Enhancing the robustness of neural collaborative filtering systems under malicious attacks

Du, Y; Fang, M; Yi, J; Xu, C; Cheng, J; Tao, D

Enhancing the robustness of neural collaborative filtering systems under malicious attacks

Du, Y

Fang, M

Yi, J Xu, C

Cheng, J Tao, D

Permalink

Publication Type:: Journal Article
Citation:: IEEE Transactions on Multimedia, 2019, 21 (3), pp. 555 - 565
Issue Date:: 2019-03-01

Open Access

Copyright Clearance Process

Recently Added
In Progress
Open Access

This item is open access.

Adobe PDF

Download Accepted Manuscript VersionAdobe PDF (373.73 kB)

View on publisher's site

View statistics

Full metadata record

Field	Value	Language
dc.contributor.author	Du, Y https://orcid.org/0000-0001-5683-2621	en_US
dc.contributor.author	Fang, M https://orcid.org/0000-0003-0793-9187	en_US
dc.contributor.author	Yi, J	en_US
dc.contributor.author	Xu, C https://orcid.org/0000-0002-4756-0609	en_US
dc.contributor.author	Cheng, J	en_US
dc.contributor.author	Tao, D https://orcid.org/0000-0001-7225-5449	en_US
dc.date.available	2021-03-31T18:01:48Z
dc.date.issued	2019-03-01	en_US
dc.identifier.citation	IEEE Transactions on Multimedia, 2019, 21 (3), pp. 555 - 565	en_US
dc.identifier.issn	1520-9210	en_US
dc.identifier.uri	http://hdl.handle.net/10453/134264
dc.description.abstract	© 2018 IEEE Recommendation systems have become ubiquitous in online shopping in recent decades due to their power in reducing excessive choices of customers and industries. Recent collaborative filtering methods based on the deep neural network are studied and introduce promising results due to their power in learning hidden representations for users and items. However, it has revealed its vulnerabilities under malicious user attacks. With the knowledge of a collaborative filtering algorithm and its parameters, the performance of this recommendation system can be easily downgraded. Unfortunately, this problem is not addressed well, and the study on defending recommendation systems is insufficient. In this paper, we aim to improve the robustness of recommendation systems based on two concepts-stage-wise hints training and randomness. To protect a target model, we introduce noise layers in the training of a target model to increase its resistance to adversarial perturbations. To reduce the noise layers' influence on model performance, we introduce intermediate layer outputs as hints from a teacher model to regularize the intermediate layers of a student target model. We consider white box attacks under which attackers have the knowledge of the target model. The generalizability and robustness properties of our method have been analytically inspected in experiments and discussions, and the computational cost is comparable to training a standard neural network-based collaborative filtering model. Through our investigation, the proposed defensive method can reduce the success rate of malicious user attacks and keep the prediction accuracy comparable to standard neural recommendation systems.	en_US
dc.relation	http://purl.org/au-research/grants/arc/LP150100671
dc.relation.ispartof	IEEE Transactions on Multimedia	en_US
dc.relation.isbasedon	10.1109/TMM.2018.2887018	en_US
dc.rights	info:eu-repo/semantics/embargoedAccess
dc.subject.classification	Artificial Intelligence & Image Processing	en_US
dc.title	Enhancing the robustness of neural collaborative filtering systems under malicious attacks	en_US
dc.type	Journal Article
utslib.citation.volume	3	en_US
utslib.citation.volume	21	en_US
utslib.for	080303 Computer System Security	en_US
utslib.for	08 Information and Computing Sciences	en_US
utslib.for	09 Engineering	en_US
pubs.embargo.period	Not known	en_US
pubs.organisational-group	/University of Technology Sydney
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology
pubs.organisational-group	/University of Technology Sydney/Students
utslib.copyright.status	open_access	*
pubs.issue	3	en_US
pubs.publication-status	Published	en_US
pubs.volume	21	en_US

Abstract:

© 2018 IEEE Recommendation systems have become ubiquitous in online shopping in recent decades due to their power in reducing excessive choices of customers and industries. Recent collaborative filtering methods based on the deep neural network are studied and introduce promising results due to their power in learning hidden representations for users and items. However, it has revealed its vulnerabilities under malicious user attacks. With the knowledge of a collaborative filtering algorithm and its parameters, the performance of this recommendation system can be easily downgraded. Unfortunately, this problem is not addressed well, and the study on defending recommendation systems is insufficient. In this paper, we aim to improve the robustness of recommendation systems based on two concepts-stage-wise hints training and randomness. To protect a target model, we introduce noise layers in the training of a target model to increase its resistance to adversarial perturbations. To reduce the noise layers' influence on model performance, we introduce intermediate layer outputs as hints from a teacher model to regularize the intermediate layers of a student target model. We consider white box attacks under which attackers have the knowledge of the target model. The generalizability and robustness properties of our method have been analytically inspected in experiments and discussions, and the computational cost is comparable to training a standard neural network-based collaborative filtering model. Through our investigation, the proposed defensive method can reduce the success rate of malicious user attacks and keep the prediction accuracy comparable to standard neural recommendation systems.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/134264