Cong Li,Zhigang Luo

DOI: https://doi.org/10.1109/socpar.2011.6089138

2011-01-01

Abstract:Collaborative filtering recommender systems are essentially information systems which are capable of combining the judgment of a large group of people to make personalized recommendations and thereby alleviate the so-called information overload problem. However,collaborative filtering recommender systems are generally vulnerable to shilling attacks. Attackers can inject carefully chosen profiles into recommender systems in order to bias the recommendation results to their benefits. This may lead to a significant negative impact on the robustness of the systems. The main contribution of this paper is to build a probabilistic model for attack detection in the framework of probabilistic generative model. Experimental results show that this model can effectively detect shilling attacks of typical types.

Qingxian Wang,Meng Wan,Mingsheng Shang,Shimin Cai

DOI: https://doi.org/10.6138/jit.2017.18.5.20130715

2015-01-01

Abstract:Collaborative filtering is a technique widely used in online recommendation systems nowadays. However, it is vulnerable from manipulation by malicious users who often create some fake account (or shilling) profiles to influence the results of recommender systems. To identify the fake users, existing algorithms usually utilize certain characteristics of shilling profiles, of which the drawbacks are the low precision and the requirement of a large size of training set. In this paper, we develop a clustering based method to find the shilling attackers by incorporating the information of user ratings and the attribute of user profiles. The users are firstly self-organizedly clustered into several groups based on the integrated information of the rating features and the attributes of user profile, then the malicious user group is identified through the GRDMA (Group Rating Deviation from Mean Agreement) values of user group. Instead of identifying attacker one by one, the proposed algorithm finds the malicious users at the collective level, which provids a novel way to analyse and detect shilling attack. The experimental results performed on MovieLens dataset demonstrate that the proposed algorithm is effective and robust in three typical kinds of shilling attack models, especially when the attack size and the filler size are sufficiently high.

Gaofeng Cao,Huan Zhang,Yuyou Fan,Li Kuang

DOI: https://doi.org/10.18293/seke2018-134

2018-01-01

Abstract:Recommender system is widely used as an important tool in various fields for effectively dealing with information overload, and collaborative filtering algorithm plays a vital role in the system.However, such system is highly vulnerable to malicious attacks, especially shilling attack because of data openness and independence.Therefore, detecting shilling attack has become an important issue to ensure the security of recommender system.Most of existing methods for detecting shilling attack are based on rating classification features and their limitation is that they are easily to be interfered by obfuscation techniques.Moreover, traditional detection algorithms can not handle multiple types of shilling attack flexibly.In order to solve these problems, in this paper, we propose an outlier degree shilling attack detection algorithm based on dynamic feature selection.By considering the differences of user choosing items and taking user popularity as a detection metric, as well as using information entropy to select detection metrics dynamically, a variety of shilling attack models can be dealt with flexibly.Experiments show that the algorithm has stronger detection performance and interference immunity in shilling attack detection.

LI Cong,LUO Zhi-Gang,SHI Jin-Long

DOI: https://doi.org/10.3724/sp.j.1004.2011.00160

2011-01-01

ACTA AUTOMATICA SINICA

Abstract:Shilling attack is one of the significant security problems involved in recommender systems. Developing detection algorithms against shilling attacks has become the key to guaranteeing both the preciseness and robustness of recommender systems. Considering the low degree of unsupervised features the existing algorithms suffer from, this paper proposes an iterative Bayesian inference genetic detection algorithm (IBIGDA) through the introduction of the quantitative metric for the group effect of attack profiles and the corresponding object function for genetic optimization. This algorithm combines the posterior inference for the adaptive parameters with the process of attack detection, thus relaxes the dependence of the detection performance on the relating prior knowledge of the systems. Experimental results show that this algorithm can effectively detect shilling attacks of typical types.

Wei Zhou,Junhao Wen,Qiang Qu,Jun Zeng,Tian Cheng

DOI: https://doi.org/10.1371/journal.pone.0196533

IF: 3.7

2018-05-09

PLoS ONE

Abstract:Recommender systems are vulnerable to shilling attacks. Forged user-generated content data, such as user ratings and reviews, are used by attackers to manipulate recommendation rankings. Shilling attack detection in recommender systems is of great significance to maintain the fairness and sustainability of recommender systems. The current studies have problems in terms of the poor universality of algorithms, difficulty in selection of user profile attributes, and lack of an optimization mechanism. In this paper, a shilling behaviour detection structure based on abnormal group user findings and rating time series analysis is proposed. This paper adds to the current understanding in the field by studying the credibility evaluation model in-depth based on the rating prediction model to derive proximity-based predictions. A method for detecting suspicious ratings based on suspicious time windows and target item analysis is proposed. Suspicious rating time segments are determined by constructing a time series, and data streams of the rating items are examined and suspicious rating segments are checked. To analyse features of shilling attacks by a group user's credibility, an abnormal group user discovery method based on time series and time window is proposed. Standard testing datasets are used to verify the effect of the proposed method.

