General Discussion on preventing attacks on CF recommender systems

Background

There are 3 main motivations for attacks:

What strategies are out there?

But its not as simple as just that because most recommender systems utilze neighbor-based algorithms. So the attak models are more sophsicated and complicated than that. The goal for malevolent users is to insert profiles that will “appear” in the neighborhood of many.

There are several attack types[1]:

Character of profile Insertion Attacks

There 2 main attack dimensions; Push and Nuke respectively. Push Increase the prediction value of a target item while Nuke decrease the prediction value of a target item. Point to note: technically no real differences but the consequences are not equally distributed though.

Suggested Countermeasures against Attacks

One of the research studies[1] is to use model-based or hybrid algorithms and without getting into the technical details of it, the reasons are:

Other more sophisticated counter strategies uses statistical detection methods: outlier analysis such as Partition around Medoid (PAM) clustering algorithm in dete cting the attack-profiles [3]. Basically, it detect groups of users who collaborate to push/nuke items. Monitoring development of ratings in average rating, changes in rating entropy. Finally, others have researched the use machine-learning methods to discriminate real from fake profiles.

Reference 1: https://www.math.uci.edu/icamp/courses/math77b/lecture_12w

Reference 2: Bhaumik R, Williams CA, Mobasher B, Burke RD (2006) Securing collaborative filtering against malicious attacks through anomaly detection. In: Proceedings of the 4th workshop on intelligent techniques for web personalization, Boston, MA

Reference 3: Detection of Profile-injection attacks in Recommender Systemsusing Outlier Analysis. Parthasarathi Chakrabortya & Sunil Karformab