research-article
Free access
Just Accepted
Authors: Ruicheng Liang, Yuanchun Jiang, Feida Zhu, Ling Cheng, Huiwen Liu
ACM Transactions on Knowledge Discovery from Data
Accepted on 14 November 2024
Online AM: 28 November 2024 Publication History
Metrics
Total Citations0Total Downloads0Last 12 Months0
Last 6 weeks0
New Citation Alert added!
This alert has been successfully added and will be sent to:
You will be notified whenever a record that you have chosen has been cited.
To manage your alert preferences, click on the button below.
Manage my Alerts
New Citation Alert!
Please log in to your account
PDFeReader
- View Options
- References
- Media
- Tables
- Share
Abstract
Federated recommender systems (FedRSs) effectively tackle the trade-off between recommendation accuracy and privacy preservation. However, recent studies have revealed severe vulnerabilities in FedRSs, particularly against untargeted attacks seeking to undermine their overall performance. Defense methods employed in traditional recommender systems are not applicable to FedRSs, and existing robust aggregation schemes for other federated learning-based applications have proven ineffective in FedRSs. Building on the observation that malicious clients contribute negatively to the training process, we design a novel contribution-aware robust aggregation scheme to defend FedRSs against untargeted attacks, named contribution-aware Bayesian knowledge distillation aggregation (ConDA), comprising two key components for the defense. In the first contribution estimation component, we decentralize the estimation from the server side to the client side and propose an ensemble-based Shapley value to enable the efficient calculation of contributions, addressing the limitations of lacking auxiliary validation data and high computational complexity. In the second contribution-aware aggregation component, we merge the decentralized contributions via a majority voting mechanism and integrate the merged contributions into a Bayesian knowledge distillation aggregation scheme for robust aggregation, mitigating the impact of unreliable contributions induced by attacks. We evaluate the effectiveness and efficiency of ConDA on two real-world datasets from movie and music service providers. Through extensive experiments, we demonstrate the superiority of ConDA over the baseline robust aggregation schemes.
References
[1]
Gediminas Adomavicius and Alexander Tuzhilin. 2005. Toward the next generation of recommender systems: A survey of the state-of-the-art and possible extensions. IEEE Transactions on Knowledge and Data Engineering 17, 6 (2005), 734-749.
Digital Library
[2]
Le Wu, Xiangnan He, Xiang Wang, Kun Zhang, and Meng Wang. 2022. A survey on accuracy-oriented neural recommendation: From collaborative filtering to information-rich recommendation. IEEE Transactions on Knowledge and Data Engineering 35, 5 (2022), 4425-4445.
[3]
Yao Wu, Jian Cao, and Guandong Xu. 2023. Fairness in Recommender Systems: Evaluation Approaches and Assurance Strategies. ACM Transactions on Knowledge Discovery from Data (2023).
[4]
Jiabo Zhuang, Shunmei Meng, Jing Zhang, and Victor S Sheng. 2023. Contrastive Learning based Graph Convolution Network for Social Recommendation. ACM Transactions on Knowledge Discovery from Data (2023).
[5]
Xiangnan He, Lizi Liao, Hanwang Zhang, Liqiang Nie, Xia Hu, and Tat-Seng Chua. 2017. Neural collaborative filtering. In Proceedings of the 26th International Conference on World Wide Web. 173-182.
Digital Library
[6]
Mubashir Imran, Hongzhi Yin, Tong Chen, Quoc Viet Hung Nguyen, Alexander Zhou, and Kai Zheng. 2023. ReFRS: Resource-efficient federated recommender system for dynamic and diversified user preferences. ACM Transactions on Information Systems 41, 3 (2023), 1-30.
Digital Library
[7]
Vito Walter Anelli, Luca Belli, Yashar Deldjoo, Tommaso Di Noia, Antonio Ferrara, Fedelucio Narducci, and Claudio Pomo. 2021. Pursuing privacy in recommender systems: the view of users and researchers from regulations to applications. In Proceedings of the 15th ACM Conference on Recommender Systems. 838-841.
Digital Library
[8]
Zehua Sun, Yonghui Xu, Yong Liu, Wei He, Lanju Kong, Fangzhao Wu, Yali Jiang, and Lizhen Cui. 2024. A survey on federated recommendation systems. IEEE Transactions on Neural Networks and Learning Systems (2024).
