Exposing Private User Behaviors of Collaborative Filtering via Model Inversion Techniques-Reference-Cited by-同舟云学术

Exposing Private User Behaviors of Collaborative Filtering via Model Inversion Techniques

Published:2020-07-01 Issue:3 Volume:2020 Page:264-283
ISSN:2299-0984
Container-title:Proceedings on Privacy Enhancing Technologies
language:en
Short-container-title:

Author:

Hidano Seira¹,Murakami Takao²,Katsumata Shuichi²,Kiyomoto Shinsaku³,Hanaoka Goichiro²

Affiliation:

1. KDDI Research, Inc .

2. National Institute of Advanced Industrial Science and Technology (AIST)

3. KDDI Research, Inc.

Abstract

Abstract Privacy risks of collaborative filtering (CF) have been widely studied. The current state-of-theart inference attack on user behaviors (e.g., ratings/purchases on sensitive items) for CF is by Calandrino et al. (S&P, 2011). They showed that if an adversary obtained a moderate amount of user’s public behavior before some time T, she can infer user’s private behavior after time T. However, the existence of an attack that infers user’s private behavior before T remains open. In this paper, we propose the first inference attack that reveals past private user behaviors. Our attack departs from previous techniques and is based on model inversion (MI). In particular, we propose the first MI attack on factorization-based CF systems by leveraging data poisoning by Li et al. (NIPS, 2016) in a novel way. We inject malicious users into the CF system so that adversarialy chosen “decoy” items are linked with user’s private behaviors. We also show how to weaken the assumption made by Li et al. on the information available to the adversary from the whole rating matrix to only the item profile and how to create malicious ratings effectively. We validate the effectiveness of our inference algorithm using two real-world datasets.

Publisher

Walter de Gruyter GmbH

Subject

General Medicine

Link

https://www.sciendo.com/pdf/10.2478/popets-2020-0052

Reference70 articles.

1. [1] Chaabane Abdelberi, Gergely Ács, and Mohamed Ali Kâafar. You are what you like! Information leakage through users’ interests. In Proceedings of the 19th Annual Network and Distributed System Security Symposium (NDSS), 2012.

2. [2] Scott Alfeld, Xiaojin Zhu, and Paul Barford. Data poisoning attacks against autoregressive models. In Proceedings of the 30th AAAI Conference on Artificial Intelligence (AAAI), pages 1452–1458, 2016.

3. [3] Battista Biggio, Giorgio Fumera, and Fabio Roli. Security evaluation of pattern classifiers under attack. IEEE Transactions on Knowledge and Data Engineering, 26(4):984–996, 2014.

4. [4] Battista Biggio, Blaine Nelson, and Pavel Laskov. Poisoning attacks against support vector machines. In Proceedings of the 29th International Conference on Machine Learning (ICML), 2012.

5. [5] Vincent Bindschaedler, Reza Shokri, and Carl A. Gunter. Plausible deniability for privacy-preserving data synthesis. Proceedings of the VLDB Endowment, 10(5):481–492, 2017.

Cited by 1 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Exploring Privacy-Preserving Techniques on Synthetic Data as a Defense Against Model Inversion Attacks;Lecture Notes in Computer Science;2023