Defending Federated Recommender Systems Against Untargeted Attacks: A Contribution-Aware Robust Aggregation Scheme (2024)

research-article

Free access

Just Accepted

Authors: Ruicheng Liang, Yuanchun Jiang, Feida Zhu, Ling Cheng, Huiwen Liu

ACM Transactions on Knowledge Discovery from Data

Accepted on 14 November 2024

Online AM: 28 November 2024 Publication History

Metrics

Total Citations0Total Downloads0

Last 12 Months0

Last 6 weeks0

New Citation Alert added!

This alert has been successfully added and will be sent to:

You will be notified whenever a record that you have chosen has been cited.

To manage your alert preferences, click on the button below.

Manage my Alerts

New Citation Alert!

Please log in to your account

PDFeReader

    • View Options
    • References
    • Media
    • Tables
    • Share

Abstract

Federated recommender systems (FedRSs) effectively tackle the trade-off between recommendation accuracy and privacy preservation. However, recent studies have revealed severe vulnerabilities in FedRSs, particularly against untargeted attacks seeking to undermine their overall performance. Defense methods employed in traditional recommender systems are not applicable to FedRSs, and existing robust aggregation schemes for other federated learning-based applications have proven ineffective in FedRSs. Building on the observation that malicious clients contribute negatively to the training process, we design a novel contribution-aware robust aggregation scheme to defend FedRSs against untargeted attacks, named contribution-aware Bayesian knowledge distillation aggregation (ConDA), comprising two key components for the defense. In the first contribution estimation component, we decentralize the estimation from the server side to the client side and propose an ensemble-based Shapley value to enable the efficient calculation of contributions, addressing the limitations of lacking auxiliary validation data and high computational complexity. In the second contribution-aware aggregation component, we merge the decentralized contributions via a majority voting mechanism and integrate the merged contributions into a Bayesian knowledge distillation aggregation scheme for robust aggregation, mitigating the impact of unreliable contributions induced by attacks. We evaluate the effectiveness and efficiency of ConDA on two real-world datasets from movie and music service providers. Through extensive experiments, we demonstrate the superiority of ConDA over the baseline robust aggregation schemes.

References

[1]

Gediminas Adomavicius and Alexander Tuzhilin. 2005. Toward the next generation of recommender systems: A survey of the state-of-the-art and possible extensions. IEEE Transactions on Knowledge and Data Engineering 17, 6 (2005), 734-749.

Digital Library

[2]

Le Wu, Xiangnan He, Xiang Wang, Kun Zhang, and Meng Wang. 2022. A survey on accuracy-oriented neural recommendation: From collaborative filtering to information-rich recommendation. IEEE Transactions on Knowledge and Data Engineering 35, 5 (2022), 4425-4445.

[3]

Yao Wu, Jian Cao, and Guandong Xu. 2023. Fairness in Recommender Systems: Evaluation Approaches and Assurance Strategies. ACM Transactions on Knowledge Discovery from Data (2023).

[4]

Jiabo Zhuang, Shunmei Meng, Jing Zhang, and Victor S Sheng. 2023. Contrastive Learning based Graph Convolution Network for Social Recommendation. ACM Transactions on Knowledge Discovery from Data (2023).

[5]

Xiangnan He, Lizi Liao, Hanwang Zhang, Liqiang Nie, Xia Hu, and Tat-Seng Chua. 2017. Neural collaborative filtering. In Proceedings of the 26th International Conference on World Wide Web. 173-182.

Digital Library

[6]

Mubashir Imran, Hongzhi Yin, Tong Chen, Quoc Viet Hung Nguyen, Alexander Zhou, and Kai Zheng. 2023. ReFRS: Resource-efficient federated recommender system for dynamic and diversified user preferences. ACM Transactions on Information Systems 41, 3 (2023), 1-30.

Digital Library

[7]

Vito Walter Anelli, Luca Belli, Yashar Deldjoo, Tommaso Di Noia, Antonio Ferrara, Fedelucio Narducci, and Claudio Pomo. 2021. Pursuing privacy in recommender systems: the view of users and researchers from regulations to applications. In Proceedings of the 15th ACM Conference on Recommender Systems. 838-841.

Digital Library

[8]

Zehua Sun, Yonghui Xu, Yong Liu, Wei He, Lanju Kong, Fangzhao Wu, Yali Jiang, and Lizhen Cui. 2024. A survey on federated recommendation systems. IEEE Transactions on Neural Networks and Learning Systems (2024).

