Abstract
Publicly accessible adaptive systems such as collaborative recommender systems present a security problem. Attackers, who cannot be readily distinguished from ordinary users, may inject biased profiles in an attempt to force a system to “adapt” in a manner advantageous to them. Such attacks may lead to a degradation of user trust in the objectivity and accuracy of the system. Recent research has begun to examine the vulnerabilities and robustness of different collaborative recommendation techniques in the face of “profile injection” attacks. In this article, we outline some of the major issues in building secure recommender systems, concentrating in particular on the modeling of attacks and their impact on various recommendation algorithms. We introduce several new attack models and perform extensive simulation-based evaluations to show which attacks are most successful and practical against common recommendation techniques. Our study shows that both user-based and item-based algorithms are highly vulnerable to specific attack models, but that hybrid algorithms may provide a higher degree of robustness. Using our formal characterization of attack models, we also introduce a novel classification-based approach for detecting attack profiles and evaluate its effectiveness in neutralizing attacks.
- Albert, M. and Aha, D. 1991. Analyses of instance-based learning algorithms. In Proceedings of the 9th National Conference on Artificial Intelligence. Morgan Kaufmann, San Francisco, CA.Google Scholar
- Berry, M., Dumais, S., and Brien, G. 1995. Using linear algebra for intelligent information retrieval. SIAM Rev. 37, 573--595. Google Scholar
Digital Library
- Billsus, D. and Pazzani, M. 2000. User modeling for adaptive news access. User-Model. User-Adapt. Interact. 10, 2--3, 147--180. Google Scholar
Digital Library
- Breese, J., Heckerman, D., and Kadie, C. 1998. Empirical analysis of predictive algorithms for collaborative filtering. In Uncertainty in Artificial Intelligence. Proceedings of the Fourteenth Conference. Morgan Kaufman, San Francisco, CA, 43--53. Google Scholar
Digital Library
- Burke, R. 2000. Knowledge-based recommender systems. In Encyclopedia of Library and Information Systems, A. Kent, Ed. Vol. 69. Marcel Dekker, New York, NY.Google Scholar
- Burke, R. 2002. Hybrid recommender systems: Survey and experiments. User-Model. User Adapt. Interact. 12, 4, 331--370. Google Scholar
Digital Library
- Burke, R., Mobasher, B., and Bhaumik, R. 2005a. Limited knowledge shilling attacks in collaborative filtering systems. In Proceedings of the 3rd IJCAI Workshop in Intelligent Techniques for Personalization (Edinburgh, Scotland).Google Scholar
- Burke, R., Mobasher, B., Williams, C., and Bhaumik, R. 2006a. Classification features for attack detection in collaborative recommender systems. In Proceedings of the ACM SIGKDD Conference on Knowledge Discovery and Data Mining (KDD'06). Google Scholar
Digital Library
- Burke, R., Mobasher, B., Williams, C., and Bhaumik, R. 2006b. Detecting profile injection attacks in collaborative recommender systems. In In Proceedings of the IEEE Joint Conference on E-Commerce Technology and Enterprise Computing, E-Commerce and E-Services (CEC/EEE 2006, Palo Alto, CA). Google Scholar
Digital Library
- Burke, R., Mobasher, B., Zabicki, R., and Bhaumik, R. 2005b. Identifying attack models for secure recommendation. In Beyond Personalization: A Workshop on the Next Generation of Recommender Systems (San Diego, CA).Google Scholar
- Chirita, P.-A., Nejdl, W., and Zamfir, C. 2005. Preventing shilling attacks in online recommender systems. In WIDM '05: Proceedings of the 7th Annual ACM International Workshop on Web Information and Data Management. ACM Press, New York, NY, 67--74. Google Scholar
Digital Library
- Haussler, D. 1990. Probably approximately correct learning. In Proceedings of the 8th National Conference on Artificial Intelligence. Morgan Kaufmann, San Francisco, CA, 1101--1108.Google Scholar
- Herlocker, J., Konstan, J., Borchers, A., and Riedl, J. 1999. An algorithmic framework for performing collaborative filtering. In Proceedings of the 22nd ACM Conference on Research and Development in Information Retrieval (SIGIR'99, Berkeley, CA). Google Scholar
Digital Library
- Herlocker, J. L., Frankowski, D., Schafer, J. B., and Sen, S. 2006. Collaborative filtering. In The Adaptive Web: Methods and Strategies of Web Personalization, P. Brusilovsky, A. Kobsa, and W. Nejdl, Eds. Springer Verlag, Berlin, Germany.Google Scholar
- Herlocker, J., Konstan, J., Tervin, L. G., and Riedl, J. 2004. Evaluating collaborative filtering recommender systems. ACM Trans. Inform. Syst. 22, 1, 5--53. Google Scholar
Digital Library
- Jin, X. and Mobasher, B. 2003. Using semantic similarity to enhance item-based collaborative filtering. In Proceedings of the 2nd IASTED International Conference on Information and Knowledge Sharing (Scottsdale, AZ).Google Scholar
