Advertisement

Artificial Intelligence Review

, Volume 42, Issue 4, pp 767–799 | Cite as

Shilling attacks against recommender systems: a comprehensive survey

  • Ihsan Gunes
  • Cihan Kaleli
  • Alper Bilge
  • Huseyin Polat
Article

Abstract

Online vendors employ collaborative filtering algorithms to provide recommendations to their customers so that they can increase their sales and profits. Although recommendation schemes are successful in e-commerce sites, they are vulnerable to shilling or profile injection attacks. On one hand, online shopping sites utilize collaborative filtering schemes to enhance their competitive edge over other companies. On the other hand, malicious users and/or competing vendors might decide to insert fake profiles into the user-item matrices in such a way so that they can affect the predicted ratings on behalf of their advantages. In the past decade, various studies have been conducted to scrutinize different shilling attacks strategies, profile injection attack types, shilling attack detection schemes, robust algorithms proposed to overcome such attacks, and evaluate them with respect to accuracy, cost/benefit, and overall performance. Due to their popularity and importance, we survey about shilling attacks in collaborative filtering algorithms. Giving an overall picture about various shilling attack types by introducing new classification attributes is imperative for further research. Explaining shilling attack detection schemes in detail and robust algorithms proposed so far might open a lead to develop new detection schemes and enhance such robust algorithms further, even propose new ones. Thus, we describe various attack types and introduce new dimensions for attack classification. Detailed description of the proposed detection and robust recommendation algorithms are given. Moreover, we briefly explain evaluation of the proposed schemes. We conclude the paper by discussing various open questions.

