Untargeted Attack against Federated Recommendation Systems via Poisonous Item Embeddings and the Defense

by   Yang Yu, et al.

Federated recommendation (FedRec) can train personalized recommenders without collecting user data, but the decentralized nature makes it susceptible to poisoning attacks. Most previous studies focus on the targeted attack to promote certain items, while the untargeted attack that aims to degrade the overall performance of the FedRec system remains less explored. In fact, untargeted attacks can disrupt the user experience and bring severe financial loss to the service provider. However, existing untargeted attack methods are either inapplicable or ineffective against FedRec systems. In this paper, we delve into the untargeted attack and its defense for FedRec systems. (i) We propose ClusterAttack, a novel untargeted attack method. It uploads poisonous gradients that converge the item embeddings into several dense clusters, which make the recommender generate similar scores for these items in the same cluster and perturb the ranking order. (ii) We propose a uniformity-based defense mechanism (UNION) to protect FedRec systems from such attacks. We design a contrastive learning task that regularizes the item embeddings toward a uniform distribution. Then the server filters out these malicious gradients by estimating the uniformity of updated item embeddings. Experiments on two public datasets show that ClusterAttack can effectively degrade the performance of FedRec systems while circumventing many defense methods, and UNION can improve the resistance of the system against various untargeted attacks, including our ClusterAttack.


FedAttack: Effective and Covert Poisoning Attack on Federated Recommendation via Hard Sampling

Federated learning (FL) is a feasible technique to learn personalized re...

PipAttack: Poisoning Federated Recommender Systems forManipulating Item Promotion

Due to the growing privacy concerns, decentralization emerges rapidly in...

Defending Substitution-Based Profile Pollution Attacks on Sequential Recommenders

While sequential recommender systems achieve significant improvements on...

Manipulating Federated Recommender Systems: Poisoning with Synthetic Users and Its Countermeasures

Federated Recommender Systems (FedRecs) are considered privacy-preservin...

Federated Recommendation with Additive Personalization

With rising concerns about privacy, developing recommendation systems in...

Evaluating Impact of User-Cluster Targeted Attacks in Matrix Factorisation Recommenders

In practice, users of a Recommender System (RS) fall into a few clusters...

FedRecAttack: Model Poisoning Attack to Federated Recommendation

Federated Recommendation (FR) has received considerable popularity and a...

Please sign up or login with your details

Forgot password? Click here to reset