Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
139 tokens/sec
GPT-4o
47 tokens/sec
Gemini 2.5 Pro Pro
43 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

On the resilience of Collaborative Learning-based Recommender Systems Against Community Detection Attack (2306.08929v2)

Published 15 Jun 2023 in cs.IR, cs.CR, cs.LG, and cs.SI

Abstract: Collaborative-learning-based recommender systems emerged following the success of collaborative learning techniques such as Federated Learning (FL) and Gossip Learning (GL). In these systems, users participate in the training of a recommender system while maintaining their history of consumed items on their devices. While these solutions seemed appealing for preserving the privacy of the participants at first glance, recent studies have revealed that collaborative learning can be vulnerable to various privacy attacks. In this paper, we study the resilience of collaborative learning-based recommender systems against a novel privacy attack called Community Detection Attack (CDA). This attack enables an adversary to identify community members based on a chosen set of items (eg., identifying users interested in specific points-of-interest). Through experiments on three real recommendation datasets using two state-of-the-art recommendation models, we evaluate the sensitivity of an FL-based recommender system as well as two flavors of Gossip Learning-based recommender systems to CDA. The results show that across all models and datasets, the FL setting is more vulnerable to CDA compared to Gossip settings. Furthermore, we assess two off-the-shelf mitigation strategies, namely differential privacy (DP) and a \emph{Share less} policy, which consists of sharing a subset of less sensitive model parameters. The findings indicate a more favorable privacy-utility trade-off for the \emph{Share less} strategy, particularly in FedRecs.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (77)
  1. TensorFlow: Large-scale machine learning on heterogeneous systems, 2015. Software available from tensorflow.org.
  2. Deep learning with differential privacy. In Proceedings of the 2016 ACM SIGSAC conference on computer and communications security, pages 308–318, 2016.
  3. Federated collaborative filtering for privacy-preserving personalized recommendation system. arXiv preprint arXiv:1901.09888, 2019.
  4. Federank: User controlled feedback with federated recommender systems. In Advances in Information Retrieval: 43rd European Conference on IR Research, ECIR 2021, Virtual Event, March 28–April 1, 2021, Proceedings, Part I 43, pages 32–47. Springer, 2021.
  5. How to put users in control of their data in federated top-n recommendation with learning to rank. In Proceedings of the 36th Annual ACM Symposium on Applied Computing, pages 1359–1362, 2021.
  6. Large-scale differentially private bert. arXiv preprint arXiv:2108.01624, 2021.
  7. Differential privacy has disparate impact on model accuracy. Advances in neural information processing systems, 32, 2019.
  8. Pepper: Empowering user-centric recommender systems over gossip learning. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, 6(3):1–27, 2022.
  9. Who started this rumor? quantifying the natural differential privacy of gossip protocols. In 34th International Symposium on Distributed Computing (DISC 2020). Schloss Dagstuhl-Leibniz-Zentrum für Informatik, 2020.
  10. Recommender systems survey. Knowledge-based systems, 46:109–132, 2013.
  11. Membership inference attacks from first principles. In 43rd IEEE Symposium on Security and Privacy, SP 2022, San Francisco, CA, USA, May 22-26, 2022, pages 1897–1914. IEEE, 2022.
  12. Secure federated matrix factorization. IEEE Intelligent Systems, 36(5):11–20, 2020.
  13. Practical privacy preserving poi recommendation. ACM Transactions on Intelligent Systems and Technology (TIST), 11(5):1–20, 2020.
  14. Practical attribute reconstruction attack against federated learning. IEEE Transactions on Big Data, 2022.
  15. Friendship and mobility: user movement in location-based social networks. In Chid Apté, Joydeep Ghosh, and Padhraic Smyth, editors, Proceedings of the 17th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, San Diego, CA, USA, August 21-24, 2011, pages 1082–1090. ACM, 2011.
  16. Early detection of diabetes mellitus using differentially private SGD in federated learning. In 19th IEEE/ACS International Conference on Computer Systems and Applications, AICCSA 2022, Abu Dhabi, United Arab Emirates, December 5-8, 2022, pages 1–8. IEEE, 2022.
  17. Towards privacy-preserving mobile applications with federated learning: The case of matrix factorization (poster). In Proceedings of the 17th annual international conference on mobile systems, applications, and services, pages 624–625, 2019.
  18. The algorithmic foundations of differential privacy. Foundations and Trends® in Theoretical Computer Science, 9(3–4):211–407, 2014.
  19. Pmf: A privacy-preserving human mobility prediction framework via federated learning. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, 4(1):1–21, 2020.
