Timezone: »

Data Poisoning Attacks on Factorization-Based Collaborative Filtering
Bo Li · Yining Wang · Aarti Singh · Yevgeniy Vorobeychik

Wed Dec 07 09:00 AM -- 12:30 PM (PST) @ Area 5+6+7+8 #16

Recommendation and collaborative filtering systems are important in modern information and e-commerce applications. As these systems are becoming increasingly popular in industry, their outputs could affect business decision making, introducing incentives for an adversarial party to compromise the availability or integrity of such systems. We introduce a data poisoning attack on collaborative filtering systems. We demonstrate how a powerful attacker with full knowledge of the learner can generate malicious data so as to maximize his/her malicious objectives, while at the same time mimicking normal user behaviors to avoid being detected. While the complete knowledge assumption seems extreme, it enables a robust assessment of the vulnerability of collaborative filtering schemes to highly motivated attacks. We present efficient solutions for two popular factorization-based collaborative filtering algorithms: the alternative minimization formulation and the nuclear norm minimization method. Finally, we test the effectiveness of our proposed algorithms on real-world data and discuss potential defensive strategies.

Author Information

Bo Li (Vanderbilt University)
Yining Wang (Carnegie Mellon University)
Aarti Singh (Carnegie Mellon University)
Yevgeniy Vorobeychik (Vanderbilt University)

More from the Same Authors