Alper Bilge

Shilling attacks against recommender systems: a comprehensive survey

Online vendors employ collaborative filtering algorithms to provide recommendations to their customers so that they can increase their sales and profits. Although recommendation schemes are successful in e-commerce sites, they are vulnerable to shilling or profile injection attacks. On one hand, online shopping sites utilize collaborative filtering schemes to enhance their competitive edge over other companies. On the other hand, malicious users and/or competing vendors might decide to insert fake profiles into the user-item matrices in such a way so that they can affect the predicted ratings on behalf of their advantages. In the past decade, various studies have been conducted to scrutinize different shilling attacks strategies, profile injection attack types, shilling attack detection schemes, robust algorithms proposed to overcome such attacks, and evaluate them with respect to accuracy, cost/benefit, and overall performance. Due to their popularity and importance, we survey about shilling attacks in collaborative filtering algorithms. Giving an overall picture about various shilling attack types by introducing new classification attributes is imperative for further research. Explaining shilling attack detection schemes in detail and robust algorithms proposed so far might open a lead to develop new detection schemes and enhance such robust algorithms further, even propose new ones. Thus, we describe various attack types and introduce new dimensions for attack classification. Detailed description of the proposed detection and robust recommendation algorithms are given. Moreover, we briefly explain evaluation of the proposed schemes. We conclude the paper by discussing various open questions.

A Novel Shilling Attack Detection Method

Abstract Recommender systems provide an impressive way to overcome information overload problem. However, they are vulnerable to profile injection or shilling attacks. Malicious users and/or parties might construct fake profiles and inject them into user-item databases to increase or decrease the popularity of some target products. Hence, they may have an effective impact on produced predictions. To eliminate such malicious impact, detecting shilling profiles becomes imperative. In this work, we propose a novel shilling attack detection method for particularly specific attacks based on bisecting k-means clustering approach, which provides that attack profiles are gathered in a leaf node of a binary decision tree. After evaluating our method, we perform experiments using a benchmark data set to analyze it with respect to success of attack detection. Our empirical outcomes show that the method is extremely successful on detecting specific attack profiles like bandwagon, segment, and average attack.

Robustness analysis of privacy-preserving model-based recommendation schemes

Privacy-preserving model-based recommendation methods are preferable over privacy-preserving memory-based schemes due to their online efficiency. Model-based prediction algorithms without privacy concerns have been investigated with respect to shilling attacks. Similarly, various privacy-preserving model-based recommendation techniques have been proposed to handle privacy issues. However, privacy-preserving model-based collaborative filtering schemes might be subjected to shilling or profile injection attacks. Therefore, their robustness against such attacks should be scrutinized. In this paper, we investigate robustness of four well-known privacy-preserving model-based recommendation methods against six shilling attacks. We first apply masked data-based profile injection attacks to privacy-preserving k-means-, discrete wavelet transform-, singular value decomposition-, and item-based prediction algorithms. We then perform comprehensive experiments using real data to evaluate their robustness against profile injection attacks. Next, we compare non-private model-based methods with their privacy-preserving correspondences in terms of robustness. Moreover, well-known privacy-preserving memory- and model-based prediction methods are compared with respect to robustness against shilling attacks. Our empirical analysis show that couple of model-based schemes with privacy are very robust.

Robustness analysis of multi-criteria collaborative filtering algorithms against shilling attacks

Abstract Collaborative filtering is an emerging recommender system technique that aims guiding users based on other customers preferences with behavioral similarities. Such correspondences are located based on preference history of users. A relatively new extension of traditional collaborative filtering schemes takes into account not only how much a user likes an item, but also why she likes the item by collecting multi-criteria preferences focusing on distinctive features of the items. These multi-criteria collaborative filtering systems have the potential to improve recommender system accuracy since they reveal multiple views of users on products. However, due to providing more insightful recommendations, such systems might be subjected to malicious attacks more substantially than the traditional ones. Attackers attempt to insert fake profiles to bias outputs of these systems in favor of a particular product or disrepute the system itself. Since outputs of expert systems directly dependent on input signals; interventions to the inputs coherently cause failures on productions of such systems. In this study, we examine shilling attack strategies against multi-criteria preference collections, how to extend well-known attack scenarios against these systems, and propose an alternative attacking scheme. We analyze the robustness of baseline multi-criteria recommendation algorithms regarding various similarity aggregation procedures against proposed attacking schemes by the extensive experimental investigation. Empirical results on real-world data demonstrate that these systems are highly vulnerable to manipulations and proper attack detection practices are needed to ensure recommendation quality. According to our findings, manipulative attempts at such expert systems mislead decision-making process.

A review on deep learning for recommender systems: challenges and remedies

Recommender systems are effective tools of information filtering that are prevalent due to increasing access to the Internet, personalization trends, and changing habits of computer users. Although existing recommender systems are successful in producing decent recommendations, they still suffer from challenges such as accuracy, scalability, and cold-start. In the last few years, deep learning, the state-of-the-art machine learning technique utilized in many complex tasks, has been employed in recommender systems to improve the quality of recommendations. In this study, we provide a comprehensive review of deep learning-based recommendation approaches to enlighten and guide newbie researchers interested in the subject. We analyze compiled studies within four dimensions which are deep learning models utilized in recommender systems, remedies for the challenges of recommender systems, awareness and prevalence over recommendation domains, and the purposive properties. We also provide a comprehensive quantitative assessment of publications in the field and conclude by discussing gained insights and possible future work on the subject.