Filler Item Strategies for Shilling Attacks against Recommender Systems
20 Jan 2009-pp 1-10
TL;DR: This paper explores the importance of target item and filler items in mounting effective shilling attacks and proposes attack strategies based on intelligent selection of filler items, which are shown to be the most effective attack strategies against both user-based and item-based collaborative filtering systems.
Abstract: In recent years recommender systems have become a ubiquitous feature in e-commerce sites. However, the open nature of recommender systems makes them vulnerable to shilling attacks from malicious users. Such attacks may lead to erosion of user trust in the objectivity and accuracy of the system. One critical area of research in security of recommender systems is the study of attack models. In this paper, we propose an approach for creating attack models. Our paper explores the importance of target item and filler items in mounting effective shilling attacks. Our attack strategies are based on intelligent selection of filler items. Filler items are selected on the basis of the target item rating distribution. We propose filler item strategies for both all-user attacks and insegment attacks. We show through experiments that our attack strategies are the most effective attack strategies against both user-based and item-based collaborative filtering systems.
Citations
More filters
TL;DR: Various attack types are described and new dimensions for attack classification are introduced and detailed description of the proposed detection and robust recommendation algorithms are given.
Abstract: Online vendors employ collaborative filtering algorithms to provide recommendations to their customers so that they can increase their sales and profits. Although recommendation schemes are successful in e-commerce sites, they are vulnerable to shilling or profile injection attacks. On one hand, online shopping sites utilize collaborative filtering schemes to enhance their competitive edge over other companies. On the other hand, malicious users and/or competing vendors might decide to insert fake profiles into the user-item matrices in such a way so that they can affect the predicted ratings on behalf of their advantages. In the past decade, various studies have been conducted to scrutinize different shilling attacks strategies, profile injection attack types, shilling attack detection schemes, robust algorithms proposed to overcome such attacks, and evaluate them with respect to accuracy, cost/benefit, and overall performance. Due to their popularity and importance, we survey about shilling attacks in collaborative filtering algorithms. Giving an overall picture about various shilling attack types by introducing new classification attributes is imperative for further research. Explaining shilling attack detection schemes in detail and robust algorithms proposed so far might open a lead to develop new detection schemes and enhance such robust algorithms further, even propose new ones. Thus, we describe various attack types and introduce new dimensions for attack classification. Detailed description of the proposed detection and robust recommendation algorithms are given. Moreover, we briefly explain evaluation of the proposed schemes. We conclude the paper by discussing various open questions.
273 citations
Cites background from "Filler Item Strategies for Shilling..."
...This attack requires high level knowledge; and therefore, it is hard to implement (Burke et al. 2006b; Mehta et al. 2007a,b; Mehta and Nejdl 2008; Mobasher et al. 2007b; Ray and Mahanti 2009b)....
[...]
...Ray and Mahanti (2009a) propose an intelligent strategy for selecting filler items to realize more effective shilling attacks....
[...]
...Random attacks are easy to implement, however, not very much effective (Burke et al. 2005a,b; Burke et al. 2006a; Mobasher et al. 2007a; Mobasher et al. 2007b; Ray and Mahanti 2009b)....
[...]
TL;DR: This paper briefly discusses the related survey papers about shilling attacks in CFRSs, explains profile injection attack strategies, shilling attack detection schemes and robust recommendation algorithms proposed so far in detail, and briefly explains evaluation metrics of the proposed schemes.
Abstract: Collaborative filtering recommender systems (CFRSs) have already been proved effective to cope with the information overload problem since they merged in the past two decades. However, CFRSs are highly vulnerable to shilling or profile injection attacks since their openness. Ratings injected by malicious users seriously affect the authenticity of the recommendations as well as users’ trustiness in the recommendation systems. In the past two decades, various studies have been conducted to scrutinize different profile injection attack strategies, shilling attack detection schemes, robust recommendation algorithms, and to evaluate them with respect to accuracy and robustness. Due to their popularity and importance, we survey about shilling attacks in CFRSs. We first briefly discuss the related survey papers about shilling attacks and analyze their deficiencies to illustrate the necessity of this paper. Next we give an overall picture about various shilling attack types and their deployment modes. Then we explain profile injection attack strategies, shilling attack detection schemes and robust recommendation algorithms proposed so far in detail. Moreover, we briefly explain evaluation metrics of the proposed schemes. Last, we discuss some research directions to improve shilling attack detection rates robustness of collaborative recommendation, and conclude this paper.
78 citations
Cites background from "Filler Item Strategies for Shilling..."
...Ray and Mahanti (2009) explore the importance of target item and filler items in mounting effective shilling attacks....
[...]
TL;DR: Li et al. as discussed by the authors proposed using a generative model, Variational Autoencoder (VAE), to map original data distribution and generate new profiles based on real data, without explicit copying their actual ratings.
