Abstract
The recommendation systems used to form a news feed in social networks or to create recommendation lists on content websites or Internet stores are often exposed to information profile injection attacks. These attacks are aimed at changing ratings, and thus at changing the frequency of appearing in recommendations, certain objects of a system. This can lead to threats to users’ information security and losses of the system owners. There are methods to detect attacks in recommendation systems, but they require permanent repetitive checks of all users’ profiles, which is a rather resource-intensive operation. At the same time, these methods do not contain any proposals as for determining the optimal frequency of attack checks. However, a properly chosen frequency of such checks will not overload a system too much and, at the same time, will provide an adequate level of its operational security. A mathematical model of the dynamics of states of a recommendation system under conditions of an information attack with the use of the mathematical apparatus of Markovian and semi-Markovian processes was developed. The developed model makes it possible to study the influence of profile injection attacks on recommendation systems, in particular, on their operation efficiency and amount of costs to ensure their information security. The practical application of the developed model enables calculating for recommendation systems the optimum frequency of information attack check, taking into consideration the damage from such attacks and costs of permanent inspections. Based on the developed mathematical model, the method for determining total costs of a recommendation system as a result of monitoring its own information security, neutralization of bot-networks activity and as a result of information attacks was proposed. A method for determining the optimal frequency of checking a recommendation system for information attacks to optimize the overall costs of a system was developed. The application of this method will enable the owners of websites with recommendation systems to minimize their financial costs to provide their information security
Highlights
Recommendation systems are increasingly often used on various web-resources and are becoming their important part, as well as search sub-systems, sometimes complementing them, and sometimes creating an alternative to them [1, 2]
Based on the conducted research, we developed the mathematical model of the dynamics of states of a recommendation system under conditions of information attacks (Fig. 3, formulas (1) to (5)), which is original in comparison with the well-known models of recommendation systems [1, 2, 4, 18,19,20,21,22,23]
It was proposed to divide the problem of protection of a recommendation system from information profile injection attacks into two parts: attack detection and detection and neutralization of bots’ profiles
Summary
Recommendation systems are increasingly often used on various web-resources and are becoming their important part, as well as search sub-systems, sometimes complementing them, and sometimes creating an alternative to them [1, 2]. By making a successful attack on the recommendation system of a social network, one can change the content and order of showing the objects in news feeds to the system’s users. This can be used for marketing, political, or fraudulent purposes. The main type of information attacks on recommendation systems is the profile injection attacks [7,8,9] These attacks are aimed at changing ratings, and at changing the frequency of showing certain objects of a system. Its solution will minimize the costs of providing information security for recommendation systems while maintaining its sufficient level
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: Eastern-European Journal of Enterprise Technologies
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
