Robust Federated Contrastive Recommender System against Model Poisoning Attack

Wei Yuan,Chaoqun Yang,Liang Qu,Guanhua Ye,Quoc Viet Hung Nguyen,Hongzhi Yin
2024-03-29
Abstract:Federated Recommender Systems (FedRecs) have garnered increasing attention recently, thanks to their privacy-preserving benefits. However, the decentralized and open characteristics of current FedRecs present two dilemmas. First, the performance of FedRecs is compromised due to highly sparse on-device data for each client. Second, the system's robustness is undermined by the vulnerability to model poisoning attacks launched by malicious users. In this paper, we introduce a novel contrastive learning framework designed to fully leverage the client's sparse data through embedding augmentation, referred to as CL4FedRec. Unlike previous contrastive learning approaches in FedRecs that necessitate clients to share their private parameters, our CL4FedRec aligns with the basic FedRec learning protocol, ensuring compatibility with most existing FedRec implementations. We then evaluate the robustness of FedRecs equipped with CL4FedRec by subjecting it to several state-of-the-art model poisoning attacks. Surprisingly, our observations reveal that contrastive learning tends to exacerbate the vulnerability of FedRecs to these attacks. This is attributed to the enhanced embedding uniformity, making the polluted target item embedding easily proximate to popular items. Based on this insight, we propose an enhanced and robust version of CL4FedRec (rCL4FedRec) by introducing a regularizer to maintain the distance among item embeddings with different popularity levels. Extensive experiments conducted on four commonly used recommendation datasets demonstrate that CL4FedRec significantly enhances both the model's performance and the robustness of FedRecs.
Information Retrieval
What problem does this paper attempt to address?
The problems that this paper attempts to solve mainly focus on two aspects: 1. **Data Sparsity Problem**: In the Federated Recommendation Systems (FedRecs), the data of each client (user) is very scarce, which leads to an increase in training difficulty and even affects the model performance. Data sparsity is a common problem in recommendation systems, but it is more prominent in the federated learning environment because each client can only use its own small amount of data for training. 2. **Robustness Problem against Model Poisoning Attacks**: Due to the decentralized and open characteristics of federated recommendation systems, these systems are vulnerable to model poisoning attacks by malicious users. This type of attack manipulates the recommendation system by uploading contaminated model updates to achieve specific goals (such as promoting or devaluing certain items). To address these two challenges, the authors propose a contrastive learning framework named CL4FedRec, which aims to make full use of the sparse data of clients and enhance the robustness of federated recommendation systems. Specifically: - **Contrastive Learning Framework**: CL4FedRec overcomes the data sparsity problem by generating synthetic users and adding noise to create different views of users and items. This method allows for effective contrastive learning using limited local data without violating privacy. - **Robustness Enhancement**: Although CL4FedRec performs well in improving the recommendation effect, experiments have found that it also increases the system's vulnerability to model poisoning attacks. Therefore, the authors further propose an enhanced version of the contrastive learning framework, rCL4FedRec, which improves the system's robustness by introducing a popularity - based regularization term to maintain the distance between item embeddings of different popularities. Through extensive experimental verification, rCL4FedRec not only significantly improves the recommendation effect but also enhances the resistance of federated recommendation systems against model poisoning attacks.