[9]

Khalil Muhammad, Qinqin Wang, Diarmuid O'Reilly-Morgan, Elias Tragos, Barry Smyth, Neil Hurley, James Geraci, and Aonghus Lawlor. 2020. Fedfast: Going beyond average for faster training of federated recommender systems. In Proceedings of the 26th ACM SIGKDD international conference on knowledge discovery & data mining. 1234-1242.

Digital Library

[10]

Zhiwei Liu, Liangwei Yang, Ziwei Fan, Hao Peng, and Philip S Yu. 2022. Federated social recommendation with graph neural network. ACM Transactions on Intelligent Systems and Technology (TIST) 13, 4 (2022), 1-24.

Digital Library

[11]

Brendan McMahan, Eider Moore, Daniel Ramage, Seth Hampson, and Blaise Aguera y Arcas. 2017. Communication-efficient learning of deep networks from decentralized data. In Artificial Intelligence and Statistics. PMLR, 1273-1282.

[12]

Vasileios Perifanis and Pavlos S Efraimidis. 2022. Federated neural collaborative filtering. Knowledge-Based Systems 242, (2022), 108441.

[13]

Peter Kairouz, H Brendan McMahan, Brendan Avent, Aurélien Bellet, Mehdi Bennis, Arjun Nitin Bhagoji, Kallista Bonawitz, Zachary Charles, Graham Cormode, and Rachel Cummings. 2021. Advances and open problems in federated learning. Foundations and Trends® in Machine Learning 14, 1–2 (2021), 1-210.

[14]

Dong Yin, Yudong Chen, Ramchandran Kannan, and Peter Bartlett. 2018. Byzantine-robust distributed learning: Towards optimal statistical rates. In International Conference on Machine Learning. PMLR, 5650-5659.

[15]

Yang Yu, Qi Liu, Likang Wu, Runlong Yu, Sanshi Lei Yu, and Zaixi Zhang. 2023. Untargeted attack against federated recommendation systems via poisonous item embeddings and the defense. In Proceedings of the AAAI Conference on Artificial Intelligence. 4854-4863.

Digital Library

[16]

Anee Sharma and Ningrinla Marchang. 2024. A review on client-server attacks and defenses in federated learning. Computers & Security (2024), 103801.

[17]

C. Chronis, I. Varlamis, Y. Himeur, A. N. Sayed, T. M. Al- Hasan, A. Nhlabatsi, F. Bensaali, and G. Dimitrakopoulos. 2024. A Survey on the use of Federated Learning in Privacy-Preserving Recommender Systems. IEEE Open Journal of the Computer Society 5, (2024), 227-247.

[18]

Chuhan Wu, Fangzhao Wu, Tao Qi, Yongfeng Huang, and Xing Xie. 2022. FedAttack: Effective and covert poisoning attack on federated recommendation via hard sampling. In Proceedings of the 28th ACM SIGKDD Conference on Knowledge Discovery and Data Mining. 4164-4172.

Digital Library

[19]

Minghong Fang, Xiaoyu Cao, Jinyuan Jia, and Neil Zhenqiang Gong. 2020. Local model poisoning attacks to byzantine-robust federated learning. In Proceedings of the 29th USENIX Conference on Security Symposium. 1623-1640.

[20]

Krishna Pillutla, Sham M Kakade, and Zaid Harchaoui. 2022. Robust aggregation for federated learning. IEEE Transactions on Signal Processing 70, (2022), 1142-1154.

[21]

Yifei Zhang, Dun Zeng, Jinglong Luo, Zenglin Xu, and Irwin King. 2023. A Survey of Trustworthy Federated Learning with Perspectives on Security, Robustness and Privacy. In Companion Proceedings of the ACM Web Conference 2023. 1167-1176.

[22]

Vito Walter Anelli, Yashar Deldjoo, Tommaso DiNoia, and Felice Antonio Merra, Adversarial recommender systems: Attack, defense, and advances, in Recommender Systems Handbook. 2021, Springer. p. 335-379.

[23]

Yufeng Zhan, Jie Zhang, Zicong Hong, Leijie Wu, Peng Li, and Song Guo. 2021. A survey of incentive mechanism design for federated learning. IEEE Transactions on Emerging Topics in Computing 10, 2 (2021), 1035-1044.

[24]

Zelei Liu, Yuanyuan Chen, Yansong Zhao, Han Yu, Yang Liu, Renyi Bao, Jinpeng Jiang, Zaiqing Nie, Qian Xu, and Qiang Yang. 2022. Contribution-aware federated learning for smart healthcare. In Proceedings of the AAAI Conference on Artificial Intelligence. 12396-12404.

[25]

Lloyd S Shapley. 1953. A value for n-person games. (1953).

