托攻击与推荐系统安全

doi:10.3969/j.issn.1000-1565.2018.06.013

摘要/Abstract

摘要： 作为一种应对“信息过载”问题的有效手段,协同过滤推荐系统被广泛应用到诸多领域. 然而托攻击的存在严重影响了推荐系统的推荐质量,因此如何保障推荐系统不受托攻击的影响已经成为推荐系统安全领域的研究热点. 本文首先介绍托攻击产生的动机及分类,然后对推荐系统中的托攻击检测技术和鲁棒推荐算法的现状进行分析,最后对推荐系统安全领域的未来发展趋势进行了展望.

关键词: 推荐系统, 协同过滤, 托攻击, 攻击检测, 鲁棒推荐

Abstract: As an effective solution for solving the problem of information overload, collaborative recommender systems have been widely applied to many fields. However, the occurrence of shilling attacks has seriously affected the quality of recommendation. Therefore, how to protect recommender systems against shilling attacks has become hotspot issue in recommender systems. This paper first introduces the motivation of shilling attacks and features of various attack models, and then analyzes the state of the art in shilling attacks detection techniques and robust collaborative recommendation algorithms in detail. Finally, the future development and research directions are discussed.

Key words: recommender systems, collaborative filtering, shilling attacks, shilling attack detection, robust recommendation

中图分类号:

TP393

田俊峰,蔡红云. 托攻击与推荐系统安全[J]. 河北大学学报(自然科学版), 2018, 38(6): 640-647.

TIAN Junfeng, CAI Hongyun. Shilling attacks and security of recommender systems[J]. Journal of Hebei University (Natural Science Edition), 2018, 38(6): 640-647.

