Accuracy and robustness impacts of power user attacks on collaborative recommender systems

Seminario, Carlos E.

doi:10.1145/2507157.2508070

Cited by 13 publications

(10 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To be clear, the power user attack in our research is not about having many actual power users collude to mount an attack, rather, it is about being able to generate a set of synthetic power user profiles that, when entered into a RS database, can effectively bias the recommendations. We found that Power User Attacks (PUAs) are able to successfully impact SVD-based and user-based recommenders [16,19,20]; we also confirmed previous research [8,11,20] that item-based systems are fairly robust to attack.…”

Section: Introductionsupporting

confidence: 88%

“…The PUA consists of one or more user profiles containing item ratings (called attack user profiles) that push or nuke a specific item. The PUA demonstrated that influential users can impact recommendations for user-based and SVD-based systems; to a much lesser extent, item-based systems can also be impacted [19,16,20]. These attacks were successful because power users are able to correlate with many non-power users to impact the target item ratings.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Attacking item-based recommender systems with power items

Seminario

Wilson

2014

Proceedings of the 8th ACM Conference on Recommender Systems

Self Cite

View full text Add to dashboard Cite

Recommender Systems (RS) are vulnerable to attack by malicious users who intend to bias the recommendations for their own benefit. Research in this area has developed attack models, detection methods, and mitigation schemes to understand and protect against such attacks. For Collaborative Filtering RSs, model-based approaches such as item-based and matrix-factorization were found to be more robust to many types of attack. Advice in designing for system robustness has thus been to employ model-based approaches. Our recent work with the Power User Attack (PUA), however, determined that attackers disguised as influential users can successfully attack (from the attacker's viewpoint) SVD-based recommenders, as well as user-based. But item-based systems remained robust to the PUA. In this paper we investigate a new, complementary attack model, the Power Item Attack (PIA), that uses influential items to successfully attack RSs. We show that the PIA is able to impact not only user-based and SVD-based recommenders but also the heretofore highly robust item-based approach, using a novel multi-target attack vector.

show abstract

Section: Introductionsupporting

confidence: 88%

Section: Related Workmentioning

confidence: 99%

Attacking item-based recommender systems with power items

Seminario

Wilson

2014

Proceedings of the 8th ACM Conference on Recommender Systems

Self Cite

View full text Add to dashboard Cite

show abstract

“…12) PUA-AS attack: The top 50 users with the highest Aggregate Similarity scores become the selected set of power users. This method requires at least 5 co-rated items between user u and user v and does not use significance weighting [21]. 13) PUA-ID attack: Based on the In-Degree centrality concept from social network analysis, power users are those who participate in the highest number of neighborhoods.…”

Section: Attack Profiles and Attack Modelsmentioning

confidence: 99%

“…For each user u compute its similarity with every other user v applying significance weighting, then discard all but the top 50 neighbors for each user u. Count the number of similarity scores for each user v and select the top 50 user v's [21]. 14) PUA-NR attack: Power users are the users with the highest number of ratings.…”

Section: Attack Profiles and Attack Modelsmentioning

confidence: 99%

Re-scale AdaBoost for attack detection in collaborative filtering recommender systems

Yang

Cai

et al. 2016

Knowledge-Based Systems

View full text Add to dashboard Cite

Collaborative filtering recommender systems (CFRSs) are the key components of successful e-commerce systems. Actually, CFRSs are highly vulnerable to attacks since its openness. However, since attack size is far smaller than that of genuine users, conventional supervised learning based detection methods could be too "dull" to handle such imbalanced classification. In this paper, we improve detection performance from following two aspects. First, we extract well-designed features from user profiles based on the statistical properties of the diverse attack models, making hard classification task becomes easier to perform. Then, refer to the general idea of re-scale Boosting (RBoosting) and AdaBoost, we apply a variant of AdaBoost, called the rescale AdaBoost (RAdaBoost) as our detection method based on extracted features. RAdaBoost is comparable to the optimal Boosting-type algorithm and can effectively improve the performance in some hard scenarios. Finally, a series of experiments on the MovieLens-100K data set are conducted to demonstrate the outperformance of RAdaBoost comparing with some classical techniques such as SVM, kNN and AdaBoost. 2[29] and AdaBoost [9, 10], we apply a variant of Boosting algorithm, called the re-scale AdaBoost (RAdaBoost) as our detection method based on extracted features. RBoosting is theoretically and experimentally proved to be better than the classical Boosting algorithm [17]. Furthermore, the theoretical near optimality of the numerical convergence of RBoosting among all the variants of the Boosting-type algorithms was also specified. This means that if the parameter is appropriately selected, RBoosting is comparable to the optimal Boosting-type algorithm. And AdaBoost [9, 10] is one of the most popular ensemble techniques paradigm and has been shown to be very effective in practice in some hard scenarios [13]. Typically, AdaBoost employs re-weighted loss function for gradually increasing emphasis (or weights) on misclassifications (i.e., concerned attackers) and can distinctly improve the predictive performance on a difficult data set. Thus, with the help of the re-scale operator, RAdaBoost can be used in conjunction with many other types of learning algorithms (or weak learners) to improve the performance in "shilling" attacks detection. Finally, a series of experiments on the MovieLens-100K dataset are conducted to demonstrate the outperformance (i.e., classification error, detection rate and false alarm rate) of RAdaBoost comparing with conventional classification techniques such as SVM, kNN and the original non-rescale AdaBoost version. The experimental results show that RAdaBoost can effectively improve the performance.

show abstract

“…These users should represent the interests of the whole population as fully as possible and/or be capable to influence the preferences of others. Such set of users is referred to as seed users or seeds , representative users , influential users (Rashid 2007), power users (Seminario and Wilson 2014) or leaders (Esslimani et al 2013).…”

Section: Cold-start Problem In Collaborative Filteringmentioning

confidence: 99%

Identifying representative users in matrix factorization-based recommender systems: application to solving the content-less new item cold-start problem

et al. 2016

View full text Add to dashboard Cite

Matrix factorization has proven to be one of the most accurate recommendation approaches. However, it faces one major shortcoming: the latent features that result from the factorization are not directly interpretable. Providing interpretation for these features is important not only to help explain the recommendations presented to users, but also to understand the underlying relations between the users and the items. This paper consists of 2 contributions. First, we propose to automatically interpret features as users, referred to as representative users. This interpretation relies on the study of the matrices that result from the factorization and on their link with the original rating matrix. Such an interpretation is not only performed automatically, as it does not require any human expertise, but it also helps to explain the recommendations. The second proposition of this paper is to exploit this interpretation to alleviate the content-less new item cold-start problem. The experiments conducted on several benchmark datasets confirm that the features discovered by a NonNegative Matrix Factorization can be interpreted as users and that representative users are a reliable source of information that allows to accurately estimate ratings on new items. They are thus a promising way to solve the new item cold-start problem.

show abstract

Accuracy and robustness impacts of power user attacks on collaborative recommender systems

Cited by 13 publications

References 16 publications

Attacking item-based recommender systems with power items

Attacking item-based recommender systems with power items

Re-scale AdaBoost for attack detection in collaborative filtering recommender systems

Identifying representative users in matrix factorization-based recommender systems: application to solving the content-less new item cold-start problem

Contact Info

Product

Resources

About