[9]
Khalil Muhammad, Qinqin Wang, Diarmuid O'Reilly-Morgan, Elias Tragos, Barry Smyth, Neil Hurley, James Geraci, and Aonghus Lawlor. 2020. Fedfast: Going beyond average for faster training of federated recommender systems. In Proceedings of the 26th ACM SIGKDD international conference on knowledge discovery & data mining. 1234-1242.
Digital Library
[10]
Zhiwei Liu, Liangwei Yang, Ziwei Fan, Hao Peng, and Philip S Yu. 2022. Federated social recommendation with graph neural network. ACM Transactions on Intelligent Systems and Technology (TIST) 13, 4 (2022), 1-24.
Digital Library
[11]
Brendan McMahan, Eider Moore, Daniel Ramage, Seth Hampson, and Blaise Aguera y Arcas. 2017. Communication-efficient learning of deep networks from decentralized data. In Artificial Intelligence and Statistics. PMLR, 1273-1282.
[12]
Vasileios Perifanis and Pavlos S Efraimidis. 2022. Federated neural collaborative filtering. Knowledge-Based Systems 242, (2022), 108441.
[13]
Peter Kairouz, H Brendan McMahan, Brendan Avent, Aurélien Bellet, Mehdi Bennis, Arjun Nitin Bhagoji, Kallista Bonawitz, Zachary Charles, Graham Cormode, and Rachel Cummings. 2021. Advances and open problems in federated learning. Foundations and Trends® in Machine Learning 14, 1–2 (2021), 1-210.
[14]
Dong Yin, Yudong Chen, Ramchandran Kannan, and Peter Bartlett. 2018. Byzantine-robust distributed learning: Towards optimal statistical rates. In International Conference on Machine Learning. PMLR, 5650-5659.
[15]
Yang Yu, Qi Liu, Likang Wu, Runlong Yu, Sanshi Lei Yu, and Zaixi Zhang. 2023. Untargeted attack against federated recommendation systems via poisonous item embeddings and the defense. In Proceedings of the AAAI Conference on Artificial Intelligence. 4854-4863.
Digital Library
[16]
Anee Sharma and Ningrinla Marchang. 2024. A review on client-server attacks and defenses in federated learning. Computers & Security (2024), 103801.
[17]
C. Chronis, I. Varlamis, Y. Himeur, A. N. Sayed, T. M. Al- Hasan, A. Nhlabatsi, F. Bensaali, and G. Dimitrakopoulos. 2024. A Survey on the use of Federated Learning in Privacy-Preserving Recommender Systems. IEEE Open Journal of the Computer Society 5, (2024), 227-247.
[18]
Chuhan Wu, Fangzhao Wu, Tao Qi, Yongfeng Huang, and Xing Xie. 2022. FedAttack: Effective and covert poisoning attack on federated recommendation via hard sampling. In Proceedings of the 28th ACM SIGKDD Conference on Knowledge Discovery and Data Mining. 4164-4172.
Digital Library
[19]
Minghong Fang, Xiaoyu Cao, Jinyuan Jia, and Neil Zhenqiang Gong. 2020. Local model poisoning attacks to byzantine-robust federated learning. In Proceedings of the 29th USENIX Conference on Security Symposium. 1623-1640.
[20]
Krishna Pillutla, Sham M Kakade, and Zaid Harchaoui. 2022. Robust aggregation for federated learning. IEEE Transactions on Signal Processing 70, (2022), 1142-1154.
[21]
Yifei Zhang, Dun Zeng, Jinglong Luo, Zenglin Xu, and Irwin King. 2023. A Survey of Trustworthy Federated Learning with Perspectives on Security, Robustness and Privacy. In Companion Proceedings of the ACM Web Conference 2023. 1167-1176.
[22]
Vito Walter Anelli, Yashar Deldjoo, Tommaso DiNoia, and Felice Antonio Merra, Adversarial recommender systems: Attack, defense, and advances, in Recommender Systems Handbook. 2021, Springer. p. 335-379.
[23]
Yufeng Zhan, Jie Zhang, Zicong Hong, Leijie Wu, Peng Li, and Song Guo. 2021. A survey of incentive mechanism design for federated learning. IEEE Transactions on Emerging Topics in Computing 10, 2 (2021), 1035-1044.