multidisciplinary sciences

Wei Zhou,Junhao Wen,Yun Sing Koh,Qingyu Xiong,Min Gao,Gillian Dobbie,Shafiq Alam

DOI: https://doi.org/10.1371/journal.pone.0130968

IF: 3.7

2015-07-29

PLoS ONE

Abstract:Recommender systems are highly vulnerable to shilling attacks, both by individuals and groups. Attackers who introduce biased ratings in order to affect recommendations, have been shown to negatively affect collaborative filtering (CF) algorithms. Previous research focuses only on the differences between genuine profiles and attack profiles, ignoring the group characteristics in attack profiles. In this paper, we study the use of statistical metrics to detect rating patterns of attackers and group characteristics in attack profiles. Another question is that most existing detecting methods are model specific. Two metrics, Rating Deviation from Mean Agreement (RDMA) and Degree of Similarity with Top Neighbors (DegSim), are used for analyzing rating patterns between malicious profiles and genuine profiles in attack models. Building upon this, we also propose and evaluate a detection structure called RD-TIA for detecting shilling attacks in recommender systems using a statistical approach. In order to detect more complicated attack models, we propose a novel metric called DegSim' based on DegSim. The experimental results show that our detection model based on target item analysis is an effective approach for detecting shilling attacks.

Aditya Chichani,Juzer Golwala,Tejas Gundecha,Kiran Gawande

DOI: https://doi.org/10.1109/ICCCNT.2018.8494141

2024-04-25

Abstract:Considering the premise that the number of products offered grow in an exponential fashion and the amount of data that a user can assimilate before making a decision is relatively small, recommender systems help in categorizing content according to user preferences. Collaborative filtering is a widely used method for computing recommendations due to its good performance. But, this method makes the system vulnerable to attacks which try to bias the recommendations. These attacks, known as 'shilling attacks' are performed to push an item or nuke an item in the system. This paper proposes an algorithm to detect such shilling profiles in the system accurately and also study the effects of such profiles on the recommendations.

Information Retrieval,Artificial Intelligence,Cryptography and Security,Machine Learning

Keke Chen,Patrick P. K. Chan,Fei Zhang,Qiaoqiao Li

DOI: https://doi.org/10.1007/s13042-018-0861-2

2019-01-01

International Journal of Machine Learning and Cybernetics

Abstract:Although collaborative filtering achieves satisfying performance in recommender systems, many studies suggest that it is vulnerable by shilling attack aimed to manipulate the recommending frequency of a target item by injecting malicious user profiles. The existing attack methods usually generate malicious profiles by rating the item selected randomly. However, as these rating patterns are different from the real users, who have their own preferences on items, these attack methods can be easily detected by shilling attack detection, which significantly reduces the attack ability. Although some attack methods consider disguise ability, these methods require too much information from real users. This study proposes a shilling attack which generates malicious samples with strong attack ability and similarity to real users. To imitate the rating behavior of genuine users, our attack model considers both rated item correlation and item popularity when choosing items to rate. The profiles generated by our attack model is expected to be more similar to real user profiles, which increases the disguise ability. We also investigate whether and how rated item correlation of real user profiles is different from the ones generated by our method and the existing shilling attack. The experimental results confirm that our method achieves the highest attack ability after removing the suspected profiles identified by PCA-based and SVM-based shilling attack detection. The study confirms the correlation of rated item is a critical factor of the robustness of recommender systems.

