Collaborative filtering techniques have been successfully employed in recommender systems in order to help users deal with information overload by making high quality personalized recommendations. However, such systems have been shown to be vulnerable to attacks in which malicious users with carefully chosen profiles are inserted into the system in order to push the predictions of some targeted items. In this paper we propose several metrics for analyzing rating patterns of malicious users and evaluate their potential for detecting such shilling attacks. Building upon these results, we propose and evaluate an algorithm for protecting recommender systems against shilling attacks. The algorithm can be employed for monitoring user ratings and removing shilling attacker profiles from the process of computing recommendations, thus maintaining the high quality of the recommendations.

In today’s data-rich networked world, people express many aspects of their lives online. It is common to segregate different aspects in different places: you might write opinionated rants about movies in your blog under a pseudonym while participating in a forum or web site for scholarly discussion of medical ethics under your real name. However, it may be possible to link these separate identities, because the movies, journal articles, or authors you mention are from a sparse relation space whose properties (e.g., many items related to by only a few users) allow reidentification. This re-identification violates people’s intentions to separate aspects of their life and can have negative consequences; it also may allow other privacy violations, such as obtaining a stronger identifier like name and address. This paper examines this general problem in a specific setting: reidentification of users from a public web movie forum in a private movie ratings dataset. We present three major results. First, we develop algorithms that can re-identify a large proportion of public users in a sparse relation space. Second, we evaluate whether private dataset owners can protect user privacy by hiding data; we show that this requires extensive and undesirable changes to the dataset, making it impractical. Third, we evaluate two methods for users in a public forum to protect their own privacy, suppression and misdirection. Suppression doesn’t work here either. However, we show that a simple misdirection strategy works well: mention a few popular items that you haven’t rated.

Abstract. We consider scenarios in which two parties, each in possession of a graph, wish to compute some algorithm on their joint graph in a privacy-preserving manner, that is, without leaking any information about their inputs except that revealed by the algorithm’s output. Working in the standard secure multi-party computation paradigm, we present new algorithms for privacy-preserving computation of APSD (all pairs shortest distance) and SSSD (single source shortest distance), as well as two new algorithms for privacy-preserving set union. Our algorithms are significantly more efficient than generic constructions. As in previous work on privacy-preserving data mining, we prove that our algorithms are secure provided the participants are “honest, but curious.”

Abstract. Current implementations of the Collaborative Filtering (CF) algorithm are mostly centralized and the information about users (their profiles) is stored in a single server. Centralized storage poses a severe privacy hazard, since user profiles are fully under the control of the recommendation service providers. These profiles are available to other users upon request and are transferred over the network. Recent works proposed to improve the scalability of CF by distributing the stored profiles between several repositories. In this work we investigate how a decentralized approach to users ’ profiles storage could mitigate some of the privacy concerns of CF. The privacy hazards are resolved by storing the users ’ profiles only on the client-side so they are used for computation similarity only on the client-side. Only a value indicating the similarity is transferred over the network, without revealing the profile itself. To further avoid the disclosure of the user’s profile through a series of attacks, we propose that the users hide or obfuscate parts of their profile. Experimental results show that relatively large parts of the user’s profile could be obfuscated without hampering the accuracy of the CF. 1

Abstract. Recommender systems are widely used to help deal with the problem of information overload. However, recommenders raise serious privacy and security issues. The personal information collected by recommenders raises the risk of unwanted exposure of that information. Also, malicious users can bias or sabotage the recommendations that are provided to other users. This paper raises important research questions in three topics relating to exposure and bias in recommender systems: the value and risks of the preference information shared with a recommender, the effectiveness of shilling attacks designed to bias a recommender, and the issues involved in distributed or peer-to-peer recommenders. The goal of the paper is to bring these questions to the attention of the information and communication security community, to invite their expertise in addressing them. 1

Collaborative filtering techniques are widely used by many E-commerce sites for recommendation purposes. Such techniques help customers by suggesting products to purchase using other users ’ preferences. Today’s top-recommendation schemes are based on market basket data, which shows whether a customer bought an item or not. Data collected for recommendation purposes might be split between different parties. To provide better referrals and increase mutual advantages, such parties might want to share data. Due to privacy concerns, however, they do not want to disclose data. This paper presents a scheme for binary ratings-based top-N recommendation on horizontally partitioned data, in which two parties own disjoint sets of users ’ ratings for the same items while preserving data owners ’ privacy. If data owners want to produce referrals using the combined data while preserving their privacy, we propose a scheme to provide accurate top-N recommendations without exposing data owners ’ privacy. We conducted various experiments to evaluate our scheme and analyzed how different factors affect the performance using the experiment results. 1.

Abstract not found

Privacy is an important challenge facing the growth of the Web and the propagation of various transaction models supported by it. Decentralized distributed models of computing are used to mitigate privacy breaches by eliminating a single point of failure. However, end-users can still be attacked in order to discover their private information. This work proposes using distributed hierarchical neighborhood formation in the CF algorithm to reduce this privacy hazard. It enables accurate CF recommendations, while allowing an attacker to learn at most the cumulative statistics of a large set of users. Our approach is evaluated on a number of widely-used CF datasets. Experimental results demonstrate that relatively large parts of the user profile can be obfuscated while a reasonable accuracy of the generated recommendations is still retained. Furthermore, only a small subset of users may be required for generating accurate recommendations, suggesting that the proposed approach is scalable.

Privacy concerns have become an important issue in data mining. A popular way to preserve privacy is to randomize the dataset to be mined in a systematic way and mine the randomized dataset instead. On the other hand, people usually have different privacy concerns for different attributes in data. E.g., in survey data, the sensitivity of questions varies. Appropriate use of this information can lead to more accurate data mining results. However, this information has not been fully utilized by many privacy preserving association rule mining algorithms. In this paper, we generalize the privacy preserving association rule mining problem by allowing different attributes to have different levels of privacy, that is, using different randomization factors for values of different attributes in the randomization process. We also propose an efficient algorithm RE (Recursive Estimation) to estimate the support of itemsets under this framework. Both theoretical and empirical results show that the use of non-uniform randomization factors improves the accuracy of the support estimates, compared to the use of one conservative randomization factor.

To appear in Constantinos Mourlas and Panagiotis Germanakos, eds.: Intelligent User Interfaces: