Abstract
Collaborative recommender systems (CRSs) have become an essential component in a wide range of e-commerce systems. However, CRSs are also easy to suffer from malicious attacks due to the fundamental vulnerability of recommender systems. Facing with the limited representative of rating behavior and the unbalanced distribution of rating profiles, how to further improve detection performance and deal with unlabeled real-world data is a long-standing but unresolved issue. This paper develops a new detection approach to defend anomalous threats for recommender systems. First, eliminating the influence of disturbed rating profiles on abnormality detection is analyzed in order to reduce the unbalanced distribution as far as possible. Based on the remaining rating profiles, secondly, rating behaviors which belong to the same dense region using standard distance measures are further partitioned by exploiting a probability mass-based dissimilarity mechanism. To reduce the scope of determining suspicious items while keeping the advantage of target item analysis (TIA), thirdly, suspected items captured by TIA are empirically converted into an associated item-item graph according to frequent patterns of rating distributions. Finally, concerned attackers can be detected based on the determined suspicious items. Extensive experiments on synthetic data demonstrate the effectiveness of the proposed detection approach compared with benchmarks. In addition, discovering interesting findings such as suspected items or ratings on four different real-world datasets is also analyzed and discussed.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Data Availability
Data sharing not applicable to this article as no datasets were generated or analysed during the current study.
Code Availability
Softwares or codes are not applicable to this article.
References
Burke, R., Mobasher, B., & Williams, C. (2006). Classification features for attack detection in collaborative recommender systems. In International conference on knowledge discovery and data mining (pp. 17–20).
Chung, C., Hsu, P., & Huang, S. (2013). BP: A novel approach to filter out malicious rating profiles from recommender systems. Journal of Decision Support Systems, 55(1), 314–325.
Fang, M., Yang, G., Gong, N., & Liu, J. (2018). Poisoning attacks to graph-based recommender systems. In Proceedings of the 34th annual computer security applications conference (ACSAC) (pp. 381–392).
Gunes, I., Kaleli, C., Bilge, A., & Polat, H. (2012). Shilling attacks against recommender systems: A comprehensive survey. Artificial Intelligence Review, 42(4), 1–33.
Jiang, M., Cui, P., Beutel, A., Faloutsos, C., & Yang, S. (2014). Catchsync: catching synchronized behavior in large directed graphs. In Proceedings of the 20th ACM SIGKDD international conference on knowledge discovery and data mining (pp. 941–950).
Luo, X., Zhou, M., Li, S., & Shang, M. (2017). An inherently non-negative latent factor model for high-dimensional and sparse matrices from industrial applications. IEEE Transactions on Industrial Informatics.
McAuley, J., & Leskovec, J. (2013). Hidden factors and hidden topics: understanding rating dimensions with review text. In ACM Conference on recommender systems (RecSys) (pp. 165–172).
McAuley, J., Pandey, R., & Leskovec, J. (2015). Inferring networks of substitutable and complementary products. Knowledge Discovery and Data Mining.
Mehta, B., Hofmann, T., & Fankhauser, P. (2007). Lies and propaganda: detecting spam users in collaborative filtering. In Proceedings of the 12th international conference on intelligent user interfaces (pp. 14–21).
Mobasher, B., Burke, R., Bhaumik, R., & Williams, C. (2007). Toward trustworthy recommender systems: An analysis of attack models and algorithm robustness. ACM Transactions on Internet Technology, 7(4), 38.
Seminario, C.E., & Wilson, D.C. (2014). Attacking item-based recommender systems with power items. In ACM Conference on recommender systems (pp. 57–64).
Song, J., Li, Z., Hu, Z., Wu, Y., Li, Z., Li, J., & Gao, J. (2020). PoisonRec: An adaptive data poisoning framework for attacking black-box recommender systems. In The 36th IEEE international conference on data engineering (ICDE’20) (pp. 157–168).
Tang, J., Du, X., He, X., Yuan, F., Tian, Q., & Chua, T. (2019). Adversarial training towards robust multimedia recommender system. IEEE Transactions on Knowledge and Data Engineering, 32(5), 855–867.
Ting, K. M., Zhu, Y., Carman, M., Zhu, Y., & Zhou, Z. H. (2016). Overcoming key weaknesses of distance-based neighbourhood methods using a data dependent dissimilarity measure. In Proceedings of the 22nd ACM SIGKDD conference on knowledge discovery and data mining (KDD’16) (pp. 1205–1214).
Wang, Y., Zhang, L., Tao, H., Wu, Z., & Cao, J. (2015). A comparative study of shilling attack detectors for recommender systems. In The 12th international conference on service systems and service management (ICSSSM) (pp. 1–6).
