2011 IEEE Symposium on Security and Privacy “You Might Also Like:” Privacy Risks of Collaborative Filtering

Many commercial websites use recommender systems to help customers locate products and content. Modern recommenders are based on collaborative filtering: they use patterns learned from users' behavior to make recommendations, usually in the form of related-items lists. The scale and complexity of these systems, along with the fact that their outputs reveal only relationships between items (as opposed to information about users), may suggest that they pose no meaningful privacy risk. In this paper, we develop algorithms which take a moderate amount of auxiliary information about a customer and infer this customer's transactions from temporal changes in the public outputs of a recommender system. Our inference attacks are passive and can be carried out by any Internet user. We evaluate their feasibility using public data from popular websites Hunch, Last. fm, Library Thing, and Amazon.

[1]  Wenliang Du,et al.  Privacy-preserving top-N recommendation on horizontally partitioned data , 2005, The 2005 IEEE/WIC/ACM International Conference on Web Intelligence (WI'05).

[2]  Vitaly Shmatikov,et al.  Robust De-anonymization of Large Sparse Datasets , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[3]  Bhaskar Mehta,et al.  Unsupervised strategies for shilling detection and robust collaborative filtering , 2009, User Modeling and User-Adapted Interaction.

[4]  Robin Burke,et al.  Effective Attack Models for Shilling Item-Based Collaborative Filtering Systems , 2005 .

[5]  Ilya Mironov,et al.  Differentially private recommender systems: building privacy into the net , 2009, KDD.

[6]  John F. Canny,et al.  Collaborative filtering with privacy , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[7]  Cynthia Dwork,et al.  Differential Privacy: A Survey of Results , 2008, TAMC.

[8]  Reza Shokri,et al.  Preserving privacy in collaborative filtering through distributed aggregation of offline profiles , 2009, RecSys '09.

[9]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[10]  Ashwin Machanavajjhala,et al.  Personalized Social Recommendations - Accurate or Private? , 2011, Proc. VLDB Endow..

[11]  Vitaly Shmatikov,et al.  De-anonymizing Social Networks , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[12]  Ilya Mironov,et al.  Differentially private recommender systems , 2009 .

[13]  Robert Garfinkel,et al.  Empirical Analysis of the Business Value of Recommender Systems , 2006 .

[14]  Adilson Borges,et al.  Toward a new supermarket layout : from industrial categories to one stop shopping organization through a data mining approach , 2004 .

[15]  Tsan-sheng Hsu,et al.  Privacy-Preserving Collaborative Recommender Systems , 2010, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[16]  George Karypis,et al.  Item-based top-N recommendation algorithms , 2004, TOIS.

[17]  Greg Linden,et al.  Amazon . com Recommendations Item-to-Item Collaborative Filtering , 2001 .

[18]  John Riedl,et al.  You are what you say: privacy risks of public mentions , 2006, SIGIR '06.

[19]  Naren Ramakrishnan,et al.  Privacy Risks in Recommender Systems , 2001, IEEE Internet Comput..

[20]  Irit Dinur,et al.  Revealing information while preserving privacy , 2003, PODS.

[21]  Elaine Shi,et al.  Private and Continual Release of Statistics , 2010, TSEC.

[22]  Yehuda Koren,et al.  The BellKor solution to the Netflix Prize , 2007 .

[23]  Haixu Tang,et al.  Learning your identity and disease from research papers: information leaks in genome wide association study , 2009, CCS.

[24]  S. Nelson,et al.  Resolving Individuals Contributing Trace Amounts of DNA to Highly Complex Mixtures Using High-Density SNP Genotyping Microarrays , 2008, PLoS genetics.

[25]  John Riedl,et al.  Item-based collaborative filtering recommendation algorithms , 2001, WWW '01.

[26]  Moni Naor,et al.  Differential privacy under continual observation , 2010, STOC '10.

[27]  Gediminas Adomavicius,et al.  Toward the next generation of recommender systems: a survey of the state-of-the-art and possible extensions , 2005, IEEE Transactions on Knowledge and Data Engineering.

[28]  Ian H. Witten,et al.  Generating Accurate Rule Sets Without Global Optimization , 1998, ICML.

[29]  AdomaviciusGediminas,et al.  Toward the Next Generation of Recommender Systems , 2005 .

[30]  Calton Pu,et al.  Large Online Social Footprints--An Emerging Threat , 2009, 2009 International Conference on Computational Science and Engineering.