Jun Zhang,Huan Li,Dazhong Rong,Yan Zhao,Ke Chen,Lidan Shou

DOI: https://doi.org/10.1109/icde60146.2024.00173

2024-01-01

Abstract:Privacy concerns have led to the rise of federated recommender systems (FRS), which can create personalized models across distributed clients. However, FRS is vulnerable to poisoning attacks, where malicious users manipulate gradients to promote their target items intentionally. Existing attacks against FRS have limitations, as they depend on specific models and prior knowledge, restricting their real-world applicability. In our exploration of practical FRS vulnerabilities, we devise a model-agnostic and prior-knowledge-free attack, named PIECK (Popular Item Embedding based Attack). The core module of PIECK is popular item mining, which leverages embedding changes during FRS training to effectively identify the popular items. Built upon the core module, PIECK branches into two diverse solutions: The PIECKIPE solution employs an item popularity enhancement module, which aligns the embeddings of targeted items with the mined popular items to increase item exposure. The PIECKUEA further enhances the robustness of the attack by using a user embedding approximation module, which approximates private user embeddings using mined popular items. Upon identifying PIECK, we evaluate existing federated defense methods and find them ineffective against PIECK, as poisonous gradients inevitably overwhelm the cold target items. We then propose a novel defense method by introducing two regularization terms during user training, which constrain item popularity enhancement and user embedding approximation while preserving FRS performance. We evaluate PIECK and its defense across two base models, three real datasets, four top-tier attacks, and six general defense methods, affirming the efficacy of both PIECK and its defense.

Zhihai Yang,Zhongmin Cai,Xiaohong Guan

DOI: https://doi.org/10.1016/j.knosys.2016.08.011

IF: 8.139

2016-01-01

Knowledge-Based Systems

Abstract:Online rating system plays a crucial role in collaborative filtering recommender systems (CFRSs). However, CFRSs are highly vulnerable to “shilling” attacks in reality. How to quickly and effectively spot and remove anomalous ratings before recommendation also is a big challenge. In this paper, we propose an unsupervised method to detect the attacks, which consists of three stages. Firstly, an undirected user-user graph is constructed from original user profiles. Based on the graph, a graph mining method is employed to estimate the similarity between vertices for creating a reduced graph. Then, similarity analysis is used to distinguish the difference between the vertices in order to rule out a part of genuine users. Finally, the remained genuine users are further filtered out by analyzing target items and the attackers can be detected. Extensive experiments on the MovieLens datasets demonstrate the effectiveness of the proposed method as compared to benchmark methods.

Kaike Zhang,Qi Cao,Yunfan Wu,Fei Sun,Huawei Shen,Xueqi Cheng

DOI: https://doi.org/10.1145/3640457.3688120

2024-09-26

Abstract:Recommender systems play a pivotal role in mitigating information overload in various fields. Nonetheless, the inherent openness of these systems introduces vulnerabilities, allowing attackers to insert fake users into the system's training data to skew the exposure of certain items, known as poisoning attacks. Adversarial training has emerged as a notable defense mechanism against such poisoning attacks within recommender systems. Existing adversarial training methods apply perturbations of the same magnitude across all users to enhance system robustness against attacks. Yet, in reality, we find that attacks often affect only a subset of users who are vulnerable. These perturbations of indiscriminate magnitude make it difficult to balance effective protection for vulnerable users without degrading recommendation quality for those who are not affected. To address this issue, our research delves into understanding user vulnerability. Considering that poisoning attacks pollute the training data, we note that the higher degree to which a recommender system fits users' training data correlates with an increased likelihood of users incorporating attack information, indicating their vulnerability. Leveraging these insights, we introduce the Vulnerability-aware Adversarial Training (VAT), designed to defend against poisoning attacks in recommender systems. VAT employs a novel vulnerability-aware function to estimate users' vulnerability based on the degree to which the system fits them. Guided by this estimation, VAT applies perturbations of adaptive magnitude to each user, not only reducing the success ratio of attacks but also preserving, and potentially enhancing, the quality of recommendations. Comprehensive experiments confirm VAT's superior defensive capabilities across different recommendation models and against various types of attacks.

