Interaction-level Membership Inference Attack Against Federated Recommender Systems

by   Wei Yuan, et al.
Shandong University
Griffith University
The University of Queensland

The marriage of federated learning and recommender system (FedRec) has been widely used to address the growing data privacy concerns in personalized recommendation services. In FedRecs, users' attribute information and behavior data (i.e., user-item interaction data) are kept locally on their personal devices, therefore, it is considered a fairly secure approach to protect user privacy. As a result, the privacy issue of FedRecs is rarely explored. Unfortunately, several recent studies reveal that FedRecs are vulnerable to user attribute inference attacks, highlighting the privacy concerns of FedRecs. In this paper, we further investigate the privacy problem of user behavior data (i.e., user-item interactions) in FedRecs. Specifically, we perform the first systematic study on interaction-level membership inference attacks on FedRecs. An interaction-level membership inference attacker is first designed, and then the classical privacy protection mechanism, Local Differential Privacy (LDP), is adopted to defend against the membership inference attack. Unfortunately, the empirical analysis shows that LDP is not effective against such new attacks unless the recommendation performance is largely compromised. To mitigate the interaction-level membership attack threats, we design a simple yet effective defense method to significantly reduce the attacker's inference accuracy without losing recommendation performance. Extensive experiments are conducted with two widely used FedRecs (Fed-NCF and Fed-LightGCN) on three real-world recommendation datasets (MovieLens-100K, Steam-200K, and Amazon Cell Phone), and the experimental results show the effectiveness of our solutions.


page 7

page 8

page 10


Comprehensive Privacy Analysis on Federated Recommender System against Attribute Inference Attacks

In recent years, recommender systems are crucially important for the del...

PipAttack: Poisoning Federated Recommender Systems forManipulating Item Promotion

Due to the growing privacy concerns, decentralization emerges rapidly in...

Debiasing Learning for Membership Inference Attacks Against Recommender Systems

Learned recommender systems may inadvertently leak information about the...

Membership Inference Attacks Against Recommender Systems

Recently, recommender systems have achieved promising performances and b...

Manipulating Visually-aware Federated Recommender Systems and Its Countermeasures

Federated recommender systems (FedRecs) have been widely explored recent...

Privacy-Aware Recommendation with Private-Attribute Protection using Adversarial Learning

Recommendation is one of the critical applications that helps users find...

Federated Unlearning for On-Device Recommendation

The increasing data privacy concerns in recommendation systems have made...

Please sign up or login with your details

Forgot password? Click here to reset