{"title":"Eyes on Federated Recommendation: Targeted Poisoning With Competition and Its Mitigation","authors":"Yurong Hao;Xihui Chen;Wei Wang;Jiqiang Liu;Tao Li;Junyong Wang;Witold Pedrycz","doi":"10.1109/TIFS.2024.3488500","DOIUrl":null,"url":null,"abstract":"Federated recommendation (FR) addresses privacy concerns in recommender systems by training a global model without requiring raw user data to leave individual devices. A server, known as the aggregator, integrates users’ local gradients and updates the global model parameters. However, FR is vulnerable to attacks where malicious users manipulate these updates, known as model poisoning attacks. In this work, we propose a new targeted attack called \n<monospace>StairClimbing</monospace>\n to promote specific items through model poisoning, and a new defence mechanism \n<monospace>CrossEU. StairClimbing</monospace>\n adopts a new strategy resembling stair climbing to enable target items to beat competitive items and increase their popularity level by level. Compared to prior attacks, \n<monospace>StairClimbing</monospace>\n guarantees balanced effectiveness, efficiency and stealthiness simultaneously. Our defence mechanism \n<monospace>CrossEU</monospace>\n leverages two patterns regarding the lists of items updated by benign users between iterative epochs. Extensive experiments on six real-world datasets demonstrate \n<monospace>StairClimbing</monospace>\n’s superiority across all three desirable attack properties, even with a small proportion of malicious users (1%). In addition, \n<monospace>CrossEU</monospace>\n effectively delays the impact of all tested attacks and even eliminates their damage entirely.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"19 ","pages":"10173-10188"},"PeriodicalIF":6.3000,"publicationDate":"2024-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Information Forensics and Security","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10739366/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}
引用次数: 0
Abstract
Federated recommendation (FR) addresses privacy concerns in recommender systems by training a global model without requiring raw user data to leave individual devices. A server, known as the aggregator, integrates users’ local gradients and updates the global model parameters. However, FR is vulnerable to attacks where malicious users manipulate these updates, known as model poisoning attacks. In this work, we propose a new targeted attack called
StairClimbing
to promote specific items through model poisoning, and a new defence mechanism
CrossEU. StairClimbing
adopts a new strategy resembling stair climbing to enable target items to beat competitive items and increase their popularity level by level. Compared to prior attacks,
StairClimbing
guarantees balanced effectiveness, efficiency and stealthiness simultaneously. Our defence mechanism
CrossEU
leverages two patterns regarding the lists of items updated by benign users between iterative epochs. Extensive experiments on six real-world datasets demonstrate
StairClimbing
’s superiority across all three desirable attack properties, even with a small proportion of malicious users (1%). In addition,
CrossEU
effectively delays the impact of all tested attacks and even eliminates their damage entirely.
期刊介绍:
The IEEE Transactions on Information Forensics and Security covers the sciences, technologies, and applications relating to information forensics, information security, biometrics, surveillance and systems applications that incorporate these features