Search engine for discovering works of Art, research articles, and books related to Art and Culture
Javascript must be enabled to continue!
Manipulating Visually Aware Federated Recommender Systems and Its Countermeasures
View through CrossRef
Federated recommender systems (FedRecs) have been widely explored recently due to their capability to safeguard user data privacy. These systems enable a central server to collaboratively learn recommendation models by sharing public parameters with clients, providing privacy-preserving solutions. However, this collaborative approach also creates a vulnerability that allows adversaries to manipulate FedRecs. Existing works on FedRec security already reveal that items can easily be promoted by malicious users via model poisoning attacks, but all of them mainly focus on FedRecs with only collaborative information (i.e., user–item interactions). We contend that these attacks are effective primarily due to the data sparsity of collaborative signals. In light of this, we propose a method to address data sparsity and model poisoning threats by incorporating product visual information. Intriguingly, our empirical findings demonstrate that the inclusion of visual information renders all existing model poisoning attacks ineffective.Nevertheless, the integration of visual information also introduces a new avenue for adversaries to manipulate federated recommender systems, as this information typically originates from external sources. To assess such threats, we propose a novel form of poisoning attack tailored for visually aware FedRecs, namely image poisoning attacks, where adversaries can gradually modify the uploaded image with human-unaware perturbations to manipulate item ranks during the FedRecs’ training process. Moreover, we provide empirical evidence showcasing a heightened threat when image poisoning attacks are combined with model poisoning attacks, resulting in easier manipulation of the federated recommendation systems. To ensure the safe utilization of visual information, we employ a diffusion model in visually aware FedRecs to purify each uploaded image and detect the adversarial images. Extensive experiments conducted with two FedRecs on two datasets demonstrate the effectiveness and generalization of our proposed attacks and defenses.
Association for Computing Machinery (ACM)
Title: Manipulating Visually Aware Federated Recommender Systems and Its Countermeasures
Description:
Federated recommender systems (FedRecs) have been widely explored recently due to their capability to safeguard user data privacy.
These systems enable a central server to collaboratively learn recommendation models by sharing public parameters with clients, providing privacy-preserving solutions.
However, this collaborative approach also creates a vulnerability that allows adversaries to manipulate FedRecs.
Existing works on FedRec security already reveal that items can easily be promoted by malicious users via model poisoning attacks, but all of them mainly focus on FedRecs with only collaborative information (i.
e.
, user–item interactions).
We contend that these attacks are effective primarily due to the data sparsity of collaborative signals.
In light of this, we propose a method to address data sparsity and model poisoning threats by incorporating product visual information.
Intriguingly, our empirical findings demonstrate that the inclusion of visual information renders all existing model poisoning attacks ineffective.
Nevertheless, the integration of visual information also introduces a new avenue for adversaries to manipulate federated recommender systems, as this information typically originates from external sources.
To assess such threats, we propose a novel form of poisoning attack tailored for visually aware FedRecs, namely image poisoning attacks, where adversaries can gradually modify the uploaded image with human-unaware perturbations to manipulate item ranks during the FedRecs’ training process.
Moreover, we provide empirical evidence showcasing a heightened threat when image poisoning attacks are combined with model poisoning attacks, resulting in easier manipulation of the federated recommendation systems.
To ensure the safe utilization of visual information, we employ a diffusion model in visually aware FedRecs to purify each uploaded image and detect the adversarial images.
Extensive experiments conducted with two FedRecs on two datasets demonstrate the effectiveness and generalization of our proposed attacks and defenses.
Related Results
Privacy Risk in Recommender Systems
Privacy Risk in Recommender Systems
Nowadays, recommender systems are mostly used in many online applications to filter information and help users in selecting their relevant requirements. It avoids users to become o...
Federated Data Linkage in Practice
Federated Data Linkage in Practice
In recent years, great strides have been made towards the deployment of federated systems for data research, including exploring federated trusted research environments (TREs). The...
Manipulating Recommender Systems: A Survey of Poisoning Attacks and Countermeasures
Manipulating Recommender Systems: A Survey of Poisoning Attacks and Countermeasures
Recommender systems have become an integral part of online services due to their ability to help users locate specific information in a sea of data. However, existing studies show ...
On a Framework for Federated Cluster Analysis
On a Framework for Federated Cluster Analysis
Federated learning is becoming increasingly popular to enable automated learning in distributed networks of autonomous partners without sharing raw data. Many works focus on superv...
Intelligent healthcare recommender system for advanced healthcare services
Intelligent healthcare recommender system for advanced healthcare services
The introduction of cutting-edge technologies has brought about a lot of changes in the healthcare industry. The application of intelligent recommender systems to improve healthcar...
Distributed Learning for Heart Disease Risk Prediction Based on Key Clinical Parameters with Evaluation Metrics Analysis
Distributed Learning for Heart Disease Risk Prediction Based on Key Clinical Parameters with Evaluation Metrics Analysis
Abstract
The purpose of this study design and test a Decentralized Federated learning framework that integrates a Mutual Learning approach with a Hierarchical Dirichlet Pro...
Socio-user Context Aware-Based Recommender System: Context Suggestions for A Better Tourism Recommendation
Socio-user Context Aware-Based Recommender System: Context Suggestions for A Better Tourism Recommendation
The existing tourism recommender system model is mostly predictive analytics for destination recommendations (item recommendation). Limited research has been conducted in the discu...
Image-based crop disease detection with federated learning
Image-based crop disease detection with federated learning
Abstract
Crop disease detection and management is critical to improving productivity, reducing costs, and promoting environmentally friendly crop treatment methods. Modern ...