Abstract: Collaborative Filtering (CF) approaches are vulnerable to Shilling Attacks, in which malicious users or companies inject a large number of fake profiles in a system in order to manipulate its recommendations. One problem of current Shilling Attack models is that they commonly use straightforward statistical templates, producing profiles with different rating patterns than actual system data, which facilitates its detection, requiring a larger amount of profiles to achieve its goals. To address this problem and create profiles closer to reality, we propose using a generative model, Variational Autoencoder (VAE) to map original data distribution. With VAE, it is possible to generate new profiles based on real data, without explicit copying their actual ratings. Its generated profiles are converted to malicious profiles by adding target item rating value. We test our attack model on MovieLens 100k data set and compare to literature attack models. Our results indicate that our model outperforms all other models in model-based CF system, especially using low attack sizes (from 3% to 5%). Also, analysis comparing profiles generated from it and other approaches shows that our model ratings pattern are very similar to real profiles, which may indicate that attacks mounted using our approach may be less likely to be detected by detection approaches. Thus, we show that our attack model represents an advance on Shilling Attack models, since its superior results in model-based CF and possible indistinction from real profiles may be useful as a baseline to test detection techniques and other tasks among Shilling Attack area.
3 citations
Dissertation•
01 Aug 2012
TL;DR: This dissertation aims to provide a history of web exceptionalism from 1989 to 2002, a period chosen in order to explore its roots as well as specific cases up to and including the year in which descriptions of “Web 2.0″ began to circulate.
Abstract: University of Minnesota Ph.D. dissertation. August 2012. Major: Computer science. Advisor: John T. Riedl. 1 computer file (PDF); viii, 171 pages.
3 citations
Dissertation•
18 Jun 2015
TL;DR: A comprehensive study has been involved to process huge data sets and uses the popular collaborative filtering algorithms as the basis for proposed modifications and shows that Content- Boosted Collaborative Filtering algorithm puts forward for better performance among the other comparative algorithms and hence, feasible solutions will be obtained using Content-boosted Collaboration Filtering recommendation methods instead of other recommendation methods.
Abstract: An explosive growth of enormous information on the web, created the universe as global village. It is a big problem for getting the relevant information from the internet. Personalized Recommendation Systems may be used to get relevant information from the internet. Recommender System is to generate significant recommendations to a collection of users for items or products that might interest them. This is a powerful new technology for extracting additional value for a business from its user databases and help users find items they want to buy from a business. Real world examples for the recommender systems are amazon.com (for books) and netflix.com (for movies). Collaborative filtering is one of the important techniques in personalized recommendation systems and predicting the interests of a user by collecting preference information from many users. The Collaborative Filtering models can also hold with the situations where user profiles are supplied by observing user interactions with a system and dealt with user profiles that are obtained by requesting users to rate information items. Broadly, they are classified into (i) Memory-based Collaborative Filtering techniques such as the user-based, item-based and neighborhood-based Collaborative filtering algorithm (ii) Model-based Collaborative Filtering techniques such as Bayesian belief nets, Clustering, Singular Value Decomposition (SVD) and MDP-based Collaborative filtering and (iii) Hybrid Collaborative filtering techniques such as the Content-boosted Collaborative Filtering and Personality Diagnosis. In this thesis, a comprehensive study has been involved to process huge data sets and uses the popular collaborative filtering algorithms as the basis for proposed modifications. In the beginning, the problem of inaccurate finding and falling recommendation quality of the prediction will bring forth. Then, the user’s interest words will be collected to build the user interest model. Finally, modified algorithms have been proposed, they are 1) User based Collaborative Filtering based on Pearson Correlation which is Memory-based technique, 2) Singular Value Decomposition based on Composite Prototypes which is Model-based technique and 3) Hybrid Collaborative Filtering based on the predictions-probabilistic prototype. The experimentation is done with MovieLens dataset which is available for research purpose provided by the GroupLens Research Project agency at the University of Minnesota. The measured Mean Absolute Error (MAE) of the proposed model are compared with available models from literature and finally the performance analysis is done based on parameter MAE. The comparative analysis and comprehensive study shows that Content-boosted Collaborative Filtering algorithm puts forward for better performance among the other comparative algorithms and hence, feasible solutions will be obtained using Content-boosted Collaborative Filtering recommendation methods instead of other recommendation methods.
2 citations
Cites background from "Filler Item Strategies for Shilling..."
...[Sanjog R and Ambuj M (2009][72] proposed an approach for creating attack models and explores the importance of target item and filler items in mounting effective shilling attacks and the attack strategies are based on intelligent selection of filler items....
[...]
References
More filters
01 Apr 2001
TL;DR: This paper analyzes item-based collaborative ltering techniques and suggests that item- based algorithms provide dramatically better performance than user-based algorithms, while at the same time providing better quality than the best available userbased algorithms.
