• Corpus ID: 239049393

PipAttack: Poisoning Federated Recommender Systems forManipulating Item Promotion

  title={PipAttack: Poisoning Federated Recommender Systems forManipulating Item Promotion},
  author={Shijie Zhang and Hongzhi Yin and Tong Chen and Zi-Liang Huang and Quoc Viet Hung Nguyen and Li-zhen Cui},
Due to the growing privacy concerns, decentralization emerges rapidly in personalized services, especially recommendation. Also, recent studies have shown that centralized models are vulnerable to poisoning attacks, compromising their integrity. In the context of recommender systems, a typical goal of such poisoning attacks is to promote the adversary’s target items by interfering with the training dataset and/or process. Hence, a common practice is to subsume recommender systems under the… 

Figures from this paper


Practical Data Poisoning Attack against Next-Item Recommendation
This paper focuses on a general next-item recommendation setting and proposes a practical poisoning attack approach named LOKI against blackbox recommendation systems, which achieves better attacking performance than existing methods.
Adversarial attacks on an oblivious recommender
A formulation for learning to attack a recommender as a repeated general-sum game between two players, i.e., an adversary and aRecommender oblivious to the adversary's existence, and a non-trivial algorithm building upon zero-order optimization techniques is provided.
FedGNN: Federated Graph Neural Network for Privacy-Preserving Recommendation
A federated framework for privacy-preserving GNN-based recommendation, which can collectively train GNN models from decentralized user data and meanwhile exploit high-order useritem interaction information with privacy well protected is proposed.
Poisoning Attacks to Graph-Based Recommender Systems
A systematic study on poisoning attacks to graph-based recommender systems, which considers an attacker's goal is to promote a target item to be recommended to as many users as possible and proposes techniques to solve the optimization problem.
FedFast: Going Beyond Average for Faster Training of Federated Recommender Systems
A novel technique is presented, FedFast, to accelerate distributed learning which achieves good accuracy for all users very early in the training process, by sampling from a diverse set of participating clients in each training round and applying an active aggregation method that propagates the updated model to the other clients.
Graph Embedding for Recommendation against Attribute Inference Attacks
The proposed GERAI binds the information perturbation mechanism in differential privacy with the recommendation capability of graph convolutional networks and innovatively devise a dual-stage encryption paradigm to simultaneously enforce privacy guarantee on users’ sensitive features and the model optimization process.
Limited Knowledge Shilling Attacks in Collaborative Filtering Systems
Recent research in recommender systems has shown that collaborative filtering algorithms are highly susceptible to attacks that insert biased profile data. Theoretical analyses and empirical
Shilling recommender systems for fun and profit
Four open questions are explored that may affect the effectiveness of shilling attacks on recommender systems: which recommender algorithm is being used, whether the application is producing recommendations or predictions, how detectable the attacks are by the operator of the system, and what the properties are of the items being attacked.
Attacking Black-box Recommendations via Copying Cross-domain User Profiles
The proposed framework CopyAttack is a reinforcement learning based black-box attacking method that harnesses real users from a source domain by copying their profiles into the target domain with the goal of promoting a subset of items.
The Unfairness of Popularity Bias in Recommendation
The experimental results on a movie dataset show that in many recommendation algorithms the recommendations the users get are extremely concentrated on popular items even if a user is interested in long-tail and non-popular items showing an extreme bias disparity.