There are different types of attacks that are being targeted on Recommender systems. Such as :
Some users inject fake user profiles consisting of biased ratings to affect the recommendation ranking and manipulate the user’s decision. Attacks on recommender system behavior is known as a “shilling” attack or “profile injection” attack. Users that carry out shilling attacks are known as attackers or shillers. Push attacks and nuke attacks are the two most common types of attacks.
Product push & Product nuke attacks: The objectives of these attacks is to promote or demote the predictions that are made for targeted items, respectively.
It is very important to understand the possible strategy that is used by these attacks to better plan to avoid such type of attacks.
Starting with Product push & Product nuke attacks, attackers identify the item they want to target and profile which they want to target such items.
Profile created in such events are called Attack Profile. This way using Attack profile attackers plan to infect targeted item.
Identifying the target item and building the attack profile can be a challenging task and it can follow multiple approaches such as:
- Mirror the genuine User’s item: This would easily go unnoticed as it follows the pattern with legit user’s item and would have a user to user correlation on the item.
- Target popular item in the targeted category: It would be easy to reduce the cost of an attack by targeting popular items. Targeting such items would act as a catalyst in the system, as fake users are present in popular products review and making the other targeted item connected to the popular item.
Generally speaking, in order to get a better cost/benefit ratio, attackers perform an attack using a group of users in a short period of time; Target items are assigned a high score (push attack) or low score (nuke attack), while filler items are assigned with forged scores according to the attack models used.
Shilling attack models:
In general, there are 3 parts in an attack profile:
-Target item(s) set;
-Selected set, attackers usually select some items that have similar characteristics with the target item(s); and
-Filler set, which is a selection of items that make the attack profile be similar to normal ones.
Domain Knowledge and experience with the recommender system can make it more complex to identify such a threat in the system.
Shilling attack detecting approach :
One paper talks about multiple approaches to detect such problem, which included :
- Identify the rating for each item and attach a timestamp to it.
- Now extract this info to form the view of Timestamp with the rating for the each item.
- After a time window is detected, the rating is compared with the actual item in the given time window.
- Now identify the legit user vs fake user by the rating frequency and other know information about the users.
Other points to note that :
Rating deviation of Attack profiles’ rating deviation is greater than genuine profiles’ rating deviation, the credibility of group users in some time interval based on rating a deviation would be lower than that of a normal profile. Many attackers work together to perform an attack on specific target items in a particular time frame.
Having a way to detect such abnormality in user’s rating behavior can become key to such type of problem.
Cost and Time:
We have seen with an e-commerce site like Amazon, you can’t rate every product, you need to buy it before you rate it. And even after you rate it change in overall rating is dependent on the popularity of the product. So think how many profiles might be needed to buy or own it once here, to change the rating of this (Popular)product . This is the cost and time associated with the process. Not every system would have such type of Cost and Time but it always plays an important role in planning if such a system can be hacked or no.
Share your thoughts on this.