Gaofeng Cao,Huan Zhang,Jianbo Zheng,Li Kuang,Yu Duan

DOI: https://doi.org/10.1142/s0218194019500360

IF: 1.007

2019-01-01

International Journal of Software Engineering and Knowledge Engineering

Abstract:Recommender system is widely used in various fields for dealing with information overload effectively, and collaborative filtering plays a vital role in the system. However, recommender system suffers from its vulnerabilities by malicious attacks significantly, especially, shilling attacks because of the open nature of recommender system and the dependence on data. Therefore, detecting shilling attack has become an important issue to ensure the security of recommender system. Most of the existing methods of detecting shilling attack are based on user ratings, and one limitation is that they are likely to be interfered by obfuscation techniques. Moreover, traditional detection algorithms cannot handle different types of shilling attacks flexibly. In order to solve the problems, we proposed an outlier degree shilling attack detection algorithm by using dynamic feature selection. Considering the differences when users choose items, we combined rating-based indicators with user popularity, and utilized the information entropy to select detection indicators dynamically. Therefore, a variety of shilling attack models can be dealt with flexibility in this way. The experiments show that the proposed algorithm can achieve better detection performance and interference immunity.

Fei Zhang,Patrick P.K. Chan,Zhi-Min He,Daniel S. Yeung

DOI: https://doi.org/10.3233/ida-230575

IF: 1.7

2024-01-01

Intelligent Data Analysis

Abstract:A recommender system is susceptible to manipulation through the injection of carefully crafted profiles. Some recent profile identification methods only perform well in specific attack scenarios. A general attack detection method is usually complicated or requires label samples. Such methods are prone to overtraining easily, and the process of annotation incurs high expenses. This study proposes an unsupervised divide-and-conquer method aiming to identify attack profiles, utilizing a specifically designed model for each kind of shilling attack. Initially, our method categorizes the profile set into two attack types, namely Standard and Obfuscated Behavior Attacks. Subsequently, profiles are separated into clusters within the extracted feature space based on the identified attack type. The selection of attack profiles is then determined through target item analysis within the suspected cluster. Notably, our method offers the advantage of requiring no prior knowledge or annotation. Furthermore, the precision is heightened as the identification method is designed to a specific attack type, employing a less complicated model. The outstanding performance of our model, validated through experimental results on MovieLens-100K and Netflix under various attack settings, demonstrates superior accuracy and reduced running time compared to current detection methods in identifying Standard and Obfuscated Behavior Attacks.

Keke Chen,Patrick R. K. Chan,Daniel S. Yeung

DOI: https://doi.org/10.1109/icmlc.2018.8526971

2018-01-01

Abstract:Collaborative filtering is one of the most effective methods to deal with the information overload problem by providing a suitable recommendation to users. Recent research indicates that collaborative filtering is vulnerable to shilling attack which aims at manipulating the recommendation result through injecting malicious profiles. Our previous study suggests that applying the rated item correlation to supervised learning increases the accuracy of shilling attack detection. However, label information collection is one drawback of the supervised learning. In this study, an unsupervised detection based on the rated item correlation analysis is devised. The influence of the parameters on the detection accuracy is also discussed. The experimental results demonstrate that our proposed unsupervised detection model achieve a satisfying performance in shilling detection in MovieLens 100K dataset.

Yongfeng Zhang,Yunzhi Tan,Min Zhang,Yiqun Liu,Tat-Seng Chua,Shaoping Ma

2015-01-01

Abstract:Many e-commerce systems allow users to express their opinions towards products through user reviews systems. The user generated reviews not only help other users to gain a more insightful view of the products, but also help online businesses to make targeted improvements on the products or services. Besides, they compose the key component of various personalized recommender systems. However, the existence of spam user accounts in the review systems introduce unfavourable disturbances into personalized recommendation by promoting or degrading targeted items intentionally through fraudulent reviews. Previous shilling attack detection algorithms usually deal with a specific kind of attacking strategy, and are exhausted to handle with the continuously emerging new cheating methods. In this work, we propose to conduct shilling attack detection for more informed recommendation by fraudulent action propagation on the reviews themselves, without caring about the specific underlying cheating strategy, which allows us a unified and flexible framework to detect the spam users.

Reda A. Zayed,Lamiaa Fattouh Ibrahim,Hesham A. Hefny,Hesham A. Salman,Abdulaziz AlMohimeed,Lamiaa F. Ibrahim

