Abstract:Federated recommendation (FedRec) preserves user privacy by enabling decentralized training of personalized models, but this architecture is inherently vulnerable to adversarial attacks. Significant research has been conducted on targeted attacks in FedRec systems, motivated by commercial and social influence considerations. However, much of this work has largely overlooked the differential robustness of recommendation models. Moreover, our empirical findings indicate that existing targeted attack methods achieve only limited effectiveness in Federated Sequential Recommendation (FSR) tasks. Driven by these observations, we focus on investigating targeted attacks in FSR and propose a novel dualview attack framework, named DV-FSR. This attack method uniquely combines a sampling-based explicit strategy with a contrastive learning-based implicit gradient strategy to orchestrate a coordinated attack. Additionally, we introduce a specific defense mechanism tailored for targeted attacks in FSR, aiming to evaluate the mitigation effects of the attack method we proposed. Extensive experiments validate the effectiveness of our proposed approach on representative sequential models.

What problem does this paper attempt to address?

The problem that this paper attempts to solve is the effectiveness and defense of target attacks in Federated Sequential Recommendation (FSR). Specifically, the author points out that the existing attack methods for federated recommendation systems have limited effectiveness when dealing with sequential recommendation tasks and ignores the research on the robustness of the differences in recommendation models. To address these challenges, the author proposes a novel dual - view attack framework DV - FSR and designs the corresponding defense mechanism. The following are the specific problems that the paper attempts to solve: 1. **Limitations of existing attack methods**: - Existing target attack methods have limited effectiveness in federated sequential recommendation tasks. - There is a lack of research on the robustness of the differences in sequential recommendation models. 2. **Vulnerability of federated sequential recommendation systems**: - Although Federated Learning (FL) improves user privacy protection, its decentralized training process makes the system vulnerable to attacks by malicious users. - Attackers can achieve specific malicious goals by manipulating local training data or uploading gradients. 3. **Specific challenges of target attacks**: - The attack must be effective with only a small number of malicious clients. - The attacker can only access a small amount of data stored on the malicious clients and cannot obtain the complete training data. - Due to the complexity and time characteristics of sequential recommendation models, how to effectively increase the recommendation frequency of the target item with limited information is a challenge. To solve these problems, the author proposes the following methods: - **Dual - view attack framework DV - FSR**: - Explicit strategy: Replace the items that have the greatest impact on the prediction of the target item and upload malicious gradients to maximize the score of the target item. - Implicit strategy: Use contrastive learning loss to enhance the similarity between the target item embedding and the interacting item embedding. - **Defense mechanism**: - A hybrid - RFA defense strategy is proposed, which combines the advantages of the geometric median and the traditional averaging method to mitigate the attack effect. Through these methods, the author aims to reveal the security risks of federated sequential recommendation systems and evaluate the effectiveness of their defense mechanisms. The experimental results show that DV - FSR has a significant attack effect in multiple scenarios, and the hybrid - RFA defense strategy can reduce the impact of the attack to a certain extent.

DV-FSR: A Dual-View Target Attack Framework for Federated Sequential Recommendation

FedRecAttack: Model Poisoning Attack to Federated Recommendation

Poisoning Deep Learning Based Recommender Model in Federated Learning Scenarios.

Preventing the Popular Item Embedding Based Attack in Federated Recommendations

A Federated Multi-View Deep Learning Framework for Privacy-Preserving Recommendations

UA-FedRec: Untargeted Attack on Federated News Recommendation

Interaction-level Membership Inference Attack Against Federated Recommender Systems

FedAttack: Effective and Covert Poisoning Attack on Federated Recommendation via Hard Sampling

Untargeted Attack Against Federated Recommendation Systems Via Poisonous Item Embeddings and the Defense

Robust Federated Recommendation System

Efficient and Robust Regularized Federated Recommendation

Towards Communication Efficient and Fair Federated Personalized Sequential Recommendation

User Consented Federated Recommender System Against Personalized Attribute Inference Attack

Defending Against Membership Inference Attack for Counterfactual Federated Recommendation With Differentially Private Representation Learning

PTF-FSR: A Parameter Transmission-Free Federated Sequential Recommender System

PDC-FRS: Privacy-preserving Data Contribution for Federated Recommender System

Robust Privacy-Preserving Recommendation Systems Driven by Multimodal Federated Learning

Manipulating Visually-aware Federated Recommender Systems and Its Countermeasures

ToDA: Target-oriented Diffusion Attacker against Recommendation System

A Survey on Federated Recommendation Systems

Revisit Targeted Model Poisoning on Federated Recommendation: Optimize Via Multi-objective Transport