  20. Personalized ranking metric embedding for next new poi recommendation. In IJCAI’15 Proceedings of the 24th International Conference on Artificial Intelligence, pages 2069–2075. ACM, 2015.
  21. Privacy aspects of recommender systems. Recommender systems handbook, pages 649–688, 2015.
  22. Label inference attacks against vertical federated learning. In 31st USENIX Security Symposium (USENIX Security 22), pages 1397–1414, 2022.
  23. Dplcf: differentially private local collaborative filtering. In Proceedings of the 43rd International ACM SIGIR Conference on Research and Development in Information Retrieval, pages 961–970, 2020.
  24. Privacy threats against federated matrix factorization. arXiv preprint arXiv:2007.01587, 2020.
  25. John Reuben Gilbert. Secure aggregation is not all you need: Mitigating privacy attacks with noise tolerance in federated learning. arXiv preprint arXiv:2211.06324, 2022.
  26. Cs-mia: Membership inference attack based on prediction confidence series in federated learning. Journal of Information Security and Applications, 67:103201, 2022.
  27. I know nothing about you but here is what you might like. In 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pages 439–450. IEEE, 2017.
  28. Prefer: Point-of-interest recommendation with efficiency and privacy-preservation via federated edge learning. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, 5(1):1–25, 2021.
  29. Understanding the scope and impact of the california consumer privacy act of 2018. Journal of Data Protection & Privacy, 2(3):234–253, 2019.
  30. Neural collaborative filtering. In Proceedings of the 26th international conference on world wide web, pages 173–182, 2017.
  31. Decentralized recommendation based on matrix factorization: A comparison of gossip and federated learning. In PKDD/ECML Workshops, 2019.
  32. Gossip learning as a decentralized alternative to federated learning. In Distributed Applications and Interoperable Systems: 19th IFIP WG 6.1 International Conference, DAIS 2019, Held as Part of the 14th International Federated Conference on Distributed Computing Techniques, DisCoTec 2019, Kongens Lyngby, Denmark, June 17–21, 2019, Proceedings 19, pages 74–90. Springer, 2019.
  33. GI Ivchenko and SA Honov. On the jaccard similarity test. Journal of Mathematical Sciences, 88:789–794, 1998.
  34. Evaluating differentially private machine learning in practice. In Nadia Heninger and Patrick Traynor, editors, 28th USENIX Security Symposium, USENIX Security 2019, Santa Clara, CA, USA, August 14-16, 2019, pages 1895–1912. USENIX Association, 2019.
  35. Evaluating differentially private machine learning in practice. In USENIX Security Symposium, 2019.
  36. The peer sampling service: Experimental evaluation of unstructured gossip-based implementations. In Middleware 2004: ACM/IFIP/USENIX International Middleware Conference, Toronto, Canada, October 18-22, 2004. Proceedings 5, pages 79–98. Springer, 2004.
  37. On the privacy guarantees of gossip protocols in general networks. IEEE Transactions on Network Science and Engineering, 2023.
  38. Client-specific property inference against secure aggregation in federated learning. 2023.
  39. Adam: A method for stochastic optimization. arXiv preprint arXiv:1412.6980, 2014.
  40. Advances in collaborative filtering. Recommender systems handbook, pages 91–142, 2021.
  41. Towards ubiquitous personalized music recommendation with smart bracelets. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, 6(3):1–34, 2022.
  42. The connected vertex cover problem in k-regular graphs. Journal of Combinatorial Optimization, 38:635–645, 2019.
  43. Fedrec++: Lossless federated recommendation with explicit feedback. In Proceedings of the AAAI conference on artificial intelligence, volume 35, pages 4224–4231, 2021.
  44. On privacy and personalization in cross-silo federated learning. Advances in Neural Information Processing Systems, 35:5925–5940, 2022.
  45. Content-based recommender systems: State of the art and trends. Recommender systems handbook, pages 73–105, 2011.
  46. Recommender systems. Physics reports, 519(1):1–49, 2012.
  47. A novel attribute reconstruction attack in federated learning. arXiv preprint arXiv:2108.06910, 2021.
  48. Experience: Large scale indoor location-based service in libraries. In Adjunct Proceedings of the 2023 ACM International Joint Conference on Pervasive and Ubiquitous Computing & the 2023 ACM International Symposium on Wearable Computing, pages 391–395, 2023.
  49. Communication-efficient learning of deep networks from decentralized data. In Artificial intelligence and statistics, pages 1273–1282. PMLR, 2017.
  50. Araneola: A scalable reliable multicast system for dynamic environments. Journal of Parallel and Distributed Computing, 68(12):1539–1560, 2008.