Information Retrieval

Falguni Roy,Xiaofeng Ding,K.-K. R. Choo,Pan Zhou

2024-09-19

Abstract:Recommender systems are essential for personalizing digital experiences on e-commerce sites, streaming services, and social media platforms. While these systems are necessary for modern digital interactions, they face fairness, bias, threats, and privacy challenges. Bias in recommender systems can result in unfair treatment of specific users and item groups, and fairness concerns demand that recommendations be equitable for all users and items. These systems are also vulnerable to various threats that compromise reliability and security. Furthermore, privacy issues arise from the extensive use of personal data, making it crucial to have robust protection mechanisms to safeguard user information. This study explores fairness, bias, threats, and privacy in recommender systems. It examines how algorithmic decisions can unintentionally reinforce biases or marginalize specific user and item groups, emphasizing the need for fair recommendation strategies. The study also looks at the range of threats in the form of attacks that can undermine system integrity and discusses advanced privacy-preserving techniques. By addressing these critical areas, the study highlights current limitations and suggests future research directions to improve recommender systems' robustness, fairness, and privacy. Ultimately, this research aims to help develop more trustworthy and ethical recommender systems that better serve diverse user populations.

Information Retrieval,Cryptography and Security,Human-Computer Interaction

Shuiguang Deng,Longtao Huang,Guandong Xu

DOI: https://doi.org/10.1016/j.eswa.2014.07.012

2015-01-01

Applied Mathematics & Information Sciences

Abstract:With the number of Web services increasing constantly on the Internet, how to recommend personalized Web services for users has become more and more important. At present, there emerged some service recommendation systems utilizing influence ranking and collaborative filtering algorithms in service r ecommendation. However, they neither considered trust relationships among users, nor deal with the cold start problem very well. Fortunately, the popularity of social network in nowadays brings a good alternative for service recommendation to avoid those. In this study, we propose a social network-based service-recommendation method, which considers users' history service invocation behaviors, us ers preferences as well as trust relationships among users i mplied in social network and users comments/reviews on services. We have applied this method in a data set extracted from www.epinions.com. A series of experiments on 86,719 users, 604,190 user trust-relationships and 963,591 reviews on 292,713 services/produces show that this recommendation method get better recall rate, precision, f-measure and rank score.

Jun Du,Chunxiao Jiang,Jian Wang,Shui Yu,Yong Ren

DOI: https://doi.org/10.1109/GlobalSIP.2016.7905875

2016-01-01

Abstract:With the development of social network based applications, different service approaches to achieve these applications have emerged. Users' reporting and sharing of their consumption experience can be utilized to rate the quality of different approaches of online services. How to ensure the authenticity of users' reports and identify malicious ones with cheating reports become important issues to achieve an accurate service rating. In this paper, we provide a private-prior peer prediction mechanism based service rating system with a fusion center, which evaluates users' trustworthiness with their reports by applying the strictly proper scoring rule. In addition, to identify malicious users and bad-functioning/unreliable users with high error rate of quality judgement, an unreliability index is proposed in this paper to evaluate the uncertainty of reports. By combining the trustworthiness and unreliability, malicious users cannot receive a high trustworthiness and low unreliability at the same time when they report falsified feedbacks. Simulation results indicate that the proposed peer prediction based service rating can identify malicious and unreliable users effectively, motivate users to report truthfully, and achieve high service rating accuracy.