参考文献

[1] AKHIL P V, SHELBI JOSEPH. A survey of recommender system types and its classification [J]. International Journal of Advanced Research in Computer Science, 2017,8(9): 486-491. DOI:10.26483/ijarcs.v8i9.5017.
[2] KUNAVER M, POŽRL T. Diversity in recommender systems-A survey[J]. Knowledge-Based Systems, 2017, 123:154-162. DOI: 10.1016/j.knosys.2017.02.009.
[3] YIN H, ZHOU X F, CUI B, et al. Adapting to user interest drift for POI recommendation [J]. IEEE Transactions on Knowledge and Data Engineering, 2016, 28(10): 2566-2581. DOI:10.1109/tkde.2016.2580511.
[4] GUNES I, KALELI C, BILGE A, et al. Shilling attacks against recommender systems: a comprehensive survey [J]. Artificial Intelligence Review, 2014, 42(4): 767-799. doi:10.1007/s10462-012-9364-9.
[5] YANG L, HUANG W, NIU X. Defending shilling attacks in recommender systems using soft co-clustering[J]. Iet Information Security, 2017, 11(6):319-325. DOI: 10.1049/iet-ifs.2016.0345.
[6] 2014-Nineteen companies found guilty of writing fake consumer reviews [EB/OL].http://www.heralddeparis.com/nineteen-companies-found-guilty-of-writing-fake-consumer-reviews/232920.
[7] HURLEY N, CHENG Z, ZHANG M. Statistical attack detection [C] // The third ACM conference on Recommender systems, ACM, 2009: 149-156. DOI:10.1145/1639714.1639740.
[8] 伍之昂, 王有权, 曹杰. 推荐系统托攻击模型与检测技术[J]. 科学通报, 2014,59(7): 551-560. WU Z A, WANG Y Q, CAO J. A survey on shilling attack models and detection techniques for recommender systems[J]. Chinese Science Bulletin, 2014,59(7): 551-560.
[9] KAUR P, GOEL S. Shilling attack models in recommender system [C] // International Conference on Inventive Computation Technologies, IEEE, 2017:1-5. DOI:10.1109/INVENTIVE.2016.7824865.
[10] RICCI F, ROKACH L, SHAPIRA B, et al. Recommender systems handbook [M]. Springer, New York, USA, 2015. DOI:10.1007/978-1-4899-7637-6.
[11] LAM S K, RIEDI J. Shilling recommender systems for fun and profit [C] // International Conference on World Wide Web, ACM, 2004: 393-402. DOI:10.1145/988672.988726.
[12] WILLIAMS C A, MOBASHER B, BURKE R. Defending recommender systems: detection of profile injection attacks [J]. Service Oriented Computing & Applications, 2007, 1(3): 157-170. DOI:10.1007/s11761-007-0013-0.
[13] MOBASHER B, BURKE R, BHAUMIK R, et al. Effective attack models for shilling item-based collaborative filtering system [C] // Proceedings of the Webkdd Workshop, 2005.
[14] SEMINARIO C E, WILSON D C. Assessing impacts of a power user attack on a matrix factorization collaborative recommender system [C] // Florida Artificial Intelligence Research Society Conference, 2014: 81-86.
[15] SEMINARIO C E, WILSON D C. Attacking item-based recommender systems with power items [C] // ACM Conference on Recommender Systems, 2014: 57-64. DOI:10.1145/2645710.2645722.
[16] WILLIAMS C, MOBASHER B, BURKE R, et al. Detection of obfuscated attacks in collaborative recommender systems [C] // Proceedings of the 17th European Conference on Artifical Intelligence, 2006:1-5.
[17] SU X, ZHENG H, CHEN Z. Finding group shilling in recommendation system [C] // International Conference on World Wide Web. ACM, 2005: 960-961. DOI: 10.1145/1062745.1062818.
[18] WANG Y Q, WU Z A, CAO J, et al. Towards a tricksy group shilling attack model against recommender systems [C] //Advanced Data Mining and Applications, Springer Berlin Heidelberg, 2012: 675-688. DOI: 10.1007/978-3-642-35527-1_56.
[19] BURKE R, MOBASHER B, WILLIAMS C, et al. Classification features for attack detection in collaborative recommender systems[C] // ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, ACM, 2006: 542-547. DOI:10.1145/1150402.1150465.
[20] 伍之昂,庄毅,王有权,等. 基于特征选择的推荐系统欺诈攻击检测算法[J].电子学报, 2012,40(8): 1687-1693. WU Z A, ZHUANG Y, WANG Y Q, et al. Shilling attack detection based on features selection for recommendation systems[J]. Acta Electronica Sinica, 2012, 40(8): 1687-1693.
[21] 李文涛,高旻,李华,等.一种基于流行度分类特征的欺诈攻击检测算法[J].自动化学报, 2015,41(9): 1563-1575. DOI: 10.16383/j.aas.2015.c150040. LI W T, GAO M, LI H, et al. An shilling attack detection algorithm based on popularity degree features [J].Acta Automatica Sinica, 2015,41(9): 1563-1575. DOI: 10.16383/j.aas.2015.c150040.