[26]

G. Wang, C. X. Dang, and Z. Zhou. 2019. Measure Contribution of Participants in Federated Learning. In 2019 IEEE International Conference on Big Data (Big Data). 2597-2604.

[27]

Zelei Liu, Yuanyuan Chen, Han Yu, Yang Liu, and Lizhen Cui. 2022. GTG-Shapley: Efficient and accurate participant contribution evaluation in federated learning. ACM Transactions on Intelligent Systems and Technology (TIST) 13, 4 (2022), 1-21.

Digital Library

[28]

Lingjuan Lyu, Xinyi Xu, Qian Wang, and Han Yu. 2020. Collaborative fairness in federated learning. Federated Learning: Privacy and Incentive (2020), 189-204.

[29]

Tianhao Wang, Johannes Rausch, Ce Zhang, Ruoxi Jia, and Dawn Song. 2020. A principled approach to data valuation for federated learning. Federated Learning: Privacy and Incentive (2020), 153-167.

[30]

Gang Yan, Hao Wang, and Jian Li. 2022. Seizing critical learning periods in federated learning. In Proceedings of the AAAI Conference on Artificial Intelligence. 8788-8796.

[31]

Hong-You Chen and Wei-Lun Chao. 2021. FedBE: Making Bayesian Model Ensemble Applicable to Federated Learning. In International Conference on Learning Representations.

[32]

Wesley J Maddox, Pavel Izmailov, Timur Garipov, Dmitry P Vetrov, and Andrew Gordon Wilson. 2019. A simple baseline for bayesian uncertainty in deep learning. Advances in Neural Information Processing Systems 32, (2019).

[33]

Liu Yang, Ben Tan, Vincent W Zheng, Kai Chen, and Qiang Yang. 2020. Federated recommendation systems. Federated Learning: Privacy and Incentive (2020), 225-239.

[34]

Qiang Yang, Yang Liu, Tianjian Chen, and Yongxin Tong. 2019. Federated machine learning: Concept and applications. ACM Transactions on Intelligent Systems and Technology (TIST) 10, 2 (2019), 1-19.

[35]

Yujie Lin, Pengjie Ren, Zhumin Chen, Zhaochun Ren, Dongxiao Yu, Jun Ma, Maarten de Rijke, and Xiuzhen Cheng. 2020. Meta matrix factorization for federated rating predictions. In Proceedings of the 43rd International ACM SIGIR Conference on Research and Development in Information Retrieval. 981-990.

Digital Library

[36]

Dazhong Rong, Qinming He, and Jianhai Chen. 2022. Poisoning Deep Learning based Recommender Model in Federated Learning Scenarios. In the Proceedings of the Thirty-First International Joint Conference on Artificial Intelligence (IJCAI-22). 2204-2210.

[37]

Di Chai, Leye Wang, Kai Chen, and Qiang Yang. 2020. Secure federated matrix factorization. IEEE Intelligent Systems 36, 5 (2020), 11-20.

[38]

Feng Liang, Weike Pan, and Zhong Ming. 2021. Fedrec++: Lossless federated recommendation with explicit feedback. In Proceedings of the AAAI conference on artificial intelligence. 4224-4231.

[39]

Shijie Zhang, Hongzhi Yin, Tong Chen, Zi Huang, Quoc Viet Hung Nguyen, and Lizhen Cui. 2022. Pipattack: Poisoning federated recommender systems for manipulating item promotion. In Proceedings of the Fifteenth ACM International Conference on Web Search and Data Mining. 1415-1423.

Digital Library

[40]

Bo Li, Yining Wang, Aarti Singh, and Yevgeniy Vorobeychik. 2016. Data poisoning attacks on factorization-based collaborative filtering. In the Conference on Neural Information Processing Systems. 1-9.

[41]

Dazhong Rong, Shuai Ye, Ruoyan Zhao, Hon Ning Yuen, Jianhai Chen, and Qinming He. 2022. Fedrecattack: Model poisoning attack to federated recommendation. In 2022 IEEE 38th International Conference on Data Engineering (ICDE). IEEE, 2643-2655.

[42]

Vale Tolpegin, Stacey Truex, Mehmet Emre Gursoy, and Ling Liu. 2020. Data poisoning attacks against federated learning systems. In Computer Security–ESORICS 2020: 25th European Symposium on Research in Computer Security, ESORICS 2020, Guildford, UK, September 14–18, 2020, Proceedings, Part I 25. Springer, 480-501.

[43]

Gilad Baruch, Moran Baruch, and Yoav Goldberg. 2019. A little is enough: Circumventing defenses for distributed learning. Advances in Neural Information Processing Systems 32, (2019).

