计算机科学

计算机科学 ›› 2024, Vol. 51 ›› Issue (6A): 230700003-9.doi: 10.11896/jsjkx.230700003

• 信息安全 • 上一篇    下一篇

结合图卷积神经网络和集成方法的推荐系统恶意攻击检测

刘慧1,2, 纪科1,2, 陈贞翔1,2, 孙润元1,2, 马坤1,2, 邬俊3   

  1. 1 济南大学信息科学与工程学院 济南 250022
    2 山东省网络环境智能计算技术重点实验室(济南大学) 济南 250022
    3 北京交通大学计算机与信息技术学院 北京 100044
  • 发布日期:2024-06-06
  • 通讯作者: 纪科(ise_jik@ujn.edu.cn)
  • 作者简介:(liuhui370285@qq.com)
  • 基金资助:
    国家自然科学基金(61702216,61772231,61671048,61672262);山东省重大科技创新工程(2018CXGC0706)

Malicious Attack Detection in Recommendation Systems Combining Graph Convolutional Neural Networks and Ensemble Methods

LIU Hui1,2, JI Ke1,2, CHEN Zhenxiang1,2, SUN Runyuan1,2, MA Kun1,2, WU Jun3   

  1. 1 School of Information Science and Engineering,University of Jinan,Jinan 250022,China
    2 Shandong Provincial Key Laboratory of Network Based Intelligent Computing(University of Jinan),Jinan 250022,China
    3 School of Computer and Information Technology,Beijing Jiaotong University,Beijing 100044,China
  • Published:2024-06-06
  • About author:LIU Hui,born in 1999,postgraduate,is a member of CCF(No.19053G).Her main research interests include recommendation system.
    JI Ke,born in 1989,Ph.D,associate professor,is a member of CCF(No.78936M).His research interests include machine learning,recommendation system,etc.
  • Supported by:
    National Natural Science Foundation of China(61702216,61772231,61671048,61672262) and Key Research and Development Program of Shandong Province(2018CXGC0706).

PDF (PC)

381

摘要: 推荐系统已被广泛应用于电子商务、社交媒体、信息分享等大多数互联网平台中,有效解决了信息过载问题。然而,这些平台面向所有互联网用户开放,导致不法用户利用系统设计缺陷通过恶意干扰、蓄意攻击等行为非法操纵评分数据,进而影响推荐结果,严重危害推荐服务的安全性。现有的检测方法大多都是基于从评级数据中提取的人工构建特征进行的托攻击检测,难以适应更复杂的共同访问注入攻击,并且人工构建特征费时且区分能力不足,同时攻击行为规模远远小于正常行为,给传统检测方法带来了不平衡数据问题。因此,文中提出堆叠多层图卷积神经网络端到端学习用户和项目之间的多阶交互行为信息得到用户嵌入和项目嵌入,将其作为攻击检测特征,以卷积神经网络作为基分类器实现深度行为特征提取,结合集成方法检测攻击。在真实数据集上的实验结果表明,与流行的推荐系统恶意攻击检测方法相比,所提方法对共同访问注入攻击行为有较好的检测效果并在一定程度上克服了不平衡数据的难题。

关键词: 攻击检测, 共同访问注入攻击, 推荐系统, 图卷积神经网络, 卷积神经网络, 集成方法

Abstract: Recommendation systems have been widely used in most Internet platforms,such as e-commerce,social media,and information sharing,which effectively solve the problem of information overload.However,these platforms are open to all Internet users,leading to illegal manipulation of rating data through malicious interference and deliberate attacks by unscrupulous users using system design flaws,affecting the recommendation results and seriously jeopardizing the security of recommendation ser-vices.Most existing detection methods are based on manually constructed features extracted from rating data for shilling attack detection,which is challenging to adapt to more complex co-visitation injection attacks,and manually constructed features are time-consuming and need more differentiation capability.In contrast,the scale of attack behavior is much smaller than normal behavior,bringing imbalanced data problems to traditional detection methods.Therefore,the paper proposes stacked multilayer graph convolutional neural networks end-to-end to learn multi-order interaction behavior information between users and items to obtain user embeddings and item embeddings,which are used as attack detection features,and convolutional neural networks are used as base classifiers to achieve deep behavior feature extraction,combined with ensemble methods to detect attacks.Experimental results on real datasets show that the method better detects co-visitation injection attacks and overcomes the imbalanced data problem to a certain extent compared with popular malicious attack detection methods for recommendation systems.

Key words: Attack detection, Co-visitation injection attack, Recommendation systems, Graph convolutional neural networks, Convolutional neural networks, Ensemble methods

中图分类号: 