[22] ZHANG F Z, ZHOU Q Q. HHT-SVM: An online method for detecting profile injection attacks in collaborative recommender systems [J]. Knowledge-Based Systems, 2014, 65: 96-105. DOI:10.1016/j.knosys.2014.04.020.
[23] YANG Z, LIN X, CAI Z, et al. Re-scale AdaBoost for attack detection in collaborative filtering recommender systems [J]. Knowledge-Based Systems, 2016(100): 74-88. DOI:10.1016/j.knosys.2016.02.008.
[24] ZHANG F Z, CHEN H H. An ensemble method for detecting shilling attacks based on ordered item sequences [J]. Security and Communication Networks, 2016, 9(7):680-696. DOI:10.1002/sec.1389.
[25] ZHOU Q. Supervised approach for detecting average over popular items attack in collaborative recommender systems [J]. IET Information Security, 2016, 10(3): 134-141. DOI:10.1049/iet-ifs.2015.0067.
[26] ZHOU W, WEN J, XIONG Q, et al. SVM-TIA a shilling attack detection method based on SVM and target item analysis in recommender systems [J]. Neurocomputing, 2016, 210(C): 197-205. DOI:10.1016/j.neucom.2015.12.137.
[27] 周全强, 张付志, 刘文远. 基于仿生模式识别的未知推荐攻击检测[J]. 软件学报, 2014(11): 2652-2665. DOI: 10.13328/j.cnki.jos.004550. ZHOU Q Q, ZHANG F Z, LIU W Y. Detecting unknown recommendation attacks based on bionic pattern recognition [J]. Journal of Software, 2014(11): 2652-2665. DOI: 10.13328/j.cnki.jos.004550.
[28] CAO J, WU Z, MAO B, et al. Shilling attack detection utilizing semi-supervised learning method for collaborative recommender system [J]. World Wide Web-internet & Web Information Systems, 2013, 16(5-6): 729-748. DOI:10.1007/s11280-012-0164-6.
[29] WU Z, WU J, CAO J, et al. HySAD: a semi-supervised hybrid shilling attack detector for trustworthy product recommendation [C] // 18th ACM SIGKDD international conference on Knowledge discovery and data mining. ACM, 2012: 985-993. DOI:10.1145/2339530.2339684.
[30] ZHANG L, YUAN Y, WU Z, et al., Semi-SGD: Semi-supervised learning based spammer group detection in product reviews [C] // Fifth International Conference on Advanced Cloud and Big Data, IEEE, 2017: 368-373. DOI:10.1109/CBD.2017.70.
[31] ZHANG L, WU Z, CAO J. Detecting spammer groups from product reviews: A partially supervised learning model [J]. IEEE Access, 2018,6: 2559-2568. DOI:10.1109/ACCESS.2017.2784370.
[32] MEHTA B, NEJDL W. Attack resistant collaborative filtering [C] // International ACM SIGIR Conference on Research & Development in Information Retrieval. ACM, 2008: 75-82. DOI:10.1145/1390334.1390350.
[33] MEHTA B, NEJDL W. Unsupervised strategies for shilling detection and robust collaborative filtering [J]. User Modeling and User-Adapted Interaction, 2009, 19(1-2): 65-97. DOI:10.1007/s11257-008-9050-4.
[34] BRYAN K, O’MAHONY M. Unsupervised retrieval of attack profiles in collaborative recommender systems [C] // ACM Conference on Recommender Systems, ACM, 2008: 155-162. DOI:10.1145/1454008.1454034.
[35] LEE J, ZHU D. Shilling attack detection—A new approach for a trustworthy recommender system [J]. Informs J Comput, 2012, 24: 117-131. DOI:10.1287/ijoc.1100.0440.
[36] ZOU J, FEKRI F. A belief propagation approach for detecting shilling attacks in collaborative filtering [C] // ACM International Conference on Conference on Information & Knowledge Management. ACM, 2013: 1837-1840. DOI:10.1145/2505515.2507875
[37] ZHANG Z, KULKARNI S R. Graph-based detection of shilling attacks in recommender systems [C] // IEEE International Workshop on Machine Learning for Signal Processing(MLSP), IEEE, 2013: 1-6. DOI:10.1109/MLSP.2013.6661953.
[38] ZHANG Z, KULKARNI S R. Detection of shilling attacks in recommender systems via spectral clustering [C] // 17th International Conference on Information Fusion(FUSION), IEEE, 2014: 1-8.
[39] ZHANG Y, TAN Y, ZHANG M, et al. Catch the black sheep: unified framework for shilling attack detection based on fraudulent action propagation [C] // 24th International Conference on Artificial Intelligence, AAAI Press, 2015: 2408-2414.
