Data Leakage via Access Patterns of Sparse Features in Deep Learning-based Recommendation Systems

by   Hanieh Hashemi, et al.

Online personalized recommendation services are generally hosted in the cloud where users query the cloud-based model to receive recommended input such as merchandise of interest or news feed. State-of-the-art recommendation models rely on sparse and dense features to represent users' profile information and the items they interact with. Although sparse features account for 99 total model size, there was not enough attention paid to the potential information leakage through sparse features. These sparse features are employed to track users' behavior, e.g., their click history, object interactions, etc., potentially carrying each user's private information. Sparse features are represented as learned embedding vectors that are stored in large tables, and personalized recommendation is performed by using a specific user's sparse feature to index through the tables. Even with recently-proposed methods that hides the computation happening in the cloud, an attacker in the cloud may be able to still track the access patterns to the embedding tables. This paper explores the private information that may be learned by tracking a recommendation model's sparse feature access patterns. We first characterize the types of attacks that can be carried out on sparse features in recommendation models in an untrusted cloud, followed by a demonstration of how each of these attacks leads to extracting users' private information or tracking users by their behavior over time.


page 1

page 6


Privacy-Aware Recommendation with Private-Attribute Protection using Adversarial Learning

Recommendation is one of the critical applications that helps users find...

Joint Text Embedding for Personalized Content-based Recommendation

Learning a good representation of text is key to many recommendation app...

Graph Neural News Recommendation with Long-term and Short-term Interest Modeling

With the information explosion of news articles, personalized news recom...

Look Ahead ORAM: Obfuscating Addresses in Recommendation Model Training

In the cloud computing era, data privacy is a critical concern. Memory a...

No Video Left Behind: A Utility-Preserving Obfuscation Approach for YouTube Recommendations

Online content platforms optimize engagement by providing personalized r...

Neuro-Symbolic Recommendation Model based on Logic Query

A recommendation system assists users in finding items that are relevant...

Saec: Similarity-Aware Embedding Compression in Recommendation Systems

Production recommendation systems rely on embedding methods to represent...

Please sign up or login with your details

Forgot password? Click here to reset