Go to DBLP homepageGCPA: GAN-Based Collusive Poisoning Attack in Federated Recommender Systems
Abstract: Federated Recommender Systems (FedRecs) have evolved as a privacy-preserving paradigm that facilitates distributed training of personalized recommenders without sharing user data. However, FedRecs are known to be susceptible to poisoning attacks by malicious users, who aim at promoting or demoting the exposure of target items through sending malicious updates to the central server. Meanwhile, the distribution of recommendation performance among users, called as performance fairness, could be exacerbated, which is one of the major concerns of trustworthy FedRecs. This paper proposes a novel attack method, Generative Adversarial Network (GAN)-Based Collusive Poisoning Attack (GCPA). To implement GCPA, we create a GAN-based fake user synthesis strategy that mimics behaviors and preferences of real users to generate fake users. Furthermore, we design a collusion-based fairness attack strategy that changes the exposure of items to undermine fairness. To maximize the impact on the distribution of recommendation performance, we develop an adaptive clustering algorithm to identify a subset of items that significantly contribute to the uneven distribution of recommendation performance through collusion. Extensive experiments on two datasets show that GCPA effectively increase the exposure of target items while undermining the performance fairness of FedRecs. In addition, GCPA also has strong resistance to four defense methods. Meanwhile, we provide a heuristic defense method based on gradient direction and similarity against collusive poisoning attack on FedRecs.
External IDs:dblp:journals/tkde/GuTHLCL25
Loading