On the Detection of Shilling Attacks in Federated Collaborative Filtering

Abstract

Federated collaborative filtering (Fed-CF) is a variant of federated learning (FL) models, which can protect user privacy in recommender systems. In Fed-CF, the recommendation model is collectively trained across multiple decentralized clients by exchanging gradients only. However, the decentralized nature of Fed-CF makes it vulnerable to shilling attacks, which can be realized by inserting fake ratings of target items to distort recommendation results. Unfortunately, previous detection algorithms cannot work well in the FL framework, as all original data samples are not disclosed at all. In this paper, we are the first to systematically study the problem of shilling attacks in the context of federated learning, and propose an effective detection method called Federated Shilling Attack Detector (FSAD) to detect shilling attackers in Fed-CF. We first show the feasibility of shilling attacks in Fed-CF. Next, we dedicatedly design four novel features based on exchanged gradients among clients. By incorporating these gradient-based features, we train a semi-supervised Bayes classifier to identify shilling attackers effectively. Finally, we conduct extensive experiments based on real-world datasets to evaluate the performance of our proposed FSAD method. The experimental results show that FSAD can detect shilling attackers in Fed-CF with high accuracy, with the F1 value as high as 0.90 on the Netflix dataset, which approaches the performance of the optimal detector that utilizes complete private user information for detection.