Recommender system, as a data-driven way to help customers locate products that match their interests, is increasingly critical for providing competitive customer suggestions in many web services. However, recommender systems are highly vulnerable to malicious injection attacks due to their fundamental vulnerabilities and openness. With the endless emergence of new attacks, how to provide a feasible way for defending different malicious threats against online recommendations is still an under-explored issue. In this paper, we explore a new way to defend malicious injection attacks through user intention understanding and influential neighbour disclosure. Specifically, we propose a detection approach, termed <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">TBOS</i> ( <underline xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">T</u> hree <underline xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">B</u> irds with <underline xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">O</u> ne <underline xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">S</u> tone), to deal with different malicious threats. In <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">TBOS</i> , we first develop the discrimination of attack target by combining global influence evaluation and risk attitude estimation of users. In order to make <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">TBOS</i> controllable, second, we propose to incorporate an optimal denoising mechanism to remove disturbed information before detection. To enhance the representativeness and predictability of detection model, finally, we propose to leverage a behavioral label propagation mechanism based on constructed label space for the determination of malicious injection behaviors. Extensive experiments on both synthetic and real data demonstrate that <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">TBOS</i> outperforms all baselines in different cases. Particularly, the detection performance of <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">TBOS</i> can achieve an improvement of 6.08% FAR (false alarm rate) for optimal-injection attacks, an improvement of 3.83% FAR in average for co-visitation injection attacks, as well as an improvement of 2.3% for profile injection attacks over benchmarks in terms of FAR while keeping the highest DR (detection rate). Additional experiments on real-world data show that <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">TBOS</i> brings an improvement with the advantage of 6.5% FAR in average compared with baselines.
Read full abstract