Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
119 tokens/sec
GPT-4o
56 tokens/sec
Gemini 2.5 Pro Pro
43 tokens/sec
o3 Pro
6 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Poisoning Decentralized Collaborative Recommender System and Its Countermeasures (2404.01177v1)

Published 1 Apr 2024 in cs.CR and cs.IR

Abstract: To make room for privacy and efficiency, the deployment of many recommender systems is experiencing a shift from central servers to personal devices, where the federated recommender systems (FedRecs) and decentralized collaborative recommender systems (DecRecs) are arguably the two most representative paradigms. While both leverage knowledge (e.g., gradients) sharing to facilitate learning local models, FedRecs rely on a central server to coordinate the optimization process, yet in DecRecs, the knowledge sharing directly happens between clients. Knowledge sharing also opens a backdoor for model poisoning attacks, where adversaries disguise themselves as benign clients and disseminate polluted knowledge to achieve malicious goals like promoting an item's exposure rate. Although research on such poisoning attacks provides valuable insights into finding security loopholes and corresponding countermeasures, existing attacks mostly focus on FedRecs, and are either inapplicable or ineffective for DecRecs. Compared with FedRecs where the tampered information can be universally distributed to all clients once uploaded to the cloud, each adversary in DecRecs can only communicate with neighbor clients of a small size, confining its impact to a limited range. To fill the gap, we present a novel attack method named Poisoning with Adaptive Malicious Neighbors (PAMN). With item promotion in top-K recommendation as the attack objective, PAMN effectively boosts target items' ranks with several adversaries that emulate benign clients and transfers adaptively crafted gradients conditioned on each adversary's neighbors. Moreover, with the vulnerabilities of DecRecs uncovered, a dedicated defensive mechanism based on user-level gradient clipping with sparsified updating is proposed. Extensive experiments demonstrate the effectiveness of the poisoning attack and the robustness of our defensive mechanism.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (49)
  1. Federated collaborative filtering for privacy-preserving personalized recommendation system. arXiv preprint arXiv:1901.09888 (2019).
  2. Distributed Distillation for On-Device Learning. In Neural Information Processing Systems.
  3. Machine learning with adversaries: Byzantine tolerant gradient descent. Advances in neural information processing systems 30 (2017).
  4. Privacy preserving point-of-interest recommendation using decentralized matrix factorization. In Proceedings of the AAAI Conference on Artificial Intelligence, Vol. 32.
  5. Federated meta-learning with fast convergence and efficient communication. arXiv preprint arXiv:1802.07876 (2018).
  6. Deep neural networks for youtube recommendations. In Proceedings of the 10th ACM conference on recommender systems. 191–198.
  7. A decentralized recommendation engine in the social internet of things. In Adjunct Publication of the 28th ACM Conference on User Modeling, Adaptation and Personalization. 77–82.
  8. A human-centered decentralized architecture and recommendation engine in SIoT. User Modeling and User-Adapted Interaction 32, 3 (2022), 297–353.
  9. Shilling attacks against recommender systems: a comprehensive survey. Artificial Intelligence Review 42 (2014), 767–799.
  10. DeepFM: a factorization-machine based neural network for CTR prediction. arXiv preprint arXiv:1703.04247 (2017).
  11. PREFER: Point-of-interest REcommendation with efficiency and privacy-preservation via Federated Edge leaRning. Proceedings of the ACM on Interactive Mobile Wearable and Ubiquitous Technologies 5, 1 (2021), 1–25.
  12. F Maxwell Harper and Joseph A Konstan. 2015. The movielens datasets: History and context. Acm transactions on interactive intelligent systems (tiis) 5, 4 (2015), 1–19.
  13. Neural collaborative filtering. In Proceedings of the 26th international conference on world wide web. 173–182.
  14. A REVIEW OF ATTACKS AND ITS DETECTION ATTRIBUTES ON COLLABORATIVE RECOMMENDER SYSTEMS. International Journal of Advanced Research in Computer Science 8, 7 (2017).
  15. Application of random walks to decentralized recommender systems. In International Conference On Principles Of Distributed Systems. Springer, 48–63.
  16. Decentralized Collaborative Learning Framework for Next POI Recommendation. TOIS (2022).
  17. Model-Agnostic Decentralized Collaborative Learning for On-Device POI Recommendation. In Proceedings of the 46th International ACM SIGIR Conference on Research and Development in Information Retrieval. 423–432.
  18. Physical Trajectory Inference Attack and Defense in Decentralized POI Recommendation. arXiv preprint arXiv:2401.14583 (2024).
  19. Image-based recommendations on styles and substitutes. In Proceedings of the 38th international ACM SIGIR conference on research and development in information retrieval. 43–52.