Mirae Kim,Simon Woo

DOI: https://doi.org/10.48550/arXiv.2210.07817

2022-09-28

Abstract:Information has exploded on the Internet and mobile with the advent of the big data era. In particular, recommendation systems are widely used to help consumers who struggle to select the best products among such a large amount of information. However, recommendation systems are vulnerable to malicious user biases, such as fake reviews to promote or demote specific products, as well as attacks that steal personal information. Such biases and attacks compromise the fairness of the recommendation model and infringe the privacy of users and systems by distorting <a class="link-external link-http" href="http://data.Recently" rel="external noopener nofollow">this http URL</a>, deep-learning collaborative filtering recommendation systems have shown to be more vulnerable to this bias. In this position paper, we examine the effects of bias that cause various ethical and social issues, and discuss the need for designing the robust recommendation system for fairness and stability.

Information Retrieval,Artificial Intelligence

Wei Zhou,Junhao Wen,Yun Sing Koh,Qingyu Xiong,Min Gao,Gillian Dobbie,Shafiq Alam

DOI: https://doi.org/10.1371/journal.pone.0130968

IF: 3.7

2015-07-29

PLoS ONE

Abstract:Recommender systems are highly vulnerable to shilling attacks, both by individuals and groups. Attackers who introduce biased ratings in order to affect recommendations, have been shown to negatively affect collaborative filtering (CF) algorithms. Previous research focuses only on the differences between genuine profiles and attack profiles, ignoring the group characteristics in attack profiles. In this paper, we study the use of statistical metrics to detect rating patterns of attackers and group characteristics in attack profiles. Another question is that most existing detecting methods are model specific. Two metrics, Rating Deviation from Mean Agreement (RDMA) and Degree of Similarity with Top Neighbors (DegSim), are used for analyzing rating patterns between malicious profiles and genuine profiles in attack models. Building upon this, we also propose and evaluate a detection structure called RD-TIA for detecting shilling attacks in recommender systems using a statistical approach. In order to detect more complicated attack models, we propose a novel metric called DegSim' based on DegSim. The experimental results show that our detection model based on target item analysis is an effective approach for detecting shilling attacks.

Wei Zhou,Junhao Wen,Qiang Qu,Jun Zeng,Tian Cheng

DOI: https://doi.org/10.1371/journal.pone.0196533

IF: 3.7

2018-05-09

PLoS ONE

Abstract:Recommender systems are vulnerable to shilling attacks. Forged user-generated content data, such as user ratings and reviews, are used by attackers to manipulate recommendation rankings. Shilling attack detection in recommender systems is of great significance to maintain the fairness and sustainability of recommender systems. The current studies have problems in terms of the poor universality of algorithms, difficulty in selection of user profile attributes, and lack of an optimization mechanism. In this paper, a shilling behaviour detection structure based on abnormal group user findings and rating time series analysis is proposed. This paper adds to the current understanding in the field by studying the credibility evaluation model in-depth based on the rating prediction model to derive proximity-based predictions. A method for detecting suspicious ratings based on suspicious time windows and target item analysis is proposed. Suspicious rating time segments are determined by constructing a time series, and data streams of the rating items are examined and suspicious rating segments are checked. To analyse features of shilling attacks by a group user&#x27;s credibility, an abnormal group user discovery method based on time series and time window is proposed. Standard testing datasets are used to verify the effect of the proposed method.

multidisciplinary sciences

Jun Li,Xiaolin Zheng,Deren Chen,William Wei Song

DOI: https://doi.org/10.4018/jwsr.2012070102

2012-01-01

International Journal of Web Services Research

Abstract:In a service-oriented environment, it is inevitable and indeed quite common to deal with web services, whose reliability is unknown to the users. The reputation system is a popular technique currently used for providing a global quality score of a service provider to requesters. However, such global information is far from sufficient for service requesters to choose the most qualified services. In order to tackle this problem, the authors present a trust based architecture containing a computational trust model for quantifying and comparing the trustworthiness of services. In this trust model, they firstly construct a network based on the direct trust relations between participants and rating similarity in service oriented environments, then propose an algorithm for propagating trust in the social network based environment which can produce personalized trust information for a specific service requester, and finally implement the trust model and simulate various malicious behaviors in not only dense but also sparse networks which can verify the attack-resistant and robustness of the proposed approach. The experiment results also demonstrate the feasibility and benefit of the approach.