[24]
Zelei Liu, Yuanyuan Chen, Yansong Zhao, Han Yu, Yang Liu, Renyi Bao, Jinpeng Jiang, Zaiqing Nie, Qian Xu, and Qiang Yang. 2022. Contribution-aware federated learning for smart healthcare. In Proceedings of the AAAI Conference on Artificial Intelligence. 12396-12404.
[25]
Lloyd S Shapley. 1953. A value for n-person games. (1953).
[26]
G. Wang, C. X. Dang, and Z. Zhou. 2019. Measure Contribution of Participants in Federated Learning. In 2019 IEEE International Conference on Big Data (Big Data). 2597-2604.
[27]
Zelei Liu, Yuanyuan Chen, Han Yu, Yang Liu, and Lizhen Cui. 2022. GTG-Shapley: Efficient and accurate participant contribution evaluation in federated learning. ACM Transactions on Intelligent Systems and Technology (TIST) 13, 4 (2022), 1-21.
Digital Library
[28]
Lingjuan Lyu, Xinyi Xu, Qian Wang, and Han Yu. 2020. Collaborative fairness in federated learning. Federated Learning: Privacy and Incentive (2020), 189-204.
[29]
Tianhao Wang, Johannes Rausch, Ce Zhang, Ruoxi Jia, and Dawn Song. 2020. A principled approach to data valuation for federated learning. Federated Learning: Privacy and Incentive (2020), 153-167.
[30]
Gang Yan, Hao Wang, and Jian Li. 2022. Seizing critical learning periods in federated learning. In Proceedings of the AAAI Conference on Artificial Intelligence. 8788-8796.
[31]
Hong-You Chen and Wei-Lun Chao. 2021. FedBE: Making Bayesian Model Ensemble Applicable to Federated Learning. In International Conference on Learning Representations.
[32]
Wesley J Maddox, Pavel Izmailov, Timur Garipov, Dmitry P Vetrov, and Andrew Gordon Wilson. 2019. A simple baseline for bayesian uncertainty in deep learning. Advances in Neural Information Processing Systems 32, (2019).
[33]
Liu Yang, Ben Tan, Vincent W Zheng, Kai Chen, and Qiang Yang. 2020. Federated recommendation systems. Federated Learning: Privacy and Incentive (2020), 225-239.
[34]
Qiang Yang, Yang Liu, Tianjian Chen, and Yongxin Tong. 2019. Federated machine learning: Concept and applications. ACM Transactions on Intelligent Systems and Technology (TIST) 10, 2 (2019), 1-19.
Digital Library
[35]
Yujie Lin, Pengjie Ren, Zhumin Chen, Zhaochun Ren, Dongxiao Yu, Jun Ma, Maarten de Rijke, and Xiuzhen Cheng. 2020. Meta matrix factorization for federated rating predictions. In Proceedings of the 43rd International ACM SIGIR Conference on Research and Development in Information Retrieval. 981-990.
Digital Library
[36]
Dazhong Rong, Qinming He, and Jianhai Chen. 2022. Poisoning Deep Learning based Recommender Model in Federated Learning Scenarios. In the Proceedings of the Thirty-First International Joint Conference on Artificial Intelligence (IJCAI-22). 2204-2210.
[37]
Di Chai, Leye Wang, Kai Chen, and Qiang Yang. 2020. Secure federated matrix factorization. IEEE Intelligent Systems 36, 5 (2020), 11-20.
[38]
Feng Liang, Weike Pan, and Zhong Ming. 2021. Fedrec++: Lossless federated recommendation with explicit feedback. In Proceedings of the AAAI conference on artificial intelligence. 4224-4231.
[39]
Shijie Zhang, Hongzhi Yin, Tong Chen, Zi Huang, Quoc Viet Hung Nguyen, and Lizhen Cui. 2022. Pipattack: Poisoning federated recommender systems for manipulating item promotion. In Proceedings of the Fifteenth ACM International Conference on Web Search and Data Mining. 1415-1423.
Digital Library
[40]
Bo Li, Yining Wang, Aarti Singh, and Yevgeniy Vorobeychik. 2016. Data poisoning attacks on factorization-based collaborative filtering. In the Conference on Neural Information Processing Systems. 1-9.
