Limits...
Shilling Attacks Detection in Recommender Systems Based on Target Item Analysis.

Zhou W, Wen J, Koh YS, Xiong Q, Gao M, Dobbie G, Alam S - PLoS ONE (2015)

Bottom Line: Building upon this, we also propose and evaluate a detection structure called RD-TIA for detecting shilling attacks in recommender systems using a statistical approach.In order to detect more complicated attack models, we propose a novel metric called DegSim' based on DegSim.The experimental results show that our detection model based on target item analysis is an effective approach for detecting shilling attacks.

View Article: PubMed Central - PubMed

Affiliation: College of Computer Science, Chongqing University, Chongqing, China.

ABSTRACT
Recommender systems are highly vulnerable to shilling attacks, both by individuals and groups. Attackers who introduce biased ratings in order to affect recommendations, have been shown to negatively affect collaborative filtering (CF) algorithms. Previous research focuses only on the differences between genuine profiles and attack profiles, ignoring the group characteristics in attack profiles. In this paper, we study the use of statistical metrics to detect rating patterns of attackers and group characteristics in attack profiles. Another question is that most existing detecting methods are model specific. Two metrics, Rating Deviation from Mean Agreement (RDMA) and Degree of Similarity with Top Neighbors (DegSim), are used for analyzing rating patterns between malicious profiles and genuine profiles in attack models. Building upon this, we also propose and evaluate a detection structure called RD-TIA for detecting shilling attacks in recommender systems using a statistical approach. In order to detect more complicated attack models, we propose a novel metric called DegSim' based on DegSim. The experimental results show that our detection model based on target item analysis is an effective approach for detecting shilling attacks.

No MeSH data available.


AUC value of different attack models when filler size varies using RD-TIA(b).Detecting result of different attack models when filler size varies using RD-TIA(b).
© Copyright Policy
Related In: Results  -  Collection

License
getmorefigures.php?uid=PMC4519300&req=5

pone.0130968.g013: AUC value of different attack models when filler size varies using RD-TIA(b).Detecting result of different attack models when filler size varies using RD-TIA(b).

Mentions: Sensitivity, Specificity, AUC value of the detecting results using RD-TIA(b) against five attack models are shown in Figs 11–13. We can see from the results that the specificity of all the tests is high. According to Eq (7), we know that there are only a small number of false positives in the result. There are a common characteristic in five detection results, when the filler size of attacks is greater than 3%, the sensitivity of the results gets better, which means only a small number of false negatives exist in the results by Eq (6). In Table 3, we can see that all of the datasets we use are very sparse. Metric DegSim′ does not reflect the rating distribution well when the filler size is smaller than 3%. Detecting results using RD-TIA(b) are not as good when the filler size is smaller than 3%. The experiments in this section show that our proposed method RD-TIA(b) can efficiently detect combined model attacks. The performance of detecting combined profiles is better when the filler size is greater than 3%.


Shilling Attacks Detection in Recommender Systems Based on Target Item Analysis.

Zhou W, Wen J, Koh YS, Xiong Q, Gao M, Dobbie G, Alam S - PLoS ONE (2015)

AUC value of different attack models when filler size varies using RD-TIA(b).Detecting result of different attack models when filler size varies using RD-TIA(b).
© Copyright Policy
Related In: Results  -  Collection

License
Show All Figures
getmorefigures.php?uid=PMC4519300&req=5

pone.0130968.g013: AUC value of different attack models when filler size varies using RD-TIA(b).Detecting result of different attack models when filler size varies using RD-TIA(b).
Mentions: Sensitivity, Specificity, AUC value of the detecting results using RD-TIA(b) against five attack models are shown in Figs 11–13. We can see from the results that the specificity of all the tests is high. According to Eq (7), we know that there are only a small number of false positives in the result. There are a common characteristic in five detection results, when the filler size of attacks is greater than 3%, the sensitivity of the results gets better, which means only a small number of false negatives exist in the results by Eq (6). In Table 3, we can see that all of the datasets we use are very sparse. Metric DegSim′ does not reflect the rating distribution well when the filler size is smaller than 3%. Detecting results using RD-TIA(b) are not as good when the filler size is smaller than 3%. The experiments in this section show that our proposed method RD-TIA(b) can efficiently detect combined model attacks. The performance of detecting combined profiles is better when the filler size is greater than 3%.

Bottom Line: Building upon this, we also propose and evaluate a detection structure called RD-TIA for detecting shilling attacks in recommender systems using a statistical approach.In order to detect more complicated attack models, we propose a novel metric called DegSim' based on DegSim.The experimental results show that our detection model based on target item analysis is an effective approach for detecting shilling attacks.

View Article: PubMed Central - PubMed

Affiliation: College of Computer Science, Chongqing University, Chongqing, China.

ABSTRACT
Recommender systems are highly vulnerable to shilling attacks, both by individuals and groups. Attackers who introduce biased ratings in order to affect recommendations, have been shown to negatively affect collaborative filtering (CF) algorithms. Previous research focuses only on the differences between genuine profiles and attack profiles, ignoring the group characteristics in attack profiles. In this paper, we study the use of statistical metrics to detect rating patterns of attackers and group characteristics in attack profiles. Another question is that most existing detecting methods are model specific. Two metrics, Rating Deviation from Mean Agreement (RDMA) and Degree of Similarity with Top Neighbors (DegSim), are used for analyzing rating patterns between malicious profiles and genuine profiles in attack models. Building upon this, we also propose and evaluate a detection structure called RD-TIA for detecting shilling attacks in recommender systems using a statistical approach. In order to detect more complicated attack models, we propose a novel metric called DegSim' based on DegSim. The experimental results show that our detection model based on target item analysis is an effective approach for detecting shilling attacks.

No MeSH data available.