Study Of User Profile Injection Attack Detection In Collaborative Filtering Recommender System

Collaborative filtering recommender is one of the most successful recommender systemsbeing used by many e-commerce companies. The basic idea of collaborative filteringrecommenders is to find the K most similar users for the target user based to his/herpreferences using the K nearest neighbor method. The preferences of these K most similarusers are used to make recommendation to the target user.A collaborative filtering recommender system is vulnerable to attacks by malicious userssince anyone can participate to the system freely. For the user profile injection attack, the fakeuser profiles created by malicious users cause the recommender system makes biasedrecommendations. The malicious users gain benefits by manipulating the system. How toensure the safety of recommender systems become a critical problem. In this thesis, makestudy of the supervised learning based attack detection method for recommender systems.There are four major contributions:(1) Supervised learning based detection methods use detection attributes as featureconstruction methods. Four new features are proposed to capture the useful characteristics ofusers: Mean Time Interval (MTI), Weighted User Rating Distribute (WURD), User SimilarityDistribute Center (USDC) and Common Ratings Deviation (CRD). Moreover, an improvedWeighted Degree of Similarity with Top-N Neighbors is also introduced. Experimental resultsshow that the system with the five proposed attack detection attributes have better detectionability in term of accuracy.(2) There are two factors affecting the accuracy of attack detection systems: the filler sizeand the select filler ratio. The filler size means the proportion of rated items to all items, whilethe select filler ratio means the selected items to filler items. Experimental studies have beenperformed to analyze the influence of these two factors to the detection system with differentclassifiers. Experimental results show that lower filler size attack profiles are harder to detectthan higher filler size attack profiles and filler ratio does not give an obvious influence todetection performance.(3) Localized Generalization Error Model (L-GEM) evaluates the localizedgeneralization ability of a classifier and has been used a classifier selection criterion to select a classifier with higher generalization ability. Experimental results show the classifiersselected by L-GEM achieve higher accuracies.(4) The detection of user profile injection attack in collaborative filtering recommendersystems has been studied in adversarial learning environment. In adversarial learning, theadversary camouflages malicious samples to evade the classifier. One of the objectives inadversarial learning is to build a more robust classifier which has a less performance declinewhen the adversary increases attack strength. The user profile injection attack in adversariallearning environment is discussed. The adversarial user profile injection attack is simulated inexperiments. Moreover, the experimental study on the robustness of the classifiers selected byL-GEM is given.