to use certain characteristics of shilling profiles to detect them, they suffer from low precision, and require a large amount of training data. In this work, we provide an in-depth analysis of shilling profiles and describe new approaches to detect malicious collaborative filtering profiles. In particular, we exploit the similarity structure in shilling user profiles to separate them from normal user profiles using unsupervised dimensionality reduction. We present two detection algorithms; one based on PCA, while the other uses PLSA. Experimental results show a much improved detection precision over existing methods without the usage of additional training time required for supervised approaches. Finally, we present a novel and highly effective robust collaborative filtering algorithm which uses ideas presented in the detection algorithms using principal component analysis.     

Securing Recommender Systems Against Shilling Attacks Using Social-Based Clustering

Recommender systems (RS) have been found supportive and practical in e-commerce and been established as useful aiding services. Despite their great adoption in the user communities, RS are still vulnerable to unscrupulous producers who try to promote their products by shilling the systems. With the advent of social networks new sources of information have been made available which can potentially render RS more resistant to attacks. In this paper we explore the information provided in the form of social links with clustering for diminishing the impact of attacks. We propose two algorithms, CluTr and WCluTr, to combine clustering with "trust" among users. We demonstrate that CluTr and WCluTr enhance the robustness of RS by experimentally evaluating them on data from a public consumer recommender system Epinions.com.     

A comparison of clustering-based privacy-preserving collaborative filtering schemes

Privacy-preserving collaborative filtering (PPCF) methods designate extremely beneficial filtering skills without deeply jeopardizing privacy. However, they mostly suffer from scalability, sparsity, and accuracy problems. First, applying privacy measures introduces additional costs making scalability worse. Second, due to randomness for preserving privacy, quality of predictions diminishes. Third, with increasing number of products, sparsity becomes an issue for both CF and PPCF schemes.In this study, we first propose a content-based profiling (CBP) of users to overcome sparsity issues while performing clustering because the very sparse nature of rating profiles sometimes do not allow strong discrimination. To cope with scalability and accuracy problems of PPCF schemes, we then show how to apply k-means clustering (KMC), fuzzy c-means method (FCM), and self-organizing map (SOM) clustering to CF schemes while preserving users’ confidentiality. After presenting an evaluation of clustering-based methods in terms of privacy and supplementary costs, we carry out real data-based experiments to compare the clustering algorithms within and against traditional CF and PPCF approaches in terms of accuracy. Our empirical outcomes demonstrate that FCM achieves the best low cost performance compared to other methods due to its approximation-based model. The results also show that our privacy-preserving methods are able to offer precise predictions.     

安全推荐系统中基于信任的检测模型

在网格环境中,推荐系统通过提供高品质的个性化推荐,帮助网格用户选择更好的服务。另外,推荐系统也应用于虚拟机管理平台来评估虚拟机的性能和可靠性。然而,推荐结果对用户偏好信息的敏感性使得推荐系统易受到人为攻击(用户概貌注入攻击或托攻击)。本文中,我们提出并评估了一种新的基于信任的安全检测算法以保护推荐系统抵御用户概貌注入攻击。并且,我们分别在用户级和项目级上讨论了信任检测与RDMA检测的结合。最后,我们通过试验表明这些新的安全检测机制可以取得更好的检测精度。     

一种去中心化的隐私保护匿名问卷方案

针对传统匿名问卷系统不能抵抗合谋攻击及公布数据时无法保护用户隐私的问题,提出一种新的隐私保护匿名问卷方案。引入少数合谋的问卷工作节点集群,利用门限签名技术为用户进行注册,并以门限签名为问卷生成用户列表,从而抵抗合谋攻击,同时将用户回应进行同态加密上传至公开防篡改平台抵抗数据抵赖,采用差分隐私技术并借助安全多方计算技术输出隐私保护的问卷归总结果。在此基础上,将问卷过程融入零知识证明技术,保证密文的健壮性及方案的正确性。性能分析结果表明,该方案的安全模型满足匿名性、验证性、机密性及隐私保护性,与ANONIZE、Prio等方案相比,在合谋攻击抵抗、隐私保护方面更有优势,且在时间和存储开销上符合实际应用需求。     

基于用户声誉的鲁棒协同推荐算法

随着推荐系统在电子商务界的快速发展以及取得的巨大经济收益, 有目的性的托攻击是目前协同过滤系统面临的重大安全威胁, 研究一种可抵御攻击的鲁棒推荐技术已成为目前推荐系统领域的重要课题.本文利用历史记录得到用户声誉, 建立声誉推荐系统, 并结合协同过滤推荐领域内的隐语义模型, 提出基于用户声誉的隐语义模型鲁棒协同算法.本文提出的算法从人为攻击和自然噪声两个方面对系统的鲁棒性进行了改善.在真实的数据集 Movielens 1M 上的实验表明, 与现有的鲁棒性推荐算法相比, 这种算法具有形式简单、可解释性强、稳定的特点, 且在精度得到一定提升的情况下大大增强了系统抵御攻击的能力.     

