| Recommender systems are application that mines users’ potential interests and complete accurate recommendations based on their historical preferences,which is used to solve the problem of Information overload.At present,recommendation systems have been widely used in our daily necessities and bring great convenience to our lives.However,since recommender systems need to utilize a large amount of user data,there is an inevitable risk of privacy leakage.With the increasing user privacy issues in recent years,the privacy issues of recommender systems have also begun to attract the attention.Membership inference attack attracts the most attention because they can attack user’s membership attribute information under black box conditions.In the process of membership inference attack,the attacker mainly judges the membership properties by the difference between the model prediction on training data and non-training data.This paper studies the membership privacy problem in recommender systems from the perspective of attack and defense.The main research results are as follows:On the attack side,this paper proposes a membership inference attack method based on adversarial thinking.At present,there are few studies about membership inference attacks on recommender systems.When the recommender system adopts different combinations of personalized recommendation algorithm and non-personalized recommendation algorithm,the attack effect is not stable.In order to solve existing problems,this paper proposes a membership inference attack method that has both robustness and attack utility.Firstly,this paper proposes an adversarial example generation method that is suitable for membership inference attacks in recommendation systems.We simulate the perturbations existing in the input data by adding regular perturbations to the personalized recommendation algorithm and generate adversarial examples for the attack model.Secondly,we improve the robustness of the attack model by adversarial training between the adversarial example generation model and the attack model.Experiments show that this algorithm can achieve better attack results than existing methods when the recommendation system uses different combinations of personalized recommendation algorithms and non-personalized recommendation algorithms.On the defense side,this paper proposes a recommendation algorithm which combines membership protection mechanisms.According to the research,there is no effective protection method for membership inference attacks in the recommendation system.In order to protect the user’s membership attribute information in the recommendation system,this paper considers the membership privacy protection of the recommender system for the first time and proposes a recommendation algorithm that can protect membership privacy We consider the member privacy problem in the recommender system explicitly by unifying the member privacy protection capability into the objective function of the recommendation model.In our method,the recommendation utility and privacy protection ability of the recommendation model are translated to a minmax optimization problem.Besides,an adversarial training algorithm is designed.Through the adversarial training between the membership inference attack model and the recommendation model,we minimize the recommendation loss of the model and reduce the gain of the attack model simultaneously.Finally,a recommendation algorithm with both recommendation utility and privacy protection ability is obtained.Experiments show that the algorithm can effectively protect the user’s membership information with low recommendation utility loss. |
PDF Full Text Request