On the detection of shilling attacks in federated collaborative filtering

Yangfan Jiang; Yipeng Zhou; Di Wu; Chao Li; Yan Wang

doi:10.1109/SRDS51746.2020.00026

On the detection of shilling attacks in federated collaborative filtering

Yangfan Jiang, Yipeng Zhou, Di Wu^*, Chao Li, Yan Wang

^*Corresponding author for this work

School of Computing

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution › peer-review

17 Citations (Scopus)

Abstract

Federated collaborative filtering (Fed-CF) is a variant of federated learning (FL) models, which can protect user privacy in recommender systems. In Fed-CF, the recommendation model is collectively trained across multiple decentralized clients by exchanging gradients only. However, the decentralized nature of Fed-CF makes it vulnerable to shilling attacks, which can be realized by inserting fake ratings of target items to distort recommendation results. Unfortunately, previous detection algorithms cannot work well in the FL framework, as all original data samples are not disclosed at all. In this paper, we are the first to systematically study the problem of shilling attacks in the context of federated learning, and propose an effective detection method called Federated Shilling Attack Detector (FSAD) to detect shilling attackers in Fed-CF. We first show the feasibility of shilling attacks in Fed-CF. Next, we dedicatedly design four novel features based on exchanged gradients among clients. By incorporating these gradient-based features, we train a semi-supervised Bayes classifier to identify shilling attackers effectively. Finally, we conduct extensive experiments based on real-world datasets to evaluate the performance of our proposed FSAD method. The experimental results show that FSAD can detect shilling attackers in Fed-CF with high accuracy, with the F₁ value as high as 0.90 on the Netflix dataset, which approaches the performance of the optimal detector that utilizes complete private user information for detection.

Original language	English
Title of host publication	Proceedings - 2020 International Symposium on Reliable Distributed Systems, SRDS 2020
Place of Publication	Piscataway, NJ
Publisher	Institute of Electrical and Electronics Engineers (IEEE)
Pages	185-194
Number of pages	10
ISBN (Electronic)	9781728176260
DOIs	https://doi.org/10.1109/SRDS51746.2020.00026
Publication status	Published - 2020
Event	39th International Symposium on Reliable Distributed Systems, SRDS 2020 - Virtual, Shanghai, China Duration: 21 Sept 2020 → 24 Sept 2020

Publication series

Name	Proceedings of the IEEE Symposium on Reliable Distributed Systems
Volume	2020-September
ISSN (Print)	1060-9857

Conference

Conference	39th International Symposium on Reliable Distributed Systems, SRDS 2020
Country/Territory	China
City	Virtual, Shanghai
Period	21/09/20 → 24/09/20

Keywords

Federated Collaborative Filtering
Shilling Attack
Attack Detection
Fake Rating

Access to Document

10.1109/SRDS51746.2020.00026

Cite this

Jiang, Y., Zhou, Y., Wu, D., Li, C., & Wang, Y. (2020). On the detection of shilling attacks in federated collaborative filtering. In Proceedings - 2020 International Symposium on Reliable Distributed Systems, SRDS 2020 (pp. 185-194). (Proceedings of the IEEE Symposium on Reliable Distributed Systems; Vol. 2020-September). Institute of Electrical and Electronics Engineers (IEEE). https://doi.org/10.1109/SRDS51746.2020.00026

Jiang, Yangfan ; Zhou, Yipeng ; Wu, Di et al. / On the detection of shilling attacks in federated collaborative filtering. Proceedings - 2020 International Symposium on Reliable Distributed Systems, SRDS 2020. Piscataway, NJ : Institute of Electrical and Electronics Engineers (IEEE), 2020. pp. 185-194 (Proceedings of the IEEE Symposium on Reliable Distributed Systems).

@inproceedings{12ac8d7191d547ff810df5db4d580018,

title = "On the detection of shilling attacks in federated collaborative filtering",

abstract = "Federated collaborative filtering (Fed-CF) is a variant of federated learning (FL) models, which can protect user privacy in recommender systems. In Fed-CF, the recommendation model is collectively trained across multiple decentralized clients by exchanging gradients only. However, the decentralized nature of Fed-CF makes it vulnerable to shilling attacks, which can be realized by inserting fake ratings of target items to distort recommendation results. Unfortunately, previous detection algorithms cannot work well in the FL framework, as all original data samples are not disclosed at all. In this paper, we are the first to systematically study the problem of shilling attacks in the context of federated learning, and propose an effective detection method called Federated Shilling Attack Detector (FSAD) to detect shilling attackers in Fed-CF. We first show the feasibility of shilling attacks in Fed-CF. Next, we dedicatedly design four novel features based on exchanged gradients among clients. By incorporating these gradient-based features, we train a semi-supervised Bayes classifier to identify shilling attackers effectively. Finally, we conduct extensive experiments based on real-world datasets to evaluate the performance of our proposed FSAD method. The experimental results show that FSAD can detect shilling attackers in Fed-CF with high accuracy, with the F1 value as high as 0.90 on the Netflix dataset, which approaches the performance of the optimal detector that utilizes complete private user information for detection. ",

keywords = "Federated Collaborative Filtering, Shilling Attack, Attack Detection, Fake Rating",

author = "Yangfan Jiang and Yipeng Zhou and Di Wu and Chao Li and Yan Wang",

year = "2020",

doi = "10.1109/SRDS51746.2020.00026",

language = "English",

series = "Proceedings of the IEEE Symposium on Reliable Distributed Systems",

publisher = "Institute of Electrical and Electronics Engineers (IEEE)",

pages = "185--194",

booktitle = "Proceedings - 2020 International Symposium on Reliable Distributed Systems, SRDS 2020",

address = "United States",

note = "39th International Symposium on Reliable Distributed Systems, SRDS 2020 ; Conference date: 21-09-2020 Through 24-09-2020",