Abstract: Recommender systems apply knowledge discovery techniques to the problem of making personalized recommendations for information, products or services during a live interaction. These systems, especially the k-nearest neighbor collaborative ltering based ones, are achieving widespread success on the Web. The tremendous growth in the amount of available information and the number of visitors to Web sites in recent years poses some key challenges for recommender systems. These are: producing high quality recommendations, performing many recommendations per second for millions of users and items and achieving high coverage in the face of data sparsity. In traditional collaborative ltering systems the amount of work increases with the number of participants in the system. New recommender system technologies are needed that can quickly produce high quality recommendations, even for very large-scale problems. To address these issues we have explored item-based collaborative ltering techniques. Item-based techniques rst analyze the user-item matrix to identify relationships between di erent items, and then use these relationships to indirectly compute recommendations for users. In this paper we analyze di erent item-based recommendation generation algorithms. We look into di erent techniques for computing item-item similarities (e.g., item-item correlation vs. cosine similarities between item vectors) and di erent techniques for obtaining recommendations from them (e.g., weighted sum vs. regression model). Finally, we experimentally evaluate our results and compare them to the basic k-nearest neighbor approach. Our experiments suggest that item-based algorithms provide dramatically better performance than user-based algorithms, while at the same time providing better quality than the best available userbased algorithms.
8,634 citations
"Filler Item Strategies for Shilling..." refers methods in this paper
...In item-based collaborative filtering [ 7 ], similarities between the various items are computed....
[...]
01 Aug 1999
2,686 citations
TL;DR: The combination of high volume and personal taste made Usenet news a promising candidate for collaborative filtering and the potential predictive utility for Usenets news was very high.
Abstract: newsgroups carry a wide enough spread of messages to make most individuals consider Usenet news to be a high noise information resource. Furthermore, each user values a different set of messages. Both taste and prior knowledge are major factors in evaluating news articles. For example, readers of the rec.humor newsgroup, a group designed for jokes and other humorous postings, value articles based on whether they perceive them to be funny. Readers of technical groups, such as comp.lang.c11 value articles based on interest and usefulness to them—introductory questions and answers may be uninteresting to an expert C11 programmer just as debates over subtle and advanced language features may be useless to the novice. The combination of high volume and personal taste made Usenet news a promising candidate for collaborative filtering. More formally, we determined the potential predictive utility for Usenet news was very high. The GroupLens project started in 1992 and completed a pilot study at two sites to establish the feasibility of using collaborative filtering for Usenet news [8]. Several critical design decisions were made as part of that pilot study, including:
2,657 citations
17 May 2004
TL;DR: Four open questions are explored that may affect the effectiveness of shilling attacks on recommender systems: which recommender algorithm is being used, whether the application is producing recommendations or predictions, how detectable the attacks are by the operator of the system, and what the properties are of the items being attacked.
Abstract: Recommender systems have emerged in the past several years as an effective way to help people cope with the problem of information overload. One application in which they have become particularly common is in e-commerce, where recommendation of items can often help a customer find what she is interested in and, therefore can help drive sales. Unscrupulous producers in the never-ending quest for market penetration may find it profitable to shill recommender systems by lying to the systems in order to have their products recommended more often than those of their competitors. This paper explores four open questions that may affect the effectiveness of such shilling attacks: which recommender algorithm is being used, whether the application is producing recommendations or predictions, how detectable the attacks are by the operator of the system, and what the properties are of the items being attacked. The questions are explored experimentally on a large data set of movie ratings. Taken together, the results of the paper suggest that new ways must be used to evaluate and detect shilling attacks on recommender systems.
639 citations
TL;DR: This study shows that both user-based and item-based algorithms are highly vulnerable to specific attack models, but that hybrid algorithms may provide a higher degree of robustness.
Abstract: Publicly accessible adaptive systems such as collaborative recommender systems present a security problem. Attackers, who cannot be readily distinguished from ordinary users, may inject biased profiles in an attempt to force a system to “adapt” in a manner advantageous to them. Such attacks may lead to a degradation of user trust in the objectivity and accuracy of the system. Recent research has begun to examine the vulnerabilities and robustness of different collaborative recommendation techniques in the face of “profile injection” attacks. In this article, we outline some of the major issues in building secure recommender systems, concentrating in particular on the modeling of attacks and their impact on various recommendation algorithms. We introduce several new attack models and perform extensive simulation-based evaluations to show which attacks are most successful and practical against common recommendation techniques. Our study shows that both user-based and item-based algorithms are highly vulnerable to specific attack models, but that hybrid algorithms may provide a higher degree of robustness. Using our formal characterization of attack models, we also introduce a novel classification-based approach for detecting attack profiles and evaluate its effectiveness in neutralizing attacks.
460 citations
"Filler Item Strategies for Shilling..." refers background or methods in this paper
...We discuss below, some of the popular attack models on which much research is focused on. A comprehensive study of different attack models can be found in [ 3 ]....
[...]
...It has been shown that segmented attack is the most effective model against in-segment users [ 3 ]....
[...]
...It has been found that this model is not very effective [ 3 ]....
[...]
...However, it has been found that average attack is more effective compared to bandwagon and segmented attack when effectiveness is measured across all users [ 3 ]....
[...]
...For implementation of segmented attack we followed the same guidelines as stated in [ 3 ]....
[...]