Go to DBLP homepageNot One Less: Exploring Interplay between User Profiles and Items in Untargeted Attacks against Federated Recommendation
Abstract: Federated recommendation (FR) is a decentralised approach to training personalised recommender systems, protecting users' privacy by avoiding data collection. Despite its privacy advantages, FR remains vulnerable to poisoning attacks. We focus on untargeted poisoning attacks against FR which degrade the overall performance of recommender services, leading to a detrimental impact on user experience and service quality. In this paper, we propose a general framework to formalise untargeted attacks and identify the vital role played by the interplay between items and user profiles in determining FR's performance. We present an untargeted attack FRecAttack2 which exploits this interplay. Specifically, we develop various methods for sampling user profiles, which approximate user distributions with and without collusion among malicious users. Then we leverage a new measurement to identify items that can disrupt the original interplay with user profiles, based on the change velocity of items' recommendation scores during optimisation. Extensive experiments demonstrate the superiority of our attack, outperforming existing methods by up to 27.56%, and its stealthiness in evading mainstream defences. To counteract untargeted attacks, we present a defence GuardCQ to detect malicious users by quantifying their contribution to boost the right interplay between items and user profiles. Empirical results show that GuardCQ effectively mitigates the attack's impact on FR and enhances the robustness of FR against poisoning attacks.
Loading