  • TP391
[1]LUO X,ZHOU M C,XIA Y,et al.Generating highly accurate predictions for missing QoS data via aggregating nonnegative latent factor models[J].IEEE Transactions on Neural Networks and Learning Systems,2015,27(3):524-537.
[2]LUO X,ZHOU M C,LI S,et al.An inherently nonnegative latent factor model for high-dimensional and sparse matrices from industrial applications[J].IEEE Transactions on Industrial Informatics,2017,14(5):2011-2022.
[3]WU Z,WU J,CAO J,et al.HySAD:A semi-supervised hybrid shilling attack detector for trustworthy product recommendation[C]//Proceedings of the 18th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining.2012:985-993.
[4]GÜNNEMANN S,GÜNNEMANN N,FALOUTSOS C.Detecting anomalies in dynamic rating data:A robust probabilistic model for rating evolution[C]//Proceedings of the 20th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining.2014:841-850.
[5]GÜNNEMANN N,GÜNNEMANN S,FALOUTSOS C.Robustmultivariate autoregression for anomaly detection in dynamic product ratings[C]//Proceedings of the 23rd International Conference on World Wide Web.2014:361-372.
[6]LU J,WU D,MAO M,et al.Recommender system application developments:a survey[J].Decision Support Systems,2015,74:12-32.
[7]YANG G,GONG N Z,CAI Y.Fake Co-visitation Injection Attacks to Recommender Systems[C]//NDSS.2017.
[8]XING X,MENG W,DOOZAN D,et al.Take This Personally:Pollution Attacks on Personalized Services[C]//USENIX Security Symposium.2013:671-686.
[9]CALANDRINO J A,KILZER A,NARAYANAN A,et al. You might also like:Privacy risks of collaborative filtering[C]//2011 IEEE Symposium on Security and Privacy.IEEE,2011:231-246.
[10]FANG M,YANG G,GONG N Z,et al.Poisoning attacks tograph-based recommender systems[C]//Proceedings of the 34th Annual Computer Security Applications Conference.2018:381-392.
[11]GUNES I,KALELI C,BILGE A,et al.Shilling attacks against recommender systems:A comprehensive survey[J].Artificial Intelligence Review,2014,42(4):767-799.
[12]SI M,LI Q.Shilling attacks against collaborative recommender systems:a review[J].Artificial Intelligence Review,2020,53:291-319.
[13]BURKE R,MOBASHER B,WILLIAMS C,et al.Classification features for attack detection in collaborative recommender systems[C]//Proceedings of the 12th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining.2006:542-547.
[14]YANG Z,CAI Z,GUAN X.Estimating user behavior towarddetecting anomalous ratings in rating systems[J].Knowledge-Based Systems,2016,111:144-158.
[15]MEHTA B,NEJDL W.Unsupervised strategies for shilling detection and robust collaborative filtering[J].User Modeling and User-Adapted Interaction,2009,19:65-97.
[16]O′MAHONY M,HURLEY N,KUSHMERICK N,et al.Colla-borative recommendation:A robustness analysis[J].ACM Transactions on Internet Technology(TOIT),2004,4(4):344-377.
[17]MOBASHER B,BURKE R,BHAUMIK R,et al.Toward trustworthy recommender systems:An analysis of attack models and algorithm robustness[J].ACM Transactions on Internet Technology(TOIT),2007,7(4):23.
[18]LIU B,KONG D,CEN L,et al.Personalized mobile app recommendation:Reconciling app functionality and user privacy pre-ference[C]//Proceedings of the Eighth ACM International Conference on Web Search and Data Mining.2015:315-324.
[19]KOREN Y,BELL R,VOLINSKY C.Matrix factorization techniques for recommender systems[J].Computer,2009,42(8):30-37.
[20]LI W,GAO M,LI H,et al.Shilling attack detection in recommender systems via selecting patterns analysis[J].IEICE Transactions on Information and Systems,2016,99(10):2600-2611.
[21]DOU T,YU J,XIONG Q,et al.Collaborative shilling detection bridging factorization and user embedding[C]//Collaborative Computing:Networking,Applications and Worksharing.Sprin-ger International Publishing,2018:459-469.
[22]YANG Z,SUN Q,ZHANG Y,et al.Inference of suspicious co-visitation and co-rating behaviors and abnormality forensics for recommender systems[J].IEEE Transactions on Information Forensics and Security,2020,15:2766-2781.
[23]WANG S,ZHANG P,WANG H,et al.Detecting shilling groups in online recommender systems based on graph convolutional network[J].Information Processing & Management,2022,59(5):103031.
[24]ZHANG S,YIN H,CHEN T,et al.Gcn-based user representation learning for unifying robust recommendation and fraudster detection[C]//Proceedings of the 43rd international ACM SIGIR Conference on Research and Development in Information Retrieval.2020:689-698.
[25]ZHANG F,ZHANG Z,ZHANG P,et al.UD-HMM:An unsupervised method for shilling attack detection based on hidden Markov model and hierarchical clustering[J].Knowledge-Based Systems,2018,148:146-166.
[26]CAO J,WU Z,MAO B,et al.Shilling attack detection utilizing semi-supervised learning method for collaborative recommender system[J].World Wide Web,2013,16:729-748.
[27]DEFFERRARD M,BRESSON X,VANDERGHEYNST P.Convolutional neural networks on graphs with fast localized spectral filtering[J/OL].Advances in Neural Information Processing Systems,2016,29.https://proceedings.neurips.cc/paper_files/paper/2016.
[28]TAN M,LE Q.Efficientnet:Rethinking model scaling for convolutional neural networks[C]//International Conference on Machine Learning.PMLR,2019:6105-6114.
[29]BREIMAN L.Bagging predictors[J].Machine Learning,1996,24:123-140.
[30]WANG X,HE X,WANG M,et al.Neural graph collaborative filtering[C]//Proceedings of the 42nd international ACM SIGIR Conference on Research and Development in Information Retrieval.2019:165-174.
[31]HE X,DENG K,WANG X,et al.Lightgcn:Simplifying andpowering graph convolution network for recommendation[C]//Proceedings of the 43rd International ACM SIGIR Conference on Research and Development in Information Retrieval.2020:639-648.
[32]PENG S,SUGIYAMA K,MINE T.Less is More:Reweighting Important Spectral Graph Features for Recommendation[C]//Proceedings of the 45th International ACM SIGIR Conference on Research and Development in Information Retrieval.2022:1273-1282.
[33]LIU X Y,WU J,ZHOU Z H.Exploratory undersampling forclass-imbalance learning[J].IEEE Transactions on Systems,Man,and Cybernetics,Part B(Cybernetics),2008,39(2):539-550.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发