Statistical attack detection

It has been shown in recent years that effective profile injection or shilling attacks can be mounted on standard recommendation algorithms. These attacks consist of the insertion of bogus user profiles into the system database in order to manipulate the recommendation output, for example to promote or demote the predicted ratings for a particular product. A number of attack models have been proposed and some detection strategies to identify these attacks have been empirically evaluated. In this paper we show that the standard attack models can be readily detected using statistical detection techniques. We argue that insufficient consideration of the effectiveness of attacks under a constraint of statistical invariance has been taken in past research. In fact, it is possible to create effective attacks that are undetectable using the detection strategies proposed to date, including the PCA-based clustering strategy which has shown excellent performance against standard attacks. Nevertheless, these more advanced attacks can also be detected with careful design of a statistical detector. The question posed for future research is whether attack models that produce effective attack profiles that are statistically identical to genuine profiles are really possible.

[1]  Neil J. Hurley,et al.  An Evaluation of Neighbourhood Formation on the Performance of Collaborative Filtering , 2004, Artificial Intelligence Review.

[2]  Bamshad Mobasher,et al.  Classification features for attack detection in collaborative recommender systems , 2006, KDD '06.

[3]  John F. Canny,et al.  Collaborative filtering with privacy via factor analysis , 2002, SIGIR '02.

[4]  Bamshad Mobasher,et al.  Defending recommender systems: detection of profile injection attacks , 2007, Service Oriented Computing and Applications.

[5]  Padraig Cunningham,et al.  Unsupervised retrieval of attack profiles in collaborative recommender systems , 2008, RecSys '08.

[6]  R. Burke,et al.  Detection of Obfuscated Attacks in Collaborative Recommender Systems 1 , 2006 .

[7]  Chrysanthos Dellarocas,et al.  Immunizing online reputation reporting systems against unfair ratings and discriminatory behavior , 2000, EC '00.

[8]  Neil J. Hurley,et al.  Promoting Recommendations: An Attack on Collaborative Filtering , 2002, DEXA.

[9]  Bhaskar Mehta,et al.  Unsupervised strategies for shilling detection and robust collaborative filtering , 2009, User Modeling and User-Adapted Interaction.

[10]  Paul Resnick,et al.  The influence limiter: provably manipulation-resistant recommender systems , 2007, RecSys '07.

[11]  John Riedl,et al.  Shilling recommender systems for fun and profit , 2004, WWW '04.

[12]  Wolfgang Nejdl,et al.  Preventing shilling attacks in online recommender systems , 2005, WIDM '05.

[13]  Bamshad Mobasher,et al.  Model-Based Collaborative Filtering as a Defense against Profile Injection Attacks , 2006, AAAI.

[14]  Thomas Hofmann,et al.  Lies and propaganda: detecting spam users in collaborative filtering , 2007, IUI '07.

[15]  George Karypis,et al.  Multilevel k-way Partitioning Scheme for Irregular Graphs , 1998, J. Parallel Distributed Comput..

[16]  M E J Newman,et al.  Modularity and community structure in networks. , 2006, Proceedings of the National Academy of Sciences of the United States of America.

[17]  Bamshad Mobasher,et al.  Towards Trustworthy Recommender Systems : An Analysis of Attack Models and Algorithm Robustness , 2007 .