BLUFADER: Blurred face detection & recognition for privacy-friendly continuous authentication

Authentication and de-authentication phases should occur at the beginning and end of secure user sessions, respectively. A secure session requires the user to pass the former, but the latter is often underestimated or ignored. Unattended or dangling sessions expose users to well-known Lunchtime Attacks. To mitigate this threat, researchers focused on automated de-authentication systems, either as a stand-alone mechanism or as a result of continuous authentication failures. Unfortunately, no single approach offers security, privacy, and usability. Face-recognition methods, for example, may be suitable for security and usability, but they violate user privacy by continuously recording their actions and surroundings.In this work, we propose BLUFADER, a novel continuous authentication system that takes advantage of blurred face detection and recognition to fast, secure, and transparent de-authenticate users, preserving their privacy. We obfuscate a webcam with a physical blur layer and use deep learning algorithms to perform face detection and recognition continuously. To evaluate BLUFADER’s practicality, we collected two datasets formed by 30 recruited subjects (users) and thousands of physically blurred celebrity photos. The de-authentication system was trained and evaluated using the former, while the latter was used to appraise the privacy and increase variance at training time. To guarantee the privacy-preserving effectiveness of the selected physical blurring filter, we show that state-of-the-art deblurring models are not able to revert our physical blur. Further, we demonstrate that our approach outperforms state-of-the-art methods in detecting blurred faces, achieving up to 95% accuracy. Moreover, BLUFADER effectively de-authenticates users up to 100% accuracy in under 3 seconds, while satisfying security, privacy, and usability requirements. Last, our continuous authentication face recognition module based on Siamese Neural Network preventively protect users from adversarial attacks, enhancing the overall system security.     

一种探测推荐系统托攻击的无监督算法

托攻击是当前推荐系统面临的重大安全性问题之一.开发托攻击探测算法已成为保障推荐系统准确性与鲁棒性的关键.针对现有托攻击探测算法无监督程度较低的局限,在引入攻击概貌群体效应的定量度量及基于此的遗传优化目标函数的基础上,将自适应参数的后验推断与攻击探测过程相融合,提出了迭代贝叶斯推断遗传探测算法,降低了算法探测性能对系统相...     

基于属性优化矩阵补全的抗托攻击推荐算法

托攻击是当前推荐系统面临的严峻挑战之一。由于推荐系统的开放性,恶意用户可轻易对其注入精心设计的评分从而影响推荐结果,降低用户体验。基于属性优化结构化噪声矩阵补全技术,提出一种鲁棒的抗托攻击个性化推荐（SATPR）算法,将攻击评分视为评分矩阵中的结构化行噪声并采用L2,1范数进行噪声建模,同时引入用户与物品的属性特征以提高托攻击检测精度。实验表明,SATPR算法在托攻击下可取得比传统推荐算法更精确的个性化评分预测效果。     

Protecting query privacy in location-based services

The popularity of location-based services (LBSs) leads to severe concerns on users’ privacy. With the fast growth of Internet applications such as online social networks, more user information becomes available to the attackers, which allows them to construct new contextual information. This gives rise to new challenges for user privacy protection and often requires improvements on the existing privacy-preserving methods. In this paper, we classify contextual information related to LBS query privacy and focus on two types of contexts—user profiles and query dependency: user profiles have not been deeply studied in LBS query privacy protection, while we are the first to show the impact of query dependency on users’ query privacy. More specifically, we present a general framework to enable the attackers to compute a distribution on users with respect to issuing an observed request. The framework can model attackers with different contextual information. We take user profiles and query dependency as examples to illustrate the implementation of the framework and their impact on users’ query privacy. Our framework subsequently allows us to show the insufficiency of existing query privacy metrics, e.g., k-anonymity, and propose several new metrics. In the end, we develop new generalisation algorithms to compute regions satisfying users’ privacy requirements expressed in these metrics. By experiments, our metrics and algorithms are shown to be effective and efficient for practical usage.     

基于数据非随机缺失机制的推荐系统托攻击探测

协同过滤推荐系统极易受到托攻击的侵害. 开发托攻击探测技术已成为保障推荐系统可靠性与鲁棒性的关键. 本文以数据非随机缺失机制为依托,对导致评分缺失的潜在因素进行解析, 并在概率产生模型框架内将这些潜在因素与Dirichlet过程相融合, 提出了用于托攻击探测的缺失评分潜在因素分析(Latent factor analysis for missing ratings, LFAMR)模型. 实验表明,与现有探测技术相比, LFAMR具备更强的普适性和无监督性, 即使缺乏系统相关先验知识,仍可有效探测各种常见托攻击.