  20. Communication-Efficient Learning of Deep Networks from Decentralized Data. In AISTATS. 1273–1282.
  21. Comprehensive privacy analysis of deep learning: Passive and active white-box inference attacks against centralized and federated learning. In 2019 IEEE symposium on security and privacy (SP). IEEE, 739–753.
  22. A distributed locality-sensitive hashing-based approach for cloud service recommendation from multi-source data. IEEE Journal on Selected Areas in Communications 35, 11 (2017), 2616–2624.
  23. Semi-decentralized federated ego graph learning for recommendation. In Proceedings of the ACM Web Conference 2023. 339–348.
  24. Towards Personalized Privacy: User-Governed Data Contribution for Federated Recommendation. arXiv preprint arXiv:2401.17630 (2024).
  25. Budgeted embedding table for recommender systems. In Proceedings of the 17th ACM International Conference on Web Search and Data Mining. 557–566.
  26. BPR: Bayesian personalized ranking from implicit feedback. arXiv preprint arXiv:1205.2618 (2012).
  27. Poisoning deep learning based recommender model in federated learning scenarios. arXiv preprint arXiv:2204.13594 (2022).
  28. FedRecAttack: model poisoning attack to federated recommendation. In 2022 IEEE 38th International Conference on Data Engineering (ICDE). IEEE, 2643–2655.
  29. A Survey on Federated Recommendation Systems. arXiv preprint arXiv:2301.00767 (2022).
  30. Data poisoning attacks against federated learning systems. In Computer Security–ESORICS 2020: 25th European Symposium on Research in Computer Security, ESORICS 2020, Guildford, UK, September 14–18, 2020, Proceedings, Part I 25. Springer, 480–501.
  31. A location-sentiment-aware recommender system for both home-town and out-of-town users. In Proceedings of the 23rd ACM SIGKDD international conference on knowledge discovery and data mining. 1135–1143.
  32. Next Point-of-Interest Recommendation on Resource-Constrained Mobile Devices. In WWW ’20: The Web Conference 2020.
  33. FedAttack: Effective and covert poisoning attack on federated recommendation via hard sampling. In SIGKDD. 4164–4172.
  34. Efficient on-device session-based recommendation. ACM Transactions on Information Systems 41, 4 (2023), 1–24.
  35. Federated recommendation systems. In Federated Learning. Springer, 225–239.
  36. DPMF: Decentralized Probabilistic Matrix Factorization for Privacy-Preserving Recommendation. Applied Sciences 12, 21 (2022), 11118.
  37. Device-Cloud Collaborative Learning for Recommendation. arXiv preprint arXiv:2104.06624 (2021).
  38. A Decentralized Collaborative Learning Framework Across Heterogeneous Devices for Personalized Predictive Analytics. (2022).
  39. Byzantine-robust distributed learning: Towards optimal statistical rates. In International Conference on Machine Learning. PMLR, 5650–5659.
  40. On-Device Recommender Systems: A Comprehensive Survey. arXiv:2401.11441 [cs.IR]
  41. Interaction-level membership inference attack against federated recommender systems. arXiv preprint arXiv:2301.10964 (2023).
  42. Federated unlearning for on-device recommendation. In Proceedings of the Sixteenth ACM International Conference on Web Search and Data Mining. 393–401.
  43. Manipulating Visually Aware Federated Recommender Systems and Its Countermeasures. ACM Transactions on Information Systems 42, 3 (2023), 1–26.
  44. A survey on federated learning. Knowledge-Based Systems 216 (2021), 106775.
  45. Double-scale self-supervised hypergraph learning for group recommendation. In Proceedings of the 30th ACM international conference on information & knowledge management. 2557–2567.
  46. PipAttack: Poisoning Federated Recommender Systems forManipulating Item Promotion. arXiv preprint arXiv:2110.10926 (2021).
  47. Pipattack: Poisoning federated recommender systems for manipulating item promotion. In Proceedings of the Fifteenth ACM International Conference on Web Search and Data Mining. 1415–1423.
  48. A survey of large language models. arXiv preprint arXiv:2303.18223 (2023).
  49. Decentralized Collaborative Learning with Adaptive Reference Data for On-Device POI Recommendation. arXiv preprint arXiv:2401.13448 (2024).
User Edit Pencil Streamline Icon: https://streamlinehq.com
Authors (6)
  1. Ruiqi Zheng (11 papers)
  2. Liang Qu (22 papers)
  3. Tong Chen (200 papers)
  4. Kai Zheng (134 papers)
  5. Yuhui Shi (44 papers)
  6. Hongzhi Yin (210 papers)
Citations (3)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now