[41]
Dazhong Rong, Shuai Ye, Ruoyan Zhao, Hon Ning Yuen, Jianhai Chen, and Qinming He. 2022. Fedrecattack: Model poisoning attack to federated recommendation. In 2022 IEEE 38th International Conference on Data Engineering (ICDE). IEEE, 2643-2655.
[42]
Vale Tolpegin, Stacey Truex, Mehmet Emre Gursoy, and Ling Liu. 2020. Data poisoning attacks against federated learning systems. In Computer Security–ESORICS 2020: 25th European Symposium on Research in Computer Security, ESORICS 2020, Guildford, UK, September 14–18, 2020, Proceedings, Part I 25. Springer, 480-501.
[43]
Gilad Baruch, Moran Baruch, and Yoav Goldberg. 2019. A little is enough: Circumventing defenses for distributed learning. Advances in Neural Information Processing Systems 32, (2019).
[44]
Jingwei Sun, Ang Li, Louis DiValentin, Amin Hassanzadeh, Yiran Chen, and Hai Li. 2021. FL-WBC: Enhancing robustness against model poisoning attacks in federated learning from a client perspective. Advances in Neural Information Processing Systems 34, (2021), 12613-12624.
[45]
Peva Blanchard, El Mahdi El Mhamdi, Rachid Guerraoui, and Julien Stainer. 2017. Machine learning with adversaries: Byzantine tolerant gradient descent. In the Conference on Advances in Neural Information Processing Systems. 1-11.
[46]
Shenghui Li, Edith C-H Ngai, and Thiemo Voigt. 2023. An Experimental Study of Byzantine-Robust Aggregation Schemes in Federated Learning. IEEE Transactions on Big Data (2023).
[47]
Zaixi Zhang, Xiaoyu Cao, Jinyuan Jia, and Neil Zhenqiang Gong. 2022. FLDetector: Defending federated learning against model poisoning attacks via detecting malicious clients. In Proceedings of the 28th ACM SIGKDD Conference on Knowledge Discovery and Data Mining. 2545-2555.
Digital Library
[48]
Wei Yuan, Hongzhi Yin, Fangzhao Wu, Shijie Zhang, Tieke He, and Hao Wang. 2023. Federated unlearning for on-device recommendation. In Proceedings of the Sixteenth ACM International Conference on Web Search and Data Mining. 393-401.
Digital Library
[49]
Lingchen Zhao, Qian Wang, Qin Zou, Yan Zhang, and Yanjiao Chen. 2019. Privacy-preserving collaborative deep learning with unreliable participants. IEEE Transactions on Information Forensics and Security 15, (2019), 1486-1500.
[50]
Jiawen Kang, Zehui Xiong, Dusit Niyato, Shengli Xie, and Junshan Zhang. 2019. Incentive mechanism for reliable federated learning: A joint optimization approach to combining reputation and contract theory. IEEE Internet of Things Journal 6, 6 (2019), 10700-10714.
[51]
Jingwen Zhang, Yuezhou Wu, and Rong Pan. 2021. Incentive mechanism for horizontal federated learning based on reputation and reverse auction. In Proceedings of the Web Conference 2021. 947-956.
Digital Library
[52]
Jiasi Weng, Jian Weng, Jilian Zhang, Ming Li, Yue Zhang, and Weiqi Luo. 2019. Deepchain: Auditable and privacy-preserving deep learning with blockchain-based incentive. IEEE Transactions on Dependable and Secure Computing 18, 5 (2019), 2438-2455.
[53]
Xianglin Bao, Cheng Su, Yan Xiong, Wenchao Huang, and Yifei Hu. 2019. Flchain: A blockchain for auditable federated learning with trust and incentive. In 2019 5th International Conference on Big Data Computing and Communications (BIGCOM). IEEE, 151-159.
[54]
Lin Zhang, Lixin Fan, Yong Luo, and Ling-Yu Duan. 2022. Intrinsic Performance Influence-based Participant Contribution Estimation for Horizontal Federated Learning. ACM Transactions on Intelligent Systems and Technology (TIST) 13, 6 (2022), 1-24.
Digital Library
[55]
Qiheng Sun, Xiang Li, Jiayao Zhang, Li Xiong, Weiran Liu, Jinfei Liu, Zhan Qin, and Kui Ren. 2023. Shapleyfl: Robust federated learning based on Shapley value. In Proceedings of the 29th ACM SIGKDD Conference on Knowledge Discovery and Data Mining. 2096-2108.