[40] YANG Z, CAI Z, GUAN X. Estimating user behavior toward detecting anomalous ratings in rating systems [J]. Knowledge-Based Systems, 2016, 111: 144-158. DOI:10.1016/j.knosys.2016.08.011.
[41] YANG Z, CAI Z, YUAN Y. Spotting anomalous ratings for rating systems by analyzing target users and items [J]. Neurocomputing, 2017, 240: 25-46. DOI:10.1016/j.neucom.2017.02.052.
[42] ZHANG F, ZHANG Z, ZHANG P, et al. UD-HMM: An unsupervised method for shilling attack detection based on hidden Markov model and hierarchical clustering [J]. Knowledge-Based Systems, 2018, 148: 146-166. DOI:10.1016/j.knosys.2018.02.032.
[43] O’MAHONY M P, HURLEY N J, SILVERSTRE G C M. An evaluation of neighbourhood formation on the performance of collaborative filtering [J]. Artificial Intelligence Review, 2004, 21(3-4): 215-228. DOI:10.1023/b:aire.0000036256.39422.25.
[44] 杜永萍, 黄亮, 何明. 融合信任计算的协同过滤推荐方法[J]. 模式识别与人工智能, 2014, 27(5): 417-425. DOI: 10.16451/j.cnki.issn1003-6059.2014.05.004. DU Y P, HUANG L, HE M. Collaborative filteration recommendation algorithm based on trust computation[J]. PR & AI, 2014, 27(5): 417-425. DOI: 10.16451/j.cnki.issn1003-6059.2014.05.004.
[45] 贾冬艳, 张付志. 基于双重邻居选取策略的协同过滤推荐算法[J]. 计算机研究与发展, 2013, 50(5): 1076-1084. JIA D Y, ZHANG F Z. A collaborative filtering recommendation algorithm based on double neighbor choosing strategy[J]. Journal of Computer Research and Development, 2013, 50(5): 1076-1084.
[46] 黄世平, 黄晋, 陈健,等. 自动建立信任的防攻击推荐算法研究[J]. 电子学报, 2013, 41(2): 382-387. HUANG S P, HUANG J, CHEN J, et al. Anti-attack recommender algorithm based on automatic trust establishment[J]. Acta Electronica Sinica, 2013, 41(2): 382-387.
[47] YI H, ZHANG F. A robust collaborative recommendation algorithm based on k-distance and Tukey M-estimator [J]. China Communications, 2014, 11(9): 119-130. DOI:10.1109/CC.2014.6969776.
[48] YI H, ZHANG F. Robust recommendation method based on suspicious users measurement and multidimensional trust [J]. Journal of Intelligent Information Systems, 2016, 46(2): 349-367. DOI:10.1007/s10844-015-0375-2.
[49] MEHTA B, HOFMANN T, NEJDL W. Robust collaborative filtering[C] // Proceedings of the 2007 ACM Conference on Recommender Systems, Minneapolis, Minnesota, USA, ACM, 2007: 49-56. DOI:10.1145/1297231.1297240.
[50] MEHTA B, HOFMANN T. A survey of attack-resistant collaborative filtering algorithms[J]. Bulletin of the Technical Committee on Data Engineering, 2008, 31(2): 14-22.
[51] MEHTA B, NEJDL W. Attack resistant collaborative filtering[C] // Proceedings of the 31st Annual International ACM SIGIR Conference on Research and Development in Information Retrieval, Singapore. ACM, 2008: 75-82. DOI: 10.1145/1390334.1390350.
[52] KARATZOGLOU A, WEIMER M. Quantile matrix factorization for collaborative filtering[C] // 11th International Conference on Electronic Commerce and Web Technologies, Bilbao, Spain, Springer, 2010: 253-264. DOI: 10.1007/978-3-642-15208-5_23.
[53] ZHANG F, SUN S, YI H. Robust collaborative recommendation algorithm based on kernel function and welsch reweighted M-estimator[J]. IET Information Security, 2015, 9(5): 257-265. DOI: 10.1049/iet-ifs.2014.0488.
[54] 张燕平, 张顺, 钱付兰, 等. 基于用户声誉的鲁棒协同推荐算法[J]. 自动化学报, 2015, 41(5): 1004-1012. DOI:10.16383/j.aas.2015.c140073. ZHANG Y P, ZHANG S, QIAN F L, et al. Robust collaborative recommendation algorithm based on user’s reputation[J]. Acta Automatica Sinica, 2015, 41(5): 1004-1012. DOI:10.16383/j.aas.2015.c140073.
[55] YU H T, GAO R B, WANG K, et al. A novel robust recommendation method based on kernel matrix factorization [J]. Journal of Intelligent & Fuzzy Systems, 2017, 32(3):2101-2109. DOI: 10.3233/jifs-161705.
[56] 伊华伟, 张付志, 巢进波. 基于模糊核聚类和支持向量机的鲁棒协同推荐算法[J]. 电子与信息学报, 2017, 39(8):1942-1949. YI H W, ZHANG F Z, CHAO J B. Robust collaborative recommendation algorithm based on fuzzy kernel clustering and support vector machine[J]. Journal of Electronics & Information Technology, 2017, 39(8):1942-1949.
[57] XU C, ZHANG J, LONG C, et al. Uncovering collusive spammers in Chinese review websites [C] // ACM International Conference on Conference on Information & Knowledge Management, ACM, 2013: 979-988. DOI: 10.1145/2505515.2505700.