Wilson, D.C., & Seminario, C.E. (2015). Mitigating power user attacks on a user-based collaborative recommender system. In Association for the advancement of artificial intelligence (pp. 513–318).
Wu, Z., Wang, Y., & Cao, J. (2014). A survey on shilling attack models and detection techniques for recommender systems. Science China, 59(7), 551–560.
Xing, X., Meng, W., Doozan, D., Snoeren, A., Feamster, N., & Lee, W. (2013). Take this personally: pollution attacks on personalized services. USENIX Security, 671–686.
Xu, Y., & Zhang, F. (2019). Detecting shilling attacks in social recommender systems based on time series analysis and trust features. Knowledge-Based Systems, 178(15), 25–47.
Yang, G., Gong, N., & Cai, Y. (2017). Fake co-visitation injection attacks to recommender systems. Network and Distributed System Security Symposium (NDSS), 1–15.
Yang, Z., Cai, Z., & Guan, X. (2016). Estimating user behavior toward detecting anomalous ratings in rating systems. Knowledge-Based Systems, 111, 144–158.
Yang, Z., Cai, Z., & Yang, Y (2017). Spotting anomalous ratings for rating systems by analyzing target users and items. Neurocomputing, 240, 25–46.
Yang, Z., Sun, Q., Zhang, Y., & Zhang, B. (2018). Uncovering anomalous rating behaviors for rating systems. Neurocomputing, 308, 205–226.
Yang, Z., Sun, Q., Zhang, Y., Zhu, L., & Ji, W. (2020). Inference of suspicious co-visitation and co-rating behaviors and abnormality forensics for recommender systems. IEEE Transactions on Information Forensics and Security, 15, 2766–2781.
Yang, Z., Xu, L., Cai, Z., & Xu, Z. (2016). Re-scale AdaBoost for attack detection in collaborative filtering recommender systems. Knowledge-Based Systems, 100, 74–88.
Zhang, F., Qu, Y., Xu, Y., & Wang, S. (2020). Graph embedding-based approach for detecting group shilling attacks in collaborative recommender systems. Knowledge-Based Systems, 199(8), 105984.
Zhang, F., & Wang, S. (2020). Detecting group shilling attacks in online recommender systems based on bisecting k-means clustering. IEEE Transactions on Computational Social Systems, 7(5), 1189–1199.
Zhang, H., Li, Y., Ding, B., & Gao, J. (2020). Practical data poisoning attack against next-item recommendation. In Proceedings of the web conference (WWW’19) (pp. 2458–2464).
Zhang, Y., Tan, Y., Zhang, M., Liu, Y., Chua, T., & Ma, S. (2015). Catch the black sheep Unified framework for shilling attack detection based on fraudulent action propagation. In Proceedings of the twenty-fourth international joint conference on artificial intelligence (IJCAI 2015) (pp. 2408–2414).
Zhou, W., Koh, Y. S., Wen, J. H., Burki, S., & Dobbie, G. (2014). Detection of abnormal profiles on group attacks in recommender systems. In Proceedings of the 37th international ACM SIGIR conference on Research on development in information retrieval (pp. 955–958).
Zhang, S., Yao, L., Sun, A., & Tay, Y. (2019). Deep learning based recommender system: A survey and new perspectives. ACM Computing Surveys, 52(1), 1–38.
Gras, B., Brun, A., & Boyer, A. (2016). Identifying grey sheep users in collaborative filtering: a distribution-based technique. In Proceedings of the 2016 conference on user modeling adaptation and personalization (pp. 17–26).
Zheng, Y., Agnani, M., & Singh, M. (2017). Identifying grey sheep users by the distribution of user similarities in collaborative filtering. In Proceedings of the 6th annual conference on research in information technology (pp. 1–6).
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Ethics approval
All authors read and approved the final version of the manuscript.
Consent for Publication
All authors have checked the manuscript and have agreed to the submission.
Competing interests
The authors declare that they have no competing interests.
Additional information
Consent to participate
All authors contributed to this work.
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
This work was supported in part by the National Natural Science Foundation of China under Grant 62172331 and 62102310, in part by the Youth Innovation Team Construction of Shaanxi Provincial Department of Education under Grant 21JP081, in part by the China Postdoctoral Science Foundation under Grant 2020M683689XB, in part by the Natural Science Founds of Shaanxi under Grant 2020JQ-646 and 2021JQ-486, and in part by the Youth Innovation Team of Shaanxi Universities under Grant 2019-38.
Rights and permissions
About this article
Cite this article
Yang, Z., Sun, Q., Liu, Z. et al. Rating behavior evaluation and abnormality forensics analysis for injection attack detection. J Intell Inf Syst 59, 93–119 (2022). https://doi.org/10.1007/s10844-021-00689-y
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10844-021-00689-y