[44]

Jingwei Sun, Ang Li, Louis DiValentin, Amin Hassanzadeh, Yiran Chen, and Hai Li. 2021. FL-WBC: Enhancing robustness against model poisoning attacks in federated learning from a client perspective. Advances in Neural Information Processing Systems 34, (2021), 12613-12624.

[45]

Peva Blanchard, El Mahdi El Mhamdi, Rachid Guerraoui, and Julien Stainer. 2017. Machine learning with adversaries: Byzantine tolerant gradient descent. In the Conference on Advances in Neural Information Processing Systems. 1-11.

[46]

Shenghui Li, Edith C-H Ngai, and Thiemo Voigt. 2023. An Experimental Study of Byzantine-Robust Aggregation Schemes in Federated Learning. IEEE Transactions on Big Data (2023).

[47]

Zaixi Zhang, Xiaoyu Cao, Jinyuan Jia, and Neil Zhenqiang Gong. 2022. FLDetector: Defending federated learning against model poisoning attacks via detecting malicious clients. In Proceedings of the 28th ACM SIGKDD Conference on Knowledge Discovery and Data Mining. 2545-2555.

Digital Library

[48]

Wei Yuan, Hongzhi Yin, Fangzhao Wu, Shijie Zhang, Tieke He, and Hao Wang. 2023. Federated unlearning for on-device recommendation. In Proceedings of the Sixteenth ACM International Conference on Web Search and Data Mining. 393-401.

Digital Library

[49]

Lingchen Zhao, Qian Wang, Qin Zou, Yan Zhang, and Yanjiao Chen. 2019. Privacy-preserving collaborative deep learning with unreliable participants. IEEE Transactions on Information Forensics and Security 15, (2019), 1486-1500.

[50]

Jiawen Kang, Zehui Xiong, Dusit Niyato, Shengli Xie, and Junshan Zhang. 2019. Incentive mechanism for reliable federated learning: A joint optimization approach to combining reputation and contract theory. IEEE Internet of Things Journal 6, 6 (2019), 10700-10714.

[51]

Jingwen Zhang, Yuezhou Wu, and Rong Pan. 2021. Incentive mechanism for horizontal federated learning based on reputation and reverse auction. In Proceedings of the Web Conference 2021. 947-956.

Digital Library

[52]

Jiasi Weng, Jian Weng, Jilian Zhang, Ming Li, Yue Zhang, and Weiqi Luo. 2019. Deepchain: Auditable and privacy-preserving deep learning with blockchain-based incentive. IEEE Transactions on Dependable and Secure Computing 18, 5 (2019), 2438-2455.

[53]

Xianglin Bao, Cheng Su, Yan Xiong, Wenchao Huang, and Yifei Hu. 2019. Flchain: A blockchain for auditable federated learning with trust and incentive. In 2019 5th International Conference on Big Data Computing and Communications (BIGCOM). IEEE, 151-159.

[54]

Lin Zhang, Lixin Fan, Yong Luo, and Ling-Yu Duan. 2022. Intrinsic Performance Influence-based Participant Contribution Estimation for Horizontal Federated Learning. ACM Transactions on Intelligent Systems and Technology (TIST) 13, 6 (2022), 1-24.

Digital Library

[55]

Qiheng Sun, Xiang Li, Jiayao Zhang, Li Xiong, Weiran Liu, Jinfei Liu, Zhan Qin, and Kui Ren. 2023. Shapleyfl: Robust federated learning based on Shapley value. In Proceedings of the 29th ACM SIGKDD Conference on Knowledge Discovery and Data Mining. 2096-2108.

Digital Library

[56]

Scott M Lundberg and Su-In Lee. 2017. A unified approach to interpreting model predictions. Advances in Neural Information Processing Systems 30, (2017).

[57]

Ian Covert and Su-In Lee. 2021. Improving kernelSHAP: Practical Shapley value estimation using linear regression. In International Conference on Artificial Intelligence and Statistics. PMLR, 3457-3465.

[58]

Xuan Wei, Zhu Zhang, Mingyue Zhang, Weiyun Chen, and Daniel Dajun Zeng. 2019. Combining crowd and machine intelligence to detect false news on social media. MIS Quarterly (2019).

[59]

Ginevra Carbone, Matthew Wicker, Luca Laurenti, Andrea Patane, Luca Bortolussi, and Guido Sanguinetti. 2020. Robustness of bayesian neural networks to gradient-based attacks. Advances in Neural Information Processing Systems 33, (2020), 15602-15613.

[60]

P Izmailov, AG Wilson, D Podoprikhin, D Vetrov, and T Garipov. 2018. Averaging weights leads to wider optima and better generalization. In 34th Conference on Uncertainty in Artificial Intelligence 2018, UAI 2018. 876-885.

