Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
102 tokens/sec
GPT-4o
59 tokens/sec
Gemini 2.5 Pro Pro
43 tokens/sec
o3 Pro
6 tokens/sec
GPT-4.1 Pro
50 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

User Consented Federated Recommender System Against Personalized Attribute Inference Attack (2312.16203v1)

Published 23 Dec 2023 in cs.IR, cs.CR, and cs.LG

Abstract: Recommender systems can be privacy-sensitive. To protect users' private historical interactions, federated learning has been proposed in distributed learning for user representations. Using federated recommender (FedRec) systems, users can train a shared recommendation model on local devices and prevent raw data transmissions and collections. However, the recommendation model learned by a common FedRec may still be vulnerable to private information leakage risks, particularly attribute inference attacks, which means that the attacker can easily infer users' personal attributes from the learned model. Additionally, traditional FedRecs seldom consider the diverse privacy preference of users, leading to difficulties in balancing the recommendation utility and privacy preservation. Consequently, FedRecs may suffer from unnecessary recommendation performance loss due to over-protection and private information leakage simultaneously. In this work, we propose a novel user-consented federated recommendation system (UC-FedRec) to flexibly satisfy the different privacy needs of users by paying a minimum recommendation accuracy price. UC-FedRec allows users to self-define their privacy preferences to meet various demands and makes recommendations with user consent. Experiments conducted on different real-world datasets demonstrate that our framework is more efficient and flexible compared to baselines.

