Go to DBLP homepageTowards Detection-Recovery Strategy for Robust Decentralized Matrix Factorization
Abstract: Decentralized matrix factorization (DMF) has emerged as a prominent technique for handling large-scale matrix completion tasks, such as those encountered in commercial recommender systems and social network analysis. Despite its effectiveness and efficiency, the decentralized structure renders it vulnerable to model tampering attacks. Due to the unique parameter passing scheme of DMF, we reveal that even a minimal number of malicious workers can rapidly propagate adverse impacts throughout the model and cause significant damage. Even worse, the scale of DMF nomadic parameters (over 10 billion) poses considerable challenges when employing current centralized aggregation-based methods to defend against such attacks. To tackle these challenges, we present a completely decentralized defense framework that runs independently on each worker featuring two main modules: the decentralized detection scheme based on the extreme value theory and a recovery algorithm repairing the corrupted parameters. Extensive empirical results of three state-of-the-art attacks including the data poisoning attack, adversarial attack, and random attack on three datasets (Movielens, Netflix, and Yahoo Music) prove the effectiveness of our framework, e.g., there is no performance degradation even when in scenarios with up to \(80\%\) malicious workers in the peer-to-peer (P2P) network.
Loading