  51. Marcos Modenesi. Omnetpy: Omnet++ meets python, 2020.
  52. Fedfast: Going beyond average for faster training of federated recommender systems. In Proceedings of the 26th ACM SIGKDD international conference on knowledge discovery & data mining, pages 1234–1242, 2020.
  53. On the privacy of decentralized machine learning. arXiv preprint arXiv:2205.08443, 2022.
  54. Fedpoirec: Privacy-preserving federated poi recommendation with social influence. Information Sciences, 623:767–790, 2023.
  55. Steffen Rendle. Factorization machines. In 2010 IEEE International conference on data mining, pages 995–1000. IEEE, 2010.
  56. Pprox: efficient privacy for recommendation-as-a-service. In Proceedings of the 22nd International Middleware Conference, pages 14–26, 2021.
  57. Membership inference attacks against machine learning models. In 2017 IEEE Symposium on Security and Privacy, SP 2017, San Jose, CA, USA, May 22-26, 2017, pages 3–18. IEEE Computer Society, 2017.
  58. Systematic evaluation of privacy risks of machine learning models. In 30th USENIX Security Symposium (USENIX Security 21), pages 2615–2632, 2021.
  59. Omnet++ discrete event simulator, 2020.
  60. Are those steps worth your privacy?: Fitness-tracker users’ perceptions of privacy and utility. Proc. ACM Interact. Mob. Wearable Ubiquitous Technol., 5(4):181:1–181:41, 2021.
  61. Paul Voigt and Axel Von dem Bussche. The eu general data protection regulation (gdpr). A Practical Guide, 1st Ed., Cham: Springer International Publishing, 10(3152676):10–5555, 2017.
  62. Vehicular edge computing based driver recommendation system using federated learning. In 2020 IEEE 17th International Conference on Mobile Ad Hoc and Sensor Systems (MASS), pages 675–683. IEEE, 2020.
  63. Fast-adapting and privacy-preserving federated recommender system. The VLDB Journal, pages 1–20, 2021.
  64. Who is concerned about what? a study of american, chinese and indian users’ privacy concerns on social network sites: (short paper). In Trust and Trustworthy Computing: 4th International Conference, TRUST 2011, Pittsburgh, PA, USA, June 22-24, 2011. Proceedings 4, pages 146–153. Springer, 2011.
  65. Blurme: Inferring and obfuscating user gender based on ratings. In Proceedings of the sixth ACM conference on Recommender systems, pages 195–202, 2012.
  66. Nicholas C Wormald et al. Models of random regular graphs. London Mathematical Society Lecture Note Series, pages 239–298, 1999.
  67. Modeling user activity preference by leveraging user spatial temporal characteristics in lbsns. IEEE Transactions on Systems, Man, and Cybernetics: Systems, 45(1):129–142, 2014.
  68. Enhanced membership inference attacks against machine learning models. In Heng Yin, Angelos Stavrou, Cas Cremers, and Elaine Shi, editors, Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, CCS 2022, Los Angeles, CA, USA, November 7-11, 2022, pages 3093–3106. ACM, 2022.
  69. Privacy risk in machine learning: Analyzing the connection to overfitting. In 31st IEEE Computer Security Foundations Symposium, CSF 2018, Oxford, United Kingdom, July 9-12, 2018, pages 268–282. IEEE Computer Society, 2018.
  70. Interaction-level membership inference attack against federated recommender systems. In Proceedings of the ACM Web Conference 2023, pages 1053–1062, 2023.
  71. Interaction-level membership inference attack against federated recommender systems. In Ying Ding, Jie Tang, Juan F. Sequeda, Lora Aroyo, Carlos Castillo, and Geert-Jan Houben, editors, Proceedings of the ACM Web Conference 2023, WWW 2023, Austin, TX, USA, 30 April 2023 - 4 May 2023, pages 1053–1062. ACM, 2023.
  72. Understanding deep learning requires rethinking generalization. CoRR, abs/1611.03530, 2016.
  73. Understanding deep learning (still) requires rethinking generalization. Communications of the ACM, 64(3):107–115, 2021.
  74. Membership inference attacks against recommender systems. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, pages 864–879, 2021.
  75. Comprehensive privacy analysis on federated recommender system against attribute inference attacks. IEEE Transactions on Knowledge and Data Engineering, 2023.
  76. Secure aggregation in federated learning is not private: Leaking user data at large scale through model modification. arXiv preprint arXiv:2303.12233, 2023.
  77. Medical imaging deep learning with differential privacy. Scientific Reports, 11(1):1–8, 2021.

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now