Eyes on Federated Recommendation: Targeted Poisoning With Competition and Its Mitigation

IF 6.3 1区 计算机科学 Q1 COMPUTER SCIENCE, THEORY & METHODS IEEE Transactions on Information Forensics and Security Pub Date : 2024-10-30 DOI:10.1109/TIFS.2024.3488500
Yurong Hao;Xihui Chen;Wei Wang;Jiqiang Liu;Tao Li;Junyong Wang;Witold Pedrycz
{"title":"Eyes on Federated Recommendation: Targeted Poisoning With Competition and Its Mitigation","authors":"Yurong Hao;Xihui Chen;Wei Wang;Jiqiang Liu;Tao Li;Junyong Wang;Witold Pedrycz","doi":"10.1109/TIFS.2024.3488500","DOIUrl":null,"url":null,"abstract":"Federated recommendation (FR) addresses privacy concerns in recommender systems by training a global model without requiring raw user data to leave individual devices. A server, known as the aggregator, integrates users’ local gradients and updates the global model parameters. However, FR is vulnerable to attacks where malicious users manipulate these updates, known as model poisoning attacks. In this work, we propose a new targeted attack called \n<monospace>StairClimbing</monospace>\n to promote specific items through model poisoning, and a new defence mechanism \n<monospace>CrossEU. StairClimbing</monospace>\n adopts a new strategy resembling stair climbing to enable target items to beat competitive items and increase their popularity level by level. Compared to prior attacks, \n<monospace>StairClimbing</monospace>\n guarantees balanced effectiveness, efficiency and stealthiness simultaneously. Our defence mechanism \n<monospace>CrossEU</monospace>\n leverages two patterns regarding the lists of items updated by benign users between iterative epochs. Extensive experiments on six real-world datasets demonstrate \n<monospace>StairClimbing</monospace>\n’s superiority across all three desirable attack properties, even with a small proportion of malicious users (1%). In addition, \n<monospace>CrossEU</monospace>\n effectively delays the impact of all tested attacks and even eliminates their damage entirely.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"19 ","pages":"10173-10188"},"PeriodicalIF":6.3000,"publicationDate":"2024-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Information Forensics and Security","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10739366/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}
引用次数: 0

Abstract

Federated recommendation (FR) addresses privacy concerns in recommender systems by training a global model without requiring raw user data to leave individual devices. A server, known as the aggregator, integrates users’ local gradients and updates the global model parameters. However, FR is vulnerable to attacks where malicious users manipulate these updates, known as model poisoning attacks. In this work, we propose a new targeted attack called StairClimbing to promote specific items through model poisoning, and a new defence mechanism CrossEU. StairClimbing adopts a new strategy resembling stair climbing to enable target items to beat competitive items and increase their popularity level by level. Compared to prior attacks, StairClimbing guarantees balanced effectiveness, efficiency and stealthiness simultaneously. Our defence mechanism CrossEU leverages two patterns regarding the lists of items updated by benign users between iterative epochs. Extensive experiments on six real-world datasets demonstrate StairClimbing ’s superiority across all three desirable attack properties, even with a small proportion of malicious users (1%). In addition, CrossEU effectively delays the impact of all tested attacks and even eliminates their damage entirely.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
关注联合推荐:有针对性的竞争中毒及其缓解措施
联合推荐(Federated recommendation,FR)通过训练一个全局模型来解决推荐系统中的隐私问题,而不需要原始用户数据离开个人设备。被称为聚合器的服务器会整合用户的本地梯度并更新全局模型参数。然而,FR 容易受到恶意用户操纵这些更新的攻击,即所谓的模型中毒攻击。在这项工作中,我们提出了一种名为 StairClimbing 的新定向攻击,通过模型中毒来推广特定项目,并提出了一种新的防御机制 CrossEU。StairClimbing 采用一种类似于爬楼梯的新策略,使目标项目能够击败竞争项目,并逐级提高其受欢迎程度。与之前的攻击相比,StairClimbing 同时保证了有效性、效率和隐蔽性的平衡。我们的防御机制 CrossEU 利用了良性用户在迭代周期之间更新项目列表的两种模式。在六个真实数据集上进行的广泛实验证明,即使恶意用户的比例很小(1%),StairClimbing 在所有三种理想的攻击属性方面都具有优势。此外,CrossEU 还能有效延迟所有测试攻击的影响,甚至完全消除其危害。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
IEEE Transactions on Information Forensics and Security
IEEE Transactions on Information Forensics and Security 工程技术-工程:电子与电气
CiteScore
14.40
自引率
7.40%
发文量
234
审稿时长
6.5 months
期刊介绍: The IEEE Transactions on Information Forensics and Security covers the sciences, technologies, and applications relating to information forensics, information security, biometrics, surveillance and systems applications that incorporate these features
期刊最新文献
Attackers Are Not the Same! Unveiling the Impact of Feature Distribution on Label Inference Attacks Backdoor Online Tracing With Evolving Graphs LHADRO: A Robust Control Framework for Autonomous Vehicles Under Cyber-Physical Attacks Towards Mobile Palmprint Recognition via Multi-view Hierarchical Graph Learning Succinct Hash-based Arbitrary-Range Proofs
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1