Qinyuan Feng,Yan Lindsay Sun,Ling Liu,Yafei Yang,Yafei Dai

DOI: https://doi.org/10.1109/tkde.2009.214

IF: 9.235

2010-01-01

IEEE Transactions on Knowledge and Data Engineering

Abstract:With the popularity of voting systems in cyberspace, there is growing evidence that current voting systems can be manipulated by fake votes. This problem has attracted many researchers working on guarding voting systems in two areas: relieving the effect of dishonest votes by evaluating the trust of voters, and limiting the resources that can be used by attackers, such as the number of voters and the number of votes. In this paper, we argue that powering voting systems with trust and limiting attack resources are not enough. We present a novel attack named as Reputation Trap (RepTrap). Our case study and experiments show that this new attack needs much less resources to manipulate the voting systems and has a much higher success rate compared with existing attacks. We further identify the reasons behind this attack and propose two defense schemes accordingly. In the first scheme, we hide correlation knowledge from attackers to reduce their chance to affect the honest voters. In the second scheme, we introduce robustness-of-evidence, a new metric, in trust calculation to reduce their effect on honest voters. We conduct extensive experiments to validate our approach. The results show that our defense schemes not only can reduce the success rate of attacks but also significantly increase the amount of resources an adversary needs to launch a successful attack.

H. Hamidi,R. Moradi

DOI: https://doi.org/10.1016/j.jksuci.2024.101964

IF: 9.006

2024-02-15

Journal of King Saud University - Computer and Information Sciences

Abstract:Collaborative filtering recommender systems type have been increasingly used in e-commerce sites both to facilitate users' decision-making and increase sales. On the one hand, the open and interactive nature of recommender systems makes them vulnerable to shilling attacks, and on the other hand, given that most recommender systems are used in dynamic environments, and this issue generates incremental data over time. One of the main obstacles of this type of recommender systems is the inability to model the dynamic behavior of users and the incremental flow of data, as well as the vulnerability to shilling attacks. Therefore, classic models do not have the necessary ability to provide suitable recommendations to the user and also to detect shilling attacks dynamically. The objective of this study was to address this gap by designing a dynamic and robust recommender system model against shilling attacks. This model was based on item context, trust, users' rating and users' rating time, and it benefits from the social networks analysis of users and items to suggest @N top items to the target user, and had a dynamic and increasing property over time and robust against shilling attacks. Finally, to assess the performance and robustness of the recommender system to shilling attacks, 4850 different tests have been performed without shilling attacks and under three average, random, and bandwagon attacks. To validate the proposed model, the results of the tests have been compared with similar methods such as TRACCF, TOTAR and T&TRS using the evaluation criteria of Precision, Recall, F1, MAE and RMSE.The results depicted that the proposed method, due to finding users and similar items in communities created by social networks, causes a reduction in the number of predicted items that are not liked by the user (FP) and the number of unpredicted items that are liked by the user (FN) and finally the F1 criterion (which is a combination of Precision and Recall criteria) performs better than the comparison methods. Also, this method is robust against the shilling attacks by detecting fake profiles and ignoring them in the recommendation process, and the evaluation criteria before and after shilling attacks show this.

computer science, information systems

Ya-Fei Yang

DOI: https://doi.org/10.1007/s11390-009-9277-5

2008-01-01

Abstract:>Recently,online rating systems are gaining popularity.Dealing with unfair ratings in such systems has been recognized as an important but challenging problem.Many unfair rating detection approaches have been developed and evaluated against simple attack models.However,the lack of unfair rating data from real human users and realistic attack behavior models has become an obstacle toward developing reliable rating systems.To solve this problem,we design and launch a rating challenge to collect unfair rating data from real human users.In order to broaden the scope of the data collection,we also develop a comprehensive signal-based unfair rating detection system.Based on the analysis of real attack data,we discover important features in unfair ratings,build attack models,and develop an unfair rating generator.The models and generator developed in this paper can be directly used to test current rating aggregation systems,as well as to assist the design of future rating systems.