DOI: https://doi.org/10.1109/access.2023.3289404

IF: 3.9

2023-01-01

IEEE Access

Abstract:The stability and reliability of filtration and recommender systems are crucial for continuous operation. The presence of fake profiles, known as “shilling attacks,” can undermine the reliability of these systems. Therefore, it is important to detect and classify these attacks. Numerous techniques for detecting shilling attacks have been proposed, including supervised, semi-supervised, unsupervised, Deep Learning, and hyper deep learning methods. These techniques utilize well-known shilling attack models to target collaborative recommender systems. While previous research has focused on evaluating shilling attack strategies from a global perspective, considering factors such as attack size and attacker’s knowledge, there is a lack of comparative studies on the various existing and commonly used attack detection methods. This paper aims to fill this gap by providing a comprehensive survey of shilling attack models, detection attributes, and detection algorithms. Furthermore, we explore the traits of injected profiles that are exploited by detection algorithms, which has not been thoroughly investigated in prior works. We also conduct experimental studies on popular attack detection methods. Our experimental results reveal that hybrid deep learning algorithms exhibit the highest performance in shilling detection, followed by supervised learning algorithms and semi-supervised learning algorithms. In contrast, the unsupervised technique performs poorly. The deep learning-based Shilling Attack Detection demonstrates accuracy and quality in accurately identifying a variety of mixed attacks. This study provides valuable insights into shilling attack models, detection attributes, and detection algorithms. Our findings highlight the superior performance of hybrid deep learning algorithms in shilling detection, as well as the limitations of unsupervised techniques. Deep learning-based Shilling Attack Detection showcases its effectiveness and accuracy in identifying various types of attacks.

computer science, information systems,telecommunications,engineering, electrical & electronic

Xufa Wang

2009-01-01

Computer Engineering and Applications Journal

Abstract:Collaborative filtering is a vital central technology in personalized recommendation,but it is so sensitive to user profiles,that shilling attackers can easily inject biased profiles in an attempt to force a system to adapt in a manner advantageous to them.Recent research shows that the model and the cost of shilling attacks have different impacts on attack performance.This paper analyzes the attack effectiveness of different attack models on a SVD-based collaborative filtering algorithm,and the performances of attack models with different fill sizes and attack sizes using three evaluation parameters.

Chengzhi Huang,Hui Li

2023-08-21

Abstract:Recommendation systems (RS) are crucial for alleviating the information overload problem. Due to its pivotal role in guiding users to make decisions, unscrupulous parties are lured to launch attacks against RS to affect the decisions of normal users and gain illegal profits. Among various types of attacks, shilling attack is one of the most subsistent and profitable attacks. In shilling attack, an adversarial party injects a number of well-designed fake user profiles into the system to mislead RS so that the attack goal can be achieved. Although existing shilling attack methods have achieved promising results, they all adopt the attack paradigm of multi-user injection, where some fake user profiles are required. This paper provides the first study of shilling attack in an extremely limited scenario: only one fake user profile is injected into the victim RS to launch shilling attacks (i.e., single-user injection). We propose a novel single-user injection method SUI-Attack for invisible shilling attack. SUI-Attack is a graph based attack method that models shilling attack as a node generation task over the user-item bipartite graph of the victim RS, and it constructs the fake user profile by generating user features and edges that link the fake user to items. Extensive experiments demonstrate that SUI-Attack can achieve promising attack results in single-user injection. In addition to its attack power, SUI-Attack increases the stealthiness of shilling attack and reduces the risk of being detected. We provide our implementation at: <a class="link-external link-https" href="https://github.com/KDEGroup/SUI-Attack" rel="external noopener nofollow">this https URL</a>.

Information Retrieval,Cryptography and Security

Zhiang Wu,Junjie Wu,Jie Cao,Dacheng Tao

DOI: https://doi.org/10.1145/2339530.2339684

2012-01-01

Abstract:Shilling attackers apply biased rating profiles to recommender systems for manipulating online product recommendations. Although many studies have been devoted to shilling attack detection, few of them can handle the hybrid shilling attacks that usually happen in practice, and the studies for real-life applications are rarely seen. Moreover, little attention has yet been paid to modeling both labeled and unlabeled user profiles, although there are often a few labeled but numerous unlabeled users available in practice. This paper presents a Hybrid Shilling Attack Detector, or HySAD for short, to tackle these problems. In particular, HySAD introduces MC-Relief to select effective detection metrics, and Semi-supervised Naive Bayes (SNB_lambda) to precisely separate Random-Filler model attackers and Average-Filler model attackers from normal users. Thorough experiments on MovieLens and Netflix datasets demonstrate the effectiveness of HySAD in detecting hybrid shilling attacks, and its robustness for various obfuscated strategies. A real-life case study on product reviews of Amazon.cn is also provided, which further demonstrates that HySAD can effectively improve the accuracy of a collaborative-filtering based recommender system, and provide interesting opportunities for in-depth analysis of attacker behaviors. These, in turn, justify the value of HySAD for real-world applications.