PDF HTML Abstract
Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Bookmark Chat Bubble Oval Streamline Icon: https://streamlinehq.com Chat (Pro)
Definition Search Book Streamline Icon: https://streamlinehq.com
References (54)
  1. Federated collaborative filtering for privacy-preserving personalized recommendation system. arXiv preprint arXiv:1901.09888 (2019).
  2. Hacking smart machines with smarter ones: How to extract meaningful data from machine learning classifiers. International Journal of Security and Networks 10, 3 (2015), 137–150.
  3. Raghavendran Balu and Teddy Furon. 2016. Differentially private matrix factorization using sketching techniques. In Proceedings of the 4th ACM Workshop on Information Hiding and Multimedia Security. 57–62.
  4. Privacy-aware recommendation with private-attribute protection using adversarial learning. In Proceedings of the 13th International Conference on Web Search and Data Mining. 34–42.
  5. Graph convolutional matrix completion. arXiv preprint arXiv:1706.02263 (2017).
  6. Avishek Bose and William Hamilton. 2019. Compositional fairness constraints for graph embeddings. In International Conference on Machine Learning. PMLR, 715–724.
  7. ” You might also like:” Privacy risks of collaborative filtering. In 2011 IEEE Symposium on Security and Privacy. IEEE, 231–246.
  8. Secure federated matrix factorization. IEEE Intelligent Systems 36, 5 (2020), 11–20.
  9. Bias and debias in recommender system: A survey and future directions. arXiv preprint arXiv:2010.03240 (2020).
  10. Revisiting graph based collaborative filtering: A linear residual graph convolutional network approach. In Proceedings of the AAAI Conference on Artificial Intelligence, Vol. 34. 27–34.
  11. Club: A contrastive log-ratio upper bound of mutual information. In International Conference on Machine Learning. PMLR, 1779–1788.
  12. Alexandra Chouldechova. 2017. Fair prediction with disparate impact: A study of bias in recidivism prediction instruments. Big data 5, 2 (2017), 153–163.
  13. Privacy at scale: Local differential privacy in practice. In Proceedings of the 2018 International Conference on Management of Data. 1655–1658.
  14. Mukund Deshpande and George Karypis. 2004. Item-based top-n recommendation algorithms. ACM Transactions on Information Systems (TOIS) 22, 1 (2004), 143–177.
  15. Collaborative memory network for recommendation systems. In The 41st International ACM SIGIR Conference on Research & Development in Information Retrieval. 515–524.
  16. A multi-view deep learning approach for cross domain user modeling in recommendation systems. In Proceedings of the 24th international conference on world wide web. 278–288.
  17. Graph neural networks for social recommendation. In The World Wide Web Conference. 417–426.
  18. Neil Zhenqiang Gong and Bin Liu. 2016. You are who you know and how you behave: Attribute inference attacks via users’ social friends and behaviors. In 25th USENIX Security Symposium (USENIX Security 16). 979–995.
  19. F Maxwell Harper and Joseph A Konstan. 2015. The movielens datasets: History and context. Acm Transactions on Interactive Intelligent Systems (TIIS) 5, 4 (2015), 1–19.
  20. Mining implicit entity preference from user-item interaction data for knowledge graph completion via adversarial learning. In Proceedings of The Web Conference 2020. 740–751.
  21. Neural collaborative filtering. In Proceedings of the 26th International Conference on World Wide Web. 173–182.
  22. Learning privacy-preserving graph convolutional network with partially observed sensitive attributes. In Proceedings of the ACM Web Conference 2022. 3552–3561.
  23. Qi Hu and Yangqiu Song. 2023. Independent Distribution Regularization for Private Graph Embedding. In Proceedings of the 32nd ACM International Conference on Information and Knowledge Management. 823–832.
  24. Jinyuan Jia and Neil Zhenqiang Gong. 2018. {{\{{AttriGuard}}\}}: A practical defense against attribute inference attacks via adversarial machine learning. In 27th USENIX Security Symposium (USENIX Security 18). 513–529.
  25. Fism: factored item similarity models for top-n recommender systems. In Proceedings of the 19th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. 659–667.
  26. Federated optimization: Distributed machine learning for on-device intelligence. arXiv preprint arXiv:1610.02527 (2016).
  27. Matrix factorization techniques for recommender systems. Computer 42, 8 (2009), 30–37.
  28. Solomon Kullback and Richard A Leibler. 1951. On information and sufficiency. The annals of mathematical statistics 22, 1 (1951), 79–86.
  29. Privacy adversarial network: representation learning for mobile data privacy. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies 3, 4 (2019), 1–18.
  30. Zhifeng Luo and Zhanli Chen. 2014. A privacy preserving group recommender based on cooperative perturbation. In 2014 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery. IEEE, 106–111.
  31. Recommender systems with social regularization. In Proceedings of the fourth ACM international conference on Web search and data mining. 287–296.
  32. Communication-efficient learning of deep networks from decentralized data. In Artificial Intelligence and Statistics. PMLR, 1273–1282.
  33. Personalized privacy-preserving social recommendation. In Proceedings of the AAAI Conference on Artificial Intelligence, Vol. 32.
  34. Stronger Privacy for Federated Collaborative Filtering With Implicit Feedback. In Fifteenth ACM Conference on Recommender Systems. 342–350.
  35. Fedfast: Going beyond average for faster training of federated recommender systems. In Proceedings of the 26th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining. 1234–1242.
  36. Vasileios Perifanis and Pavlos S Efraimidis. 2022. Federated Neural Collaborative Filtering. Knowledge-Based Systems 242 (2022), 108441.
  37. Privacy-Preserving News Recommendation Model Learning. In Findings of the Association for Computational Linguistics: EMNLP 2020. 1423–1432.
  38. Charles D Raab. 1998. The distribution of privacy risks: Who needs protection? The information society 14, 4 (1998), 263–274.
  39. LoPub: high-dimensional crowdsourced data publication with local differential privacy. IEEE Transactions on Information Forensics and Security 13, 9 (2018), 2151–2166.
  40. Paul Resnick and Hal R Varian. 1997. Recommender systems. Commun. ACM 40, 3 (1997), 56–58.
  41. Privacy enhanced matrix factorization for recommendation with local differential privacy. IEEE Transactions on Knowledge and Data Engineering 30, 9 (2018), 1770–1782.
  42. Privacy-Preserving Representation Learning on Graphs: A Mutual Information Perspective. In Proceedings of the 27th ACM SIGKDD Conference on Knowledge Discovery & Data Mining. 1667–1676.
  43. Kgat: Knowledge graph attention network for recommendation. In Proceedings of the 25th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining. 950–958.
  44. Neural graph collaborative filtering. In Proceedings of the 42nd international ACM SIGIR conference on Research and development in Information Retrieval. 165–174.
  45. Beyond inferring class representatives: User-level privacy leakage from federated learning. In IEEE INFOCOM 2019-IEEE Conference on Computer Communications. IEEE, 2512–2520.
  46. Fedgnn: Federated graph neural network for privacy-preserving recommendation. arXiv preprint arXiv:2102.04925 (2021).
  47. Graph neural networks in recommender systems: a survey. arXiv preprint arXiv:2011.02260 (2020).
  48. Relational collaborative filtering: Modeling multiple item relations for recommendation. In Proceedings of the 42nd international ACM SIGIR Conference on Research and Development in Information Retrieval. 125–134.
  49. Deep Matrix Factorization Models for Recommender Systems. In Proceedings of the Twenty-Sixth International Joint Conference on Artificial Intelligence, IJCAI-17. 3203–3209.
  50. Federated machine learning: Concept and applications. ACM Transactions on Intelligent Systems and Technology (TIST) 10, 2 (2019), 1–19.
  51. Privacy concerns in online recommender systems: influences of control and user data input. In 10th Symposium On Usable Privacy and Security (SOUPS 2014). 159–173.
  52. Membership Inference Attacks Against Recommender Systems. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. 864–879.
  53. Deep learning based recommender system: A survey and new perspectives. ACM Computing Surveys (CSUR) 52, 1 (2019), 1–38.
  54. Graph embedding for recommendation against attribute inference attacks. In Proceedings of the Web Conference 2021. 3002–3014.
User Edit Pencil Streamline Icon: https://streamlinehq.com
Authors (2)
  1. Qi Hu (33 papers)
  2. Yangqiu Song (196 papers)
Citations (4)
View on Semantic Scholar