SCIENTIA SINICA Informationis, Volume 48, Issue 2: 177-186(2018) https://doi.org/10.1360/N112017-00112

Unorganized malicious attacks detection

More info
  • ReceivedMay 16, 2017
  • AcceptedMay 31, 2017
  • PublishedJan 15, 2018


Recommender system has attracted much attention during the past decade. However, collaborative filtering as a usual technique is vulnerable to malicious attacks that generate fake profiles to manipulate the system. Prior research has shown that attacks can significantly affect the robustness of the systems. Thus, many attack detection algorithms have been developed for better recommendation. Most previous approaches focus on organized malicious attacks, where the attack organizer fakes many user profiles using the same strategy to promote or demote an item. In this study, we analyze a different attack style: unorganized malicious attacks, where attackers fake a small number of user profiles to attack the same target item without any organizer. This attack style occurs in many real applications, which can significantly affect the robustness of a recommender system, yet relevant studies are inadequate. We conduct extensive experiments to study the performance of state-of-the-art attack detection approaches in unorganized malicious attack detection and discuss different approaches regarding their performance. Experimental results show that existing attack detection approaches cannot detect unorganized malicious attacks efficiently. By explaining the inefficiency of these attack detection approaches and the characteristics of unorganized malicious attacks in detail, we provide a possible research direction to develop new detection schemes for unorganized malicious attack detection.

Funded by



[1] Bresler G, Chen G, Shah D. A latent source model for online collaborative filtering. In: Proceedings of the 28th Advances in Neural Information Processing Systems, Montreal, 2014. 3347--3355. Google Scholar

[2] Li B, Yang Q, Xue G R. Transfer learning for collaborative filtering via a rating-matrix generative model. In: Proceedings of the 26th International Conference on Machine Learning, Montreal, 2009. 617--624. Google Scholar

[3] Rao N, Yu H F, Ravikumar P, et al. Collaborative filtering with graph information: consistency and scalable methods. In: Proceedings of the 29th Advances in Neural Information Processing Systems, Montreal, 2015. 2098--2106. Google Scholar

[4] Gunes I, Kaleli C, Bilge A, et al. Shilling attacks against recommender systems: a comprehensive survey. Artif Intell Rev, 2014, 42: 767--799. Google Scholar

[5] Ling G, King I, Lyu M R. A unified framework for reputation estimation in online rating systems. In: Proceedings of the 23rd International Joint Conference on Artificial Intelligence, Beijing, 2013. 2670--2676. Google Scholar

[6] Hurley N J, Cheng Z P, Zhang M. Statistical attack detection. In: Proceedings of the 3rd ACM Conference on Recommender Systems, New York, 2009. 149--156. Google Scholar

[7] Mehta B. Unsupervised shilling detection for collaborative filtering. In: Proceedings of the 22nd International Conference on Artificial Intelligence, Vancouver, 2007. 1402--1407. Google Scholar

[8] Goldberg D, Nichols D, Oki B M, et al. Using collaborative filtering to weave an information tapestry. Commun ACM, 1992, 35: 61--70. Google Scholar

[9] Singhal A. Modern information retrieval: a brief overview. IEEE Data Eng Bull, 2001, 24: 35--43. Google Scholar

[10] Adomavicius G, Singhal A. Toward the next generation of recommender systems: a survey of the state-of-the-art and possible extensions. IEEE Trans Knowl Data Eng, 2005, 17: 734--749. Google Scholar

[11] Zhang J Y, Pu P. A recursive prediction algorithm for collaborative filtering recommender systems. In: Proceedings of the 1st ACM Conference on Recommender Systems, Minneapolis, 2007. 57--64. Google Scholar

[12] Deshpande M, Karypis G. Item-based top-n recommendation algorithms. ACM Trans Inf Syst, 2004, 22: 143--177. Google Scholar

[13] Ekstrand M D, Riedl J T, Konstan J A. Collaborative filtering recommender systems. Found Trends Human-Comput Interact, 2011, 4: 81--173. Google Scholar

[14] Kleinberg J, Sandler M. Using mixture models for collaborative filtering. J Comput Syst Sci, 2008, 74: 49--69. Google Scholar

[15] Salakhutdinov R, Mnih A. Bayesian probabilistic matrix factorization using markov chain monte carlo. In: Proceedings of the 25th International Conference on Machine Learning, Helsinki, 2008. 880--887. Google Scholar

[16] Salakhutdinov R, Mnih A, Hinton G. Restricted boltzmann machines for collaborative filtering. In: Proceedings of the 24th International Conference on Machine Learning, Corvallis, 2007. 791--798. Google Scholar

[17] Mobasher B, Burke R, Bhaumik R, et al. Attacks and remedies in collaborative recommendation. Intell Syst, 2009, 22: 56--63. Google Scholar

[18] Bhaumik R, Mobasher B, Burke R D. A clustering approach to unsupervised attack detection in collaborative recommender systems. In: Proceedings of the 7th International Conference on Data Mining, Vancouver, 2011. 181--187. Google Scholar

[19] Bryan K, OMahony M, Cunningham P. Unsupervised retrieval of attack profiles in collaborative recommender systems. In: Proceedings of the 2nd ACM Conference on Recommender Systems, Lausanne, 2008. 155--162. Google Scholar

[20] Mehta B, Nejdl W. Unsupervised strategies for shilling detection and robust collaborative filtering. User Model User-Adapted Interact, 2009, 19: 65--97. Google Scholar

[21] Bhaumik R, Williams C, Mobasher B, et al. Securing collaborative filtering against malicious attacks through anomaly detection. In: Proceedings of the 4th Workshop on Intelligent Techniques for Web Personalization, Boston, 2006. Google Scholar

[22] Lam S K, Riedl J. Shilling recommender systems for fun and profit. In: Proceedings of the 13th International Conference on World Wide Web, New York, 2004. 393--402. Google Scholar

[23] Candes E J, Li X D, Ma Y, et al. Robust principal component analysis? J ACM, 2011, 58: 1--37. Google Scholar

[24] Pang M, Gao W, Tao M, et al. Unorganized malicious attacks detection,. arXiv Google Scholar

  • Figure 1

    General form of an attack profile

  • Figure 2

    (Color online) Effectiveness of unorganized malicious attacks. (a) Prediction shift; (b) hits

  • Figure 3

    (Color online) Detection (a) precision and (b) recall on MovieLens 100K under unorganized malicious attacks. The spam ratio varies from 0.02 to 0.2

  • Table 1   Detection precision, recall and $F1$ on MovieLens under unorganized malicious attacks based on traditional strategies
    MovieLens 100 KMovieLens 1 M
    $P$ $R$ $F$1 $P$ $R$ $F$1
  • Table 2   Detection precision, recall and $F1$ on MovieLens which are under general unorganized malicious attacks
    MovieLens 100 KMovieLens 1 M
    $P$ $R$ $F$1 $P$ $R$ $F$1
  • Table 3   Detection precision, recall and $F1$ compared with other algorithms on dataset Douban 10 K
    RPCA N-P k-means PCAVarSel MF-based

Copyright 2019 Science China Press Co., Ltd. 《中国科学》杂志社有限责任公司 版权所有