Jun Du,Erol Gelenbe,Chunxiao Jiang,Haijun Zhang,Yong Ren,H. Vincent Poor

DOI: https://doi.org/10.1109/tifs.2018.2883000

IF: 7.231

2018-01-01

IEEE Transactions on Information Forensics and Security

Abstract:With the development of online applications based on social networks, many different approaches have emerged to evaluate the service that these applications provide. Reports made by end users regarding the consumer’s experience or opinion are commonly used to rate the quality of different online services. Therefore, ensuring the authenticity of the users’ reports, and the detection of malicious users’ dishonest reports, have both become important issues to achieve accuracy in the rating of such services. In this paper, we propose and evaluate a private-prior peer prediction-based trustworthy service rating system, which requires users to report their prior and posterior beliefs regarding whether their peers will report a high-quality opinion of the service. The reports are made to a data processing center which evaluates the users’ trustworthiness by applying a strictly proper scoring rule, and removes reports received from users whose trustworthiness rating is low. This peer prediction method is compatible with incentives to motivate users to report honestly. In addition, an unreliability index is proposed to identify malicious users, and malfunctioning or unreliable users who have a high error rate in making judgments about quality. Thus, reports with high unreliability values will also be excluded from the service rating system. By combining trustworthiness and unreliability, malicious users face the dilemma that they cannot receive both a high trustworthiness and low unreliability rating simultaneously when their reports are false. Simulation results indicate that the proposed peer prediction-based trustworthy service rating can identify malicious and unreliable behaviors effectively and motivate users to report truthfully, and that a relatively high service rating accuracy is achieved by the proposed system.

Wenqi Fan,Xiangyu Zhao,Xiao Chen,Jingran Su,Jingtong Gao,Lin Wang,Qidong Liu,Yiqi Wang,Han Xu,Lei Chen,Qing Li

DOI: https://doi.org/10.48550/arXiv.2209.10117

2022-09-21

Abstract:As one of the most successful AI-powered applications, recommender systems aim to help people make appropriate decisions in an effective and efficient way, by providing personalized suggestions in many aspects of our lives, especially for various human-oriented online services such as e-commerce platforms and social media sites. In the past few decades, the rapid developments of recommender systems have significantly benefited human by creating economic value, saving time and effort, and promoting social good. However, recent studies have found that data-driven recommender systems can pose serious threats to users and society, such as spreading fake news to manipulate public opinion in social media sites, amplifying unfairness toward under-represented groups or individuals in job matching services, or inferring privacy information from recommendation results. Therefore, systems' trustworthiness has been attracting increasing attention from various aspects for mitigating negative impacts caused by recommender systems, so as to enhance the public's trust towards recommender systems techniques. In this survey, we provide a comprehensive overview of Trustworthy Recommender systems (TRec) with a specific focus on six of the most important aspects; namely, Safety & Robustness, Nondiscrimination & Fairness, Explainability, Privacy, Environmental Well-being, and Accountability & Auditability. For each aspect, we summarize the recent related technologies and discuss potential research directions to help achieve trustworthy recommender systems in the future.

Information Retrieval,Artificial Intelligence,Cryptography and Security,Machine Learning

Li Yang,Xinxin Niu

DOI: https://doi.org/10.1007/s40747-021-00357-2

2021-04-15

Abstract:Abstract Shilling attacks have been a significant vulnerability of collaborative filtering (CF) recommender systems, and trust in CF recommender algorithms has been proven to be helpful for improving the accuracy of system recommendations. As a few studies have been devoted to trust in this area, we explore the benefits of using trust to resist shilling attacks. Rather than simply using user-generated trust values, we propose the genre trust degree, which differ in terms of the genres of items and take both trust value and user credibility into consideration. This paper introduces different types of shilling attack methods in an attempt to study the impact of users’ trust values and behavior features on defending against shilling attacks. Meanwhile, it improves the approach used to calculate user similarities to form a recommendation model based on genre trust degrees. The performance of the genre trust-based recommender system is evaluated on the Ciao dataset. Experimental results demonstrated the superior and comparable genre trust degrees recommended for defending against different types of shilling attacks.