- Lam, S. and Riedl, J. 2004. Shilling recommender systems for fun and profit. In Proceedings of the 13th International WWW Conference (New York, NY). Google Scholar
Digital Library
- Lang, K. 1995. Newsweeder: Learning to filter news. In Proceedings of the 12th International Conference on Machine Learning. 331--339.Google Scholar
Cross Ref
- Massa, P. and Avesani, P. 2006. Trust-aware collaborative filtering for recommender systems. In Proceedings of the 11th International Conference on Intelligent User Interfaces (Agia Napa, Cyprus).Google Scholar
- Mobasher, B. 2007. Data mining for Web personalization. In The Adaptive Web: Methods and Strategies of Web Personalization, P. Brusilovsky, A. Kobsa, and W. Nejdl, Eds. Lecture Notes in Computer Science, vol. 4321. Springer-Verlag, Berlin Heidelberg, Germany (New York, NY). Google Scholar
Digital Library
- Mobasher, B., Burke, R., Bhaumik, R., and Williams, C. 2005. Effective attack models for shilling item-based collaborative filtering systems. In Proceedings of the 2005 WebKDD Workshop, held in conjuction with ACM SIGKDD'2005, Chicago, IL).Google Scholar
- Mobasher, B., Burke, R., and Sandvig, J. 2006a. Model-based collaborative filtering as a defense against profile injection attacks. In Proceedings of the 21st National Conference on Artificial Intelligence. Google Scholar
Digital Library
- Mobasher, B., Burke, R., Williams, C., and Bhaumik, R. 2006b. Analysis and detection of segment-focused attacks against collaborative recommendation. In Proceedings of the 2005 WebKDD Workshop. Lecture Notes in Computer Science. Springer, Berlin, Germany. Google Scholar
Digital Library
- Mobasher, B., Dai, H., Luo, T., and Nakagawa, M. 2001. Effective personalization based on association rule discovery from Web Usage data. In Proceedings of the 3rd ACM Workshop on Web Information and Data Management (WIDM01, Atlanta, GA). Google Scholar
Digital Library
- Mobasher, B., Jin, X., and Zhou, Y. 2004. Semantically enhanced collaborative filtering on the web. In Web Mining: From Web to Semantic Web, Lecture Notes in Artificial Intelligence, volume 3209. Springer, Berlin, Germany.Google Scholar
- Mooney, R. J. and Roy, L. 1999. Content-based book recommending using learning for text categorization. In Proceedings of the SIGIR '99 Workshop on Recommender Systems: Algorithms and Evaluation. (Berkeley, CA).Google Scholar
- O'Donovan, J. and Smyth, B. 2006. Is trust robust?: An analysis of trust-based recommendation. In Proceedings of the 5th ACM Conference on Electronic Commerce (EC04). ACM Press, New York, NY, 101--108. Google Scholar
Digital Library
- O'Mahony, M., Hurley, N., Kushmerick, N., and Silvestre, G. 2004. Collaborative recommendation: A robustness analysis. ACM Trans. Inter. Tech. 4, 4, 344--377. Google Scholar
Digital Library
- Resnick, P., Iacovou, N., Suchak, M., Bergstrom, P., and Riedl, J. 1994. Grouplens: An open architecture for collaborative filtering of netnews. In CSCW '94: Proceedings of the 1994 ACM Conference on Computer Supported Cooperative Work. ACM Press, New York, NY, 175--186. Google Scholar
Digital Library
- Sarwar, B., Karypis, G., Konstan, J., and Riedl, J. 2001. Item-based collaborative filtering recommendation algorithms. In Proceedings of the 10th International World Wide Web Conference. (Hong Kong). Google Scholar
Digital Library
- Su, X.-F., Zeng, H.-J., and Chen., Z. 2005. Finding group shilling in recommendation system. In WWW 05: Proceedings of the 14th International Conference on the World Wide Web. Google Scholar
Digital Library
- Witten, I. H. and Frank, E. 2005. Data Mining: Practical Machine Learning Tools and Techniques, 2nd ed. Morgan Kaufmann, San Francisco, CA. Google Scholar
Digital Library
Index Terms
Toward trustworthy recommender systems: An analysis of attack models and algorithm robustness
Recommendations
Classification features for attack detection in collaborative recommender systems
KDD '06: Proceedings of the 12th ACM SIGKDD international conference on Knowledge discovery and data miningCollaborative recommender systems are highly vulnerable to attack. Attackers can use automated means to inject a large number of biased profiles into such a system, resulting in recommendations that favor or disfavor given items. Since collaborative ...
Shilling recommender systems for fun and profit
WWW '04: Proceedings of the 13th international conference on World Wide WebRecommender systems have emerged in the past several years as an effective way to help people cope with the problem of information overload. One application in which they have become particularly common is in e-commerce, where recommendation of items ...
Shilling attacks against recommender systems: a comprehensive survey
Online vendors employ collaborative filtering algorithms to provide recommendations to their customers so that they can increase their sales and profits. Although recommendation schemes are successful in e-commerce sites, they are vulnerable to shilling ...






Comments