Digital Library
[56]
Scott M Lundberg and Su-In Lee. 2017. A unified approach to interpreting model predictions. Advances in Neural Information Processing Systems 30, (2017).
[57]
Ian Covert and Su-In Lee. 2021. Improving kernelSHAP: Practical Shapley value estimation using linear regression. In International Conference on Artificial Intelligence and Statistics. PMLR, 3457-3465.
[58]
Xuan Wei, Zhu Zhang, Mingyue Zhang, Weiyun Chen, and Daniel Dajun Zeng. 2019. Combining crowd and machine intelligence to detect false news on social media. MIS Quarterly (2019).
[59]
Ginevra Carbone, Matthew Wicker, Luca Laurenti, Andrea Patane, Luca Bortolussi, and Guido Sanguinetti. 2020. Robustness of bayesian neural networks to gradient-based attacks. Advances in Neural Information Processing Systems 33, (2020), 15602-15613.
[60]
P Izmailov, AG Wilson, D Podoprikhin, D Vetrov, and T Garipov. 2018. Averaging weights leads to wider optima and better generalization. In 34th Conference on Uncertainty in Artificial Intelligence 2018, UAI 2018. 876-885.
[61]
Geoffrey Hinton, Oriol Vinyals, and Jeff Dean. 2015. Distilling the knowledge in a neural network. arXiv preprint arXiv:1503.02531 (2015).
[62]
F Maxwell Harper and Joseph A Konstan. 2015. The movielens datasets: History and context. Acm Transactions on Interactive Intelligent Systems (TIIS) 5, 4 (2015), 1-19.
Digital Library
[63]
Julian McAuley, Christopher Targett, Qinfeng Shi, and Anton Van Den Hengel. 2015. Image-based recommendations on styles and substitutes. In Proceedings of the 38th international ACM SIGIR Conference on Research and Development in Information Retrieval. 43-52.
Digital Library
[64]
Qinyong Wang, Hongzhi Yin, Tong Chen, Junliang Yu, Alexander Zhou, and Xiangliang Zhang. 2021. Fast-adapting and privacy-preserving federated recommender system. The VLDB Journal (2021), 1-20.
Index Terms
Defending Federated Recommender Systems Against Untargeted Attacks: A Contribution-Aware Robust Aggregation Scheme
Information systems
Information retrieval
Retrieval tasks and goals
Information systems applications
Data mining
Index terms have been assigned to the content through auto-classification.
Recommendations
- Poisoning Federated Recommender Systems with Fake Users
WWW '24: Proceedings of the ACM Web Conference 2024
Federated recommendation is a prominent use case within federated learning, yet it remains susceptible to various attacks, from user to server-side vulnerabilities. Poisoning attacks are particularly notable among user-side attacks, as participants ...
Read More
- Breaking State-of-the-Art Poisoning Defenses to Federated Learning: An Optimization-Based Attack Framework
CIKM '24: Proceedings of the 33rd ACM International Conference on Information and Knowledge Management
Federated Learning (FL) is a novel client-server distributed learning framework that can protect data privacy. However, recent works show that FL is vulnerable to poisoning attacks. Many defenses with robust aggregators (AGRs) are proposed to mitigate ...
Read More
- Poisoning Attacks to Graph-Based Recommender Systems
ACSAC '18: Proceedings of the 34th Annual Computer Security Applications Conference
Recommender system is an important component of many web services to help users locate items that match their interests. Several studies showed that recommender systems are vulnerable to poisoning attacks, in which an attacker injects fake data to a ...
Read More
Comments
Information & Contributors
Information
Published In
ACM Transactions on Knowledge Discovery from DataJust Accepted
EISSN:1556-472X
Table of Contents
Copyright © 2024 Copyright held by the owner/author(s).
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [emailprotected].
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Online AM: 28 November 2024
Accepted: 14 November 2024
Revised: 23 August 2024
Received: 24 June 2023
Check for updates
Author Tags
- Federated recommender systems
- untargeted attacks
- contribution estimation
- robust aggregation
Qualifiers
- Research-article
Contributors
Other Metrics
View Article Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
Total Citations
Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 26 Nov 2024
Other Metrics
View Author Metrics
Citations
View Options
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderLogin options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in
Full Access
Get this Article
Media
Figures
Other
Tables