On the detection of shilling attacks in federated collaborative filtering

Yangfan Jiang, Yipeng Zhou, Di Wu*, Chao Li, Yan Wang

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review

11 Citations (Scopus)


Federated collaborative filtering (Fed-CF) is a variant of federated learning (FL) models, which can protect user privacy in recommender systems. In Fed-CF, the recommendation model is collectively trained across multiple decentralized clients by exchanging gradients only. However, the decentralized nature of Fed-CF makes it vulnerable to shilling attacks, which can be realized by inserting fake ratings of target items to distort recommendation results. Unfortunately, previous detection algorithms cannot work well in the FL framework, as all original data samples are not disclosed at all. In this paper, we are the first to systematically study the problem of shilling attacks in the context of federated learning, and propose an effective detection method called Federated Shilling Attack Detector (FSAD) to detect shilling attackers in Fed-CF. We first show the feasibility of shilling attacks in Fed-CF. Next, we dedicatedly design four novel features based on exchanged gradients among clients. By incorporating these gradient-based features, we train a semi-supervised Bayes classifier to identify shilling attackers effectively. Finally, we conduct extensive experiments based on real-world datasets to evaluate the performance of our proposed FSAD method. The experimental results show that FSAD can detect shilling attackers in Fed-CF with high accuracy, with the F1 value as high as 0.90 on the Netflix dataset, which approaches the performance of the optimal detector that utilizes complete private user information for detection.

Original languageEnglish
Title of host publicationProceedings - 2020 International Symposium on Reliable Distributed Systems, SRDS 2020
Place of PublicationPiscataway, NJ
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Number of pages10
ISBN (Electronic)9781728176260
Publication statusPublished - 2020
Event39th International Symposium on Reliable Distributed Systems, SRDS 2020 - Virtual, Shanghai, China
Duration: 21 Sept 202024 Sept 2020

Publication series

NameProceedings of the IEEE Symposium on Reliable Distributed Systems
ISSN (Print)1060-9857


Conference39th International Symposium on Reliable Distributed Systems, SRDS 2020
CityVirtual, Shanghai


  • Federated Collaborative Filtering
  • Shilling Attack
  • Attack Detection
  • Fake Rating


Dive into the research topics of 'On the detection of shilling attacks in federated collaborative filtering'. Together they form a unique fingerprint.

Cite this