}

Jiang, Y, Zhou, Y, Wu, D, Li, C & Wang, Y 2020, On the detection of shilling attacks in federated collaborative filtering. in Proceedings - 2020 International Symposium on Reliable Distributed Systems, SRDS 2020. Proceedings of the IEEE Symposium on Reliable Distributed Systems, vol. 2020-September, Institute of Electrical and Electronics Engineers (IEEE), Piscataway, NJ, pp. 185-194, 39th International Symposium on Reliable Distributed Systems, SRDS 2020, Virtual, Shanghai, China, 21/09/20. https://doi.org/10.1109/SRDS51746.2020.00026

On the detection of shilling attacks in federated collaborative filtering. / Jiang, Yangfan; Zhou, Yipeng; Wu, Di et al.
Proceedings - 2020 International Symposium on Reliable Distributed Systems, SRDS 2020. Piscataway, NJ: Institute of Electrical and Electronics Engineers (IEEE), 2020. p. 185-194 (Proceedings of the IEEE Symposium on Reliable Distributed Systems; Vol. 2020-September).

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution › peer-review

TY - GEN

T1 - On the detection of shilling attacks in federated collaborative filtering

AU - Jiang, Yangfan

AU - Zhou, Yipeng

AU - Wu, Di

AU - Li, Chao

AU - Wang, Yan

PY - 2020

Y1 - 2020

N2 - Federated collaborative filtering (Fed-CF) is a variant of federated learning (FL) models, which can protect user privacy in recommender systems. In Fed-CF, the recommendation model is collectively trained across multiple decentralized clients by exchanging gradients only. However, the decentralized nature of Fed-CF makes it vulnerable to shilling attacks, which can be realized by inserting fake ratings of target items to distort recommendation results. Unfortunately, previous detection algorithms cannot work well in the FL framework, as all original data samples are not disclosed at all. In this paper, we are the first to systematically study the problem of shilling attacks in the context of federated learning, and propose an effective detection method called Federated Shilling Attack Detector (FSAD) to detect shilling attackers in Fed-CF. We first show the feasibility of shilling attacks in Fed-CF. Next, we dedicatedly design four novel features based on exchanged gradients among clients. By incorporating these gradient-based features, we train a semi-supervised Bayes classifier to identify shilling attackers effectively. Finally, we conduct extensive experiments based on real-world datasets to evaluate the performance of our proposed FSAD method. The experimental results show that FSAD can detect shilling attackers in Fed-CF with high accuracy, with the F1 value as high as 0.90 on the Netflix dataset, which approaches the performance of the optimal detector that utilizes complete private user information for detection.

AB - Federated collaborative filtering (Fed-CF) is a variant of federated learning (FL) models, which can protect user privacy in recommender systems. In Fed-CF, the recommendation model is collectively trained across multiple decentralized clients by exchanging gradients only. However, the decentralized nature of Fed-CF makes it vulnerable to shilling attacks, which can be realized by inserting fake ratings of target items to distort recommendation results. Unfortunately, previous detection algorithms cannot work well in the FL framework, as all original data samples are not disclosed at all. In this paper, we are the first to systematically study the problem of shilling attacks in the context of federated learning, and propose an effective detection method called Federated Shilling Attack Detector (FSAD) to detect shilling attackers in Fed-CF. We first show the feasibility of shilling attacks in Fed-CF. Next, we dedicatedly design four novel features based on exchanged gradients among clients. By incorporating these gradient-based features, we train a semi-supervised Bayes classifier to identify shilling attackers effectively. Finally, we conduct extensive experiments based on real-world datasets to evaluate the performance of our proposed FSAD method. The experimental results show that FSAD can detect shilling attackers in Fed-CF with high accuracy, with the F1 value as high as 0.90 on the Netflix dataset, which approaches the performance of the optimal detector that utilizes complete private user information for detection.

KW - Federated Collaborative Filtering

KW - Shilling Attack

KW - Attack Detection

KW - Fake Rating

UR - http://www.scopus.com/inward/record.url?scp=85097750003&partnerID=8YFLogxK

UR - http://purl.org/au-research/grants/arc/DE180100950

U2 - 10.1109/SRDS51746.2020.00026

DO - 10.1109/SRDS51746.2020.00026

M3 - Conference proceeding contribution

AN - SCOPUS:85097750003

T3 - Proceedings of the IEEE Symposium on Reliable Distributed Systems

SP - 185

EP - 194

BT - Proceedings - 2020 International Symposium on Reliable Distributed Systems, SRDS 2020

PB - Institute of Electrical and Electronics Engineers (IEEE)

CY - Piscataway, NJ

T2 - 39th International Symposium on Reliable Distributed Systems, SRDS 2020

Y2 - 21 September 2020 through 24 September 2020

ER -

Jiang Y, Zhou Y, Wu D, Li C, Wang Y. On the detection of shilling attacks in federated collaborative filtering. In Proceedings - 2020 International Symposium on Reliable Distributed Systems, SRDS 2020. Piscataway, NJ: Institute of Electrical and Electronics Engineers (IEEE). 2020. p. 185-194. (Proceedings of the IEEE Symposium on Reliable Distributed Systems). doi: 10.1109/SRDS51746.2020.00026

On the detection of shilling attacks in federated collaborative filtering

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Building Intelligence into Online Video Services by Learning User Interests

Cite this

On the detection of shilling attacks in federated collaborative filtering

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Projects

Building Intelligence into Online Video Services by Learning User Interests

Cite this