Honghao Gao,Xinheng Wang,Yuyu Yin,Muddesar Iqbal

DOI: https://doi.org/10.1007/978-3-030-12981-1

2019-01-01

Abstract:Nowadays, collaborative filtering methods have been widely applied to E-commerce platforms. However, due to its openness, a large number of spammers attack those systems to manipulate the recommendation results to earn huge profits. The shilling attack has become a major threat to collaborative filtering systems. Therefore, effectively detecting shilling attacks is a crucial task. Most existing detection methods based on statistical-based features or unsupervised methods rely on a priori knowledge about attack size. Besides, the majority of work focuses on rating attack and ignore the relation attack. In this paper, motivated by the success of heterogeneous information network and oriented towards the hybrid attack, we propose an approach DMD to detect shilling attack based on meta-path and matrix factorization. At first, we concatenate the user-item bipartite network and user-user relation network as a whole. Next, we design several meta-paths to guide the random walk to product node sequences and utilize the skip-gram model to generate user embeddings. Meanwhile, users’ latent factors are decomposed by matrix factorization. Finally, we incorporate these embeddings and factors to joint train the detector. Extensive experimental analysis on two public datasets demonstrate the superiority of the proposed method and show the effectiveness of different attack strategies and various attack sizes.

Chen Lin,Si Chen,Hui Li,Yanghua Xiao,Lianyun Li,Qian Yang

DOI: https://doi.org/10.1145/3340531.3411884

2020-01-01

Abstract:Recommendation Systems (RS) have become an essential part of many online services. Due to its pivotal role in guiding customers towards purchasing, there is a natural motivation for unscrupulous parties to spoof RS for profits. In this paper, we study the shilling attack: a subsistent and profitable attack where an adversarial party injects a number of user profiles to promote or demote a target item. Conventional shilling attack models are based on simple heuristics that can be easily detected, or directly adopt adversarial attack methods without a special design for RS. Moreover, the study on the attack impact on deep learning based RS is missing in the literature, making the effects of shilling attack against real RS doubtful. We present a novel Augmented Shilling Attack framework (AUSH) and implement it with the idea of Generative Adversarial Network. AUSH is capable of tailoring attacks against RS according to budget and complex attack goals, such as targeting a specific user group. We experimentally show that the attack impact of AUSH is noticeable on a wide range of RS including both classic and modern deep learning based RS, while it is virtually undetectable by the state-ofthe-art attack detection model.

Zhihai Yang,Zhongmin Cai,Yuan Yang

DOI: https://doi.org/10.1016/j.neucom.2017.02.052

IF: 6

2017-01-01

Neurocomputing

Abstract:Online rating systems play an important role in recommender systems. Collaborative filtering recommender systems are highly vulnerable to shilling attacks in reality. Although attack detection based on the attacks have been extensively researched over the last decade, the studies on this issue have not reached an end. Furthermore, only using the existing features is not easy to improve their detection performance. In this paper, we present an unsupervised detection method to defend such attacks, which consists of two stages. Based on the existing features of user and item, more effective features are selected using adaptive structure learning which takes advantage of adaptive local and global structure learning. In the first stage, suspected users are determined by exploiting a density-based clustering method based on the selected features. Then, the selected features of item are applied to find out suspicious items in order to further spot the concerned attackers based on the result of the first stage. Finally, the attackers can be detected. Extensive experiments on the MovieLens-100K dataset demonstrate the effectiveness of the proposed approach as compare to competing methods. It is noteworthy that discovering interesting findings including anomalous ratings and items on Amazon dataset also is investigated.

Keke Chen,Patrick P. K. Chan,Daniel S. Yeung

DOI: https://doi.org/10.1109/SMC.2018.00601

2018-01-01

Abstract:Collaborative filtering (CF) is vulnerable under shilling attack, which misleads recommendation of CF by injecting well-crafted profiles to a targeted system. Although a number of supervised learning based shilling attack detection methods are proposed, their features mainly measure rating values and items of a profile individually, but ignore the relation between items. This study aims to enhance the robustness of CF against shilling attack by considering the rated item correlation. Real users rate items based on their preferences, but rated items are randomly selected for malicious users profiles in most shilling attack. Therefore, the rated item correlation of real and malicious profiles is different. Three features are proposed to capture the information from different intervals of the distribution of rated item correlation in terms of Cosine Association (CA). A benchmark dataset, MovieLens 100K, is used to evaluate the proposed features. The discrimination ability of the proposed features is also illustrated. The experimental results suggest that the proposed features have significant contribution on shilling attack detection.