Cryptography Reference
In-Depth Information
In this work, we are primarily concerned with security issues of collaborative
recommender system. Besides addressing the above challenges, our system can be
able to make accurate predictions in the presence of shilling attacks, and be
effectively applied in fast-growing mobile applications as well.
2.3 Attack Types: Profile Injection Attacks (Shilling Attacks)
An
attack type
is an approach to constructing attack profiles, based on knowledge
about the recommender system, its rating database, its products, and/or its users [11].
The set of
filler items
represents a group of selected items in the database that are
assigned ratings within the attack profile. Attack types can be characterized according
to the manner in which they choose filler items, and the way that specific ratings are
assigned.
The profile injection attacks can be classified in two basic categories called
push
attacks and
nuke
attacks [10]. Since shilling profiles looks very similar to an authentic
user, it is a difficult task to correctly identify such profiles.
For each of the attack types, it is assumed the objective of the attack is to
push
or
nuke
the recommendations that are made for one particular target item. This item is
always included in attack profiles and is assigned the maximum rating (r
max
) to
promote the item or minimum rating (r
min
) to demote the item as push or nuke attacks,
respectively.
Table 1.
Push Attack and Nuke Attack Profiles
Push Attack Profile
Nuke Attack Profile
item
1
item
2
….. item
m-1
target
item
1
item
2
….. item
m-1
target
r
1
r
2
…..
r
m-1
r
max
r
1
r
2
…..
r
m-1
r
min
The form of push attack and nuke attack profiles is shown in table 1. An attack
profile consists of a
m
-dimensional vector of ratings, where
m
is the total number of
items in the system. The rating given to the pushed item,
target
, is r
max
and is the
maximum allowable rating value and the nuke item, target, is r
min
, the minimum
allowable rating value. The ratings r
1
through r
m-1
are assigned to the corresponding
items according to the specific attack model. In our system, the average attack model
is used to fill the rating of other items.
The remaining items for attacks profiles are selected for the different attack model
as random attack, average attack, bandwagon attack and favorite item attack
(consistency or segmented attack). Due to the space limitation, only the average
attack model is described.
Average Attack:
Filler items are selected uniformly at random from the system item
set. Ratings for filler items are assigned based on a more specific knowledge of the
domain. In this case, filler items are rated randomly on a normal distribution with
mean equal to the average rating of the item being rated and with the standard
deviation [2].
Search WWH ::
Custom Search