Abstract
Recommender systems based on collaborative filtering are highly vulnerable to data poisoning attacks, where a determined attacker injects fake users with false user-item feedback, with an objective to either corrupt the recommender system or promote/demote a target set of items. Recently, differential privacy was explored as a defense technique against data poisoning attacks in the typical machine learning setting. In this paper, we study the effectiveness of differential privacy against such attacks on matrix factorization based collaborative filtering systems. Concretely, we conduct extensive experiments for evaluating robustness to injection of malicious user profiles by simulating common types of shilling attacks on real-world data and comparing the predictions of typical matrix factorization with differentially private matrix factorization.
Author supplied keywords
Cite
CITATION STYLE
Wadhwa, S., Agrawal, S., Chaudhari, H., Sharma, D., & Achan, K. (2020). Data Poisoning Attacks against Differentially Private Recommender Systems. In SIGIR 2020 - Proceedings of the 43rd International ACM SIGIR Conference on Research and Development in Information Retrieval (pp. 1617–1620). Association for Computing Machinery, Inc. https://doi.org/10.1145/3397271.3401301
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
