Abstract
With the development of recommendation system technology, more and more Internet services are applied to recommendation systems.
In recommendation systems, matrix factoring is the most widely used technique. However, matrix factoring algorithms are very susceptible to shilling attacks (trust or espionage). The former defends methods against data poisoning attacks focused on detecting individual attack behaviors. But there are few detection methods for group data poisoning attacks. Therefore, we propose a detection method based on Graph Neural Network (GNN) and adversarial learning. We train user-item nodes and edges through a semi-supervised learning approach, improving the robustness of the GNN recommendation system. Our work can be divided into the following parts:
Firstly, we review the former recommendation systems and the graph representation learning recommendation systems. Secondly, we analyze the main vulnerabilities of the graph representation learning recommendation systems. Furthermore, the detection methods of data poisoning attacks are analyzed, and the difference between individual data poisoning attacks and group data poisoning attacks are discussed. Finally, we propose a per-process Robust-GNN semi-supervised detection model to conduct group detection on different types of attacks. In addition, we also analyze the sensitivity of the proposed methods. From the experiments results, it can be concluded that we should apply the attention mechanism to the proposed methods which makes it more generalized.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Dhelim, S., Aung, N., Bouras, M.A., Ning, H., Cambria, E.: A survey on personality-aware recommendation systems. Artificial Intelligence Review 55(3), 2409–2454 (2022)
Gu, Z., Cai, Y., Wang, S., Li, M., Qiu, J., Shen, S., Xiaojiang, D., Tian, Z.: Adversarial attacks on content-based filtering journal recommender systems. Computers, Materials & Continua 64(3), 1755–1770 (2020)
Wang, H., Zhong, J., Tak, K.U.: Matryoshka attack: research on an attack method of recommender system based on adversarial learning and optimization solution. In: 2020 International Conference on Wavelet Analysis and Pattern Recognition (ICWAPR), pp. 102–109 (2020). https://doi.org/10.1109/ICWAPR51924.2020.9494616
Wang, Z., Gao, M., Li, J., Zhang, J., Zhong, J.: Gray-box shilling attack: an adversarial learning approach. ACM Transactions on Intelligent Systems and Technology (TIST) (2022)
Koren, Y., Bell, R., Volinsky, C.: Matrix factorization techniques for recommender systems. Computer 42(8), 30–37 (2009)
Cao, J., Zhiang, W., Mao, B., Zhang, Y.: Shilling attack detection utilizing semi-supervised learning method for collaborative recommender system. World Wide Web 16(5), 729–748 (2013)
Bilge, A., Ozdemir, Z., Polat, H.: A novel shilling attack detection method. Procedia Computer Science 31, 165–174 (2014)
Batmaz, Z., Yilmazel, B., Kaleli, C.: Shilling attack detection in binary data: a classification approach. J. Ambient Intelli. Humani. Comp. 11(6), 2601–2611 (2020)
Zhang, F., Wang, S.: Detecting group shilling attacks in online recommender systems based on bisecting k-means clustering. IEEE Transactions on Computational Social Systems 7(5), 1189–1199 (2020)
Zhang, B., Zaharia, M., Ji, S., Ada Popa, R., Gu, G.: PPMLP 2020: workshop on privacy-preserving machine learning in practice. In: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, pp. 2139–2140 (2020)
Anelli, V.W., Deldjoo, Y., Di Noia, T., Di Sciascio, E., Merra, F.A.: Sasha: Semantic-aware shilling attacks on recommender systems exploiting knowledge graphs. In: European Semantic Web Conference, pp. 307–323. Springer, Cham (2020)
Ke, Z., Li, Z., Zhou, C., Sheng, J., Silamu, W., Guo, Q.: Rumor detection on social media via fused semantic information and a propagation heterogeneous graph. Symmetry 12(11), 1806 (2020)
Sun, X., Yang, J., Wang, Z., Liu, H.: HGDom: heterogeneous graph convolutional networks for malicious domain detection. In: NOMS 2020–2020 IEEE/IFIP Network Operations and Management Symposium, pp. 1–9. IEEE (2020)
Chen, J., Lin, X., Shi, Z., Liu, Y.: Link prediction adversarial attack via iterative gradient attack. IEEE Trans. Computat. Soc. Sys. 7(4), 1081–1094 (2020)
Feng, Y., Gai, M., Wang, F., Wang, R., Xiaowei, X.: Classification and early warning model of terrorist attacks based on optimal gcn. Chinese Journal of Electronics 29(6), 1193–1200 (2020)
Tang, X., Li, Y., Sun, Y., Yao, H., Mitra, P., Wang, S.: Transferring robustness for graph neural network against poisoning attacks. In: Proceedings of the 13th international conference on web search and data mining, pp. 600–608 (2020)
Chen, J., Hou, H., Gao, J., Ji, Y., Bai, T.: RGCN: recurrent graph convolutional networks for target-dependent sentiment analysis. In: International Conference on Knowledge Science, Engineering and Management, pp. 667–675. Springer, Cham (2019)
Canese, K., Weis, S.: PubMed: the bibliographic database. The NCBI handbook 2(1) (2013)
Giles, C.L., Bollacker, K.D., Lawrence, S.: CiteSeer: an automatic citation indexing system. In: Proceedings of the third ACM conference on Digital libraries, pp. 89–98 (1998)
Baumgartner, J., Zannettou, S., Keegan, B., Squire, M., Blackburn, J.: The pushshift reddit dataset. In Proceedings of the international AAAI conference on web and social media 14, 830–839 (2020)
Jiang, B., Zhang, Z., Lin, D., Tang, J., Luo, B.: Semi-Supervised Learning With Graph Learning-Convolutional Networks. IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR) 2019, 11305–11312 (2019). https://doi.org/10.1109/CVPR.2019.01157
Veličković, P., Cucurull, G., Casanova, A., Romero, A., Lio, P., Bengio, Y: Graph attention networks. ICLR (2018)
Chen, M., et al.: A trend-aware investment target recommendation system with heterogeneous graph. Int. Joint Conference on Neural Networks (IJCNN) 2021, 1–8 (2021). https://doi.org/10.1109/IJCNN52387.2021.9533535
Entezari, N., Al-Sayouri, S.A., Darvishzadeh, A., Papalexakis, E.E.: All you need is low (rank) defending against adversarial attacks on graphs. In: Proceedings of the 13th International Conference on Web Search and Data Mining, pp. 169–177 (2020)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Zhong, J., Liu, C., Wang, H., Tian, L., Zhu, H., Lam, CT. (2023). Robust Graph Embedding Recommendation Against Data Poisoning Attack. In: Hsu, CH., Xu, M., Cao, H., Baghban, H., Shawkat Ali, A.B.M. (eds) Big Data Intelligence and Computing. DataCom 2022. Lecture Notes in Computer Science, vol 13864. Springer, Singapore. https://doi.org/10.1007/978-981-99-2233-8_8
Download citation
DOI: https://doi.org/10.1007/978-981-99-2233-8_8
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-99-2232-1
Online ISBN: 978-981-99-2233-8
eBook Packages: Computer ScienceComputer Science (R0)