computer science, artificial intelligence

Xiu Li,Xinwei Yan,Lulu Xie,Chang Men

DOI: https://doi.org/10.1109/iccsnt.2015.7490805

2015-01-01

Abstract:The rapid development of the Internet and e-commerce has accumulated numerous data about products, services and customers, which contains meaningful information that recommender system can utilize to realize a more accurate recommendation. In daily life, it is nature for users to seek suggestion from a friend and the more professional and intimated the friend is, the more impact the suggestion has on the user's final decision. Inspired by this phenomenon, we develop a recommendation approach based on social trust network. In this paper, we take advantage of homogeneous effect in trust relations to calculate user similarities and build a personal weighted trust work. A trust propagation mechanism is proposed to attain trustworthy users and then we use a dynamic recommendation algorithm based on random walk model to achieve accurate recommendation. In the end, several comparing experiments are conducted to demonstrate the improvement of our recommendation method.

Zhanjiang Chen,H. Vicky Zhao

DOI: https://doi.org/10.1109/ICASSP39728.2021.9415012

2021-01-01

Abstract:The past decades witness the rise and proliferation of online reputation systems. These reputation systems are vulnerable to malicious attacks, and most recent studies have focused on how to better defend the system. This paper aims to analyze the optimal attacking strategy, especially when considering the "message-based persuasion" phenomenon where users' ratings tend to be influenced by earlier ones. Based on a simple model of users' herding behavior in reputation systems, we study how attackers can explore this phenomenon to attack the system more effectively, and quantitatively analyze the optimal attacking strategies. This investigation is critical to the design of defensive mechanisms, and to the protection of online reputation systems.

Wei Chen,Simon Fong

DOI: https://doi.org/10.1109/ICDIM.2010.5664676

2011-01-01

Abstract:Recommender systems have been proposed to exploit the potential of social network by filtering the information and offer recommendations to a user that he is predicted to like. Collaborative Filtering (CF) is believed to be a suitable underlying technique for recommender systems on social network, because CF gathers tastes of similar users; and social network provides such a collaborative social environment. One inherent challenge however for running CF on social network is quantitative estimation of trust between friends. Although many researchers investigated trust metrics and models in social network, none so far has efficiently integrated them in a CF algorithm. The contribution of this paper is a framework of collaborative filtering on social network, and a novel approach in measuring trust factors by data-mining over a survey dataset provided by The Facebook Project. The quantitatively estimated trust factors can be used as input parameters in the CF algorithm. Facebook is taken as a case study here to illustrate the concepts.

David Koll,Martin Schwarzmaier,Jun Li,Xiang-Yang Li,Xiaoming Fu

DOI: https://doi.org/10.1109/icdcsw.2017.67

2017-01-01

Abstract:Online Social Networks (OSNs) have become a rewarding target for attackers. One particularly popular attack is the Sybil attack, in which the adversary creates many fake accounts called Sybils in order to, for instance, distribute spam or manipulate voting results. A first generation of defense systems tried to detect these Sybils by analyzing changes in the structure of the OSN graph unfortunately with limited success. Based on these efforts a second generation of solutions enriches the graph structural approaches with higher-level user features in order to detect Sybil nodes more efficiently. In this work we provide an in-depth analysis of these defenses. We describe their common design and working principles, analyze their vulnerabilities, and design simple yet effective attack strategies that an adversary could launch to circumvent these systems. In our evaluation we reveal that an miscreant can exploit the credulity of OSN users and follow a targeted attack strategy to successfully avoid detection by all existing approaches.