[61]

Geoffrey Hinton, Oriol Vinyals, and Jeff Dean. 2015. Distilling the knowledge in a neural network. arXiv preprint arXiv:1503.02531 (2015).

[62]

F Maxwell Harper and Joseph A Konstan. 2015. The movielens datasets: History and context. Acm Transactions on Interactive Intelligent Systems (TIIS) 5, 4 (2015), 1-19.

Digital Library

[63]

Julian McAuley, Christopher Targett, Qinfeng Shi, and Anton Van Den Hengel. 2015. Image-based recommendations on styles and substitutes. In Proceedings of the 38th international ACM SIGIR Conference on Research and Development in Information Retrieval. 43-52.

Digital Library

[64]

Qinyong Wang, Hongzhi Yin, Tong Chen, Junliang Yu, Alexander Zhou, and Xiangliang Zhang. 2021. Fast-adapting and privacy-preserving federated recommender system. The VLDB Journal (2021), 1-20.

Index Terms

  1. Defending Federated Recommender Systems Against Untargeted Attacks: A Contribution-Aware Robust Aggregation Scheme

    1. Information systems

      1. Information retrieval

        1. Retrieval tasks and goals

        2. Information systems applications

          1. Data mining

      Index terms have been assigned to the content through auto-classification.

      Recommendations

      • Poisoning Federated Recommender Systems with Fake Users

        WWW '24: Proceedings of the ACM Web Conference 2024

        Federated recommendation is a prominent use case within federated learning, yet it remains susceptible to various attacks, from user to server-side vulnerabilities. Poisoning attacks are particularly notable among user-side attacks, as participants ...

        Read More

      • Breaking State-of-the-Art Poisoning Defenses to Federated Learning: An Optimization-Based Attack Framework

        CIKM '24: Proceedings of the 33rd ACM International Conference on Information and Knowledge Management

        Federated Learning (FL) is a novel client-server distributed learning framework that can protect data privacy. However, recent works show that FL is vulnerable to poisoning attacks. Many defenses with robust aggregators (AGRs) are proposed to mitigate ...

        Read More

      • Poisoning Attacks to Graph-Based Recommender Systems

        ACSAC '18: Proceedings of the 34th Annual Computer Security Applications Conference

        Recommender system is an important component of many web services to help users locate items that match their interests. Several studies showed that recommender systems are vulnerable to poisoning attacks, in which an attacker injects fake data to a ...

        Read More

      Comments

      Information & Contributors

      Information

      Published In

      Defending Federated Recommender Systems Against Untargeted Attacks: A Contribution-Aware Robust Aggregation Scheme (1)

      ACM Transactions on Knowledge Discovery from DataJust Accepted

      EISSN:1556-472X

      Table of Contents

      Copyright © 2024 Copyright held by the owner/author(s).

      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [emailprotected].

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Online AM: 28 November 2024

      Accepted: 14 November 2024

      Revised: 23 August 2024

      Received: 24 June 2023

      Check for updates

      Author Tags

      1. Federated recommender systems
      2. untargeted attacks
      3. contribution estimation
      4. robust aggregation

      Qualifiers

      • Research-article

      Contributors

      Defending Federated Recommender Systems Against Untargeted Attacks: A Contribution-Aware Robust Aggregation Scheme (2)

      Other Metrics

      View Article Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • Total Citations

      • Total Downloads

      • Downloads (Last 12 months)0
      • Downloads (Last 6 weeks)0

      Reflects downloads up to 26 Nov 2024

      Other Metrics

      View Author Metrics

      Citations

      View Options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      Get this Article

      Media

      Figures

      Other

      Tables

      Defending Federated Recommender Systems Against Untargeted Attacks: A Contribution-Aware Robust Aggregation Scheme (2024)

      References

      Top Articles
      Latest Posts
      Recommended Articles
      Article information

      Author: Arline Emard IV

      Last Updated:

      Views: 6154

      Rating: 4.1 / 5 (72 voted)

      Reviews: 87% of readers found this page helpful

      Author information

      Name: Arline Emard IV

      Birthday: 1996-07-10

      Address: 8912 Hintz Shore, West Louie, AZ 69363-0747

      Phone: +13454700762376

      Job: Administration Technician

      Hobby: Paintball, Horseback riding, Cycling, Running, Macrame, Playing musical instruments, Soapmaking

      Introduction: My name is Arline Emard IV, I am a cheerful, gorgeous, colorful, joyous, excited, super, inquisitive person who loves writing and wants to share my knowledge and understanding with you.