Keywords

Shilling Profile injection Push/nuke attacks Collaborative filtering Robustness Attack detection 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. ACM (1992) Special issue on information filtering. Commun ACM 35(12)Google Scholar
  2. Bhaumik R, Williams CA, Mobasher B, Burke RD (2006) Securing collaborative filtering against malicious attacks through anomaly detection. In: Proceedings of the 4th workshop on intelligent techniques for web personalization, Boston, MAGoogle Scholar
  3. Bhaumik R, Burke RD, Mobasher B (2007a) Effectiveness of crawling attacks against web-based recommender systems. In: Proceedings of the 5th workshop on intelligent techniques for web personalization, Vancouver, BC, Canada, pp 17–26Google Scholar
  4. Bhaumik R, Burke RD, Mobasher B (2007b) Crawling attacks against web-based recommender systems. In: Proceedings of the international conference on data mining, Las Vegas, NV, USA, pp 183–189Google Scholar
  5. Bhaumik R, Mobasher B, Burke RD (2011) A clustering approach to unsupervised attack detection in collaborative recommender systems. In: Proceedings of the 7th IEEE international conference on data mining, Las Vegas, NV, USA, pp 181–187Google Scholar
  6. Breese JS, Heckerman D, Kadie K (1998) Empirical analysis of predictive algorithms for collaborative filtering. In: Proceedings of the 14th conference on uncertainty in artificial intelligence, Madison, WI, USA, pp 43–52Google Scholar
  7. Bryan K, O’Mahony MP, Cunningham P (2008) Unsupervised retrieval of attack profiles in collaborative recommender systems. In: Proceedings of the 2nd ACM international conference on recommender systems, Lausanne, Switzerland, pp 155–162Google Scholar
  8. Burke RD, Mobasher B, Zabicki R, Bhaumik R (2005a) Identifying attack models for secure recommendation. In: Proceedings of the WebKDD workshop on the next generation of recommender systems research, San Diego, CA, USA, pp 19–25Google Scholar
  9. Burke RD, Mobasher B, Bhaumik R (2005b) Limited knowledge shilling attacks in collaborative filtering systems. In: Proceedings of workshop on intelligent techniques for web personalization, Edinburgh, UKGoogle Scholar
  10. Burke RD, Mobasher B, Bhaumik R, Williams CA (2005c) Segment-based injection attacks against collaborative filtering recommender systems. In: Proceedings of the 5th IEEE international conference on data mining, Houston, TX, USA, pp 577–580Google Scholar
  11. Burke RD, Mobasher B, Bhaumik R, Williams CA (2005d) Collaborative recommendation vulnerability to focused bias injection attacks. In: Proceedings of the Workshop on privacy and security aspects of data mining, Houston, TX, USA, pp 35–43Google Scholar
  12. Burke RD, Mobasher B, Williams CA, Bhaumik R (2006a) Classification features for attack detection in collaborative recommender systems. In: Proceedings of the 12th ACM SIGKDD international conference on knowledge discovery and data mining, Philadelphia, PA, USA, pp 542–547Google Scholar
  13. Burke RD, Mobasher B, Williams CA, Bhaumik R (2006b) Detecting profile injection attacks in collaborative recommender systems. In: Proceedings of the 8th IEEE conference on e-commerce technology, San Francisco, CA, USA, pp 23–30Google Scholar
  14. Burke RD, O’Mahony MP, Hurley NJ (2011) Robust collaborative recommendation. In: Ricci F, Rokach L, Shapira B, Kantor PB (eds) Recommender systems handbook. Springer, New York, pp 805–835CrossRefGoogle Scholar
  15. Cheng Z, Hurley NJ (2009a) Robustness analysis of model-based collaborative filtering systems. Lect Notes Comput Sci 6206: 3–15CrossRefGoogle Scholar
  16. Cheng Z, Hurley NJ (2009b) Effective diverse and obfuscated attacks on model-based recommender systems. In: Proceedings of the 3rd ACM international conference on recommender systems, New York, NY, USA, pp 141–148Google Scholar
  17. Cheng Z, Hurley NJ (2009c) Trading robustness for privacy in decentralized recommender systems. In: Proceedings of the 31st conference on innovative applications of artificial intelligence, Pasadena, CA, USA, pp 79–84Google Scholar
  18. Cheng Z, Hurley NJ (2010a) Analysis of robustness in trust-based recommender systems. In: Proceedings of the 9th conference on adaptivity, personalization and fusion of heterogeneous information, Paris, France, pp 114–121Google Scholar
  19. Cheng Z, Hurley NJ (2010b) Robust collaborative recommendation by least trimmed squares matrix factorization. In: Proceedings of the 22nd IEEE international conference on tools with artificial intelligence, Arras, France, pp 105–112Google Scholar
  20. Chirita PA, Nejdl W, Zamfir C (2005) Preventing shilling attacks in online recommender systems. In: Proceedings of the 7th annual ACM international workshop on web information and data management, Bremen, Germany, pp 67–74Google Scholar
  21. Dellarocas C (2000) Immunizing online reputation reporting systems against unfair ratings and discriminatory behavior. In: Proceedings of the 2nd ACM conference on electronic commerce, Minneapolis, MN, USA, pp 150–157Google Scholar
  22. Goldberg D, Nichols D, Oki BM (1992) Using collaborative filtering to weave an information tapestry. Commun ACM 35(12): 61–70CrossRefGoogle Scholar
  23. He F, Wang X, Liu B (2010) Attack detection by rough set theory in recommendation system. In: Proceedings of the IEEE international conference on granular computing, San Jose, CA, USA, pp 692–695Google Scholar
  24. Herlocker JL, Konstan JA, Terveen LG, Riedl JT (2004) Evaluating collaborative filtering recommender systems. ACM Trans Inf Syst 22(1): 5–53CrossRefGoogle Scholar
  25. Hurley NJ, O’Mahony MP, Silvestre GCM (2007) Attacking recommender systems: a cost-benefit analysis. IEEE Intell Syst 22(3): 64–68CrossRefGoogle Scholar
  26. Hurley NJ, Cheng Z, Zhang M (2009) Statistical attack detection. In: Proceedings of the 3rd ACM international conference on recommender systems, New York, NY, USA, pp 149–156Google Scholar
  27. Ji AT, Yeon C, Kim HN, Jo GS (2007) Distributed collaborative filtering for robust recommendations against shilling attacks. Lect Notes Comput Sci 4509: 14–25CrossRefMathSciNetGoogle Scholar
  28. Lam SK, Riedl JT (2004) Shilling recommender systems for fun and profit. In: Proceedings of the 13th international conference on world wide web, New York, NY, USA, pp 393–402Google Scholar
  29. Lam SK, Riedl JT (2005) Privacy, shilling, and the value of information in recommender systems. In: Proceedings of the user modeling workshop on privacy-enhanced personalization, Edinburgh, UK, pp 85–92Google Scholar
  30. Lam SK, Frankowski D, Riedl JT (2006) Do you trust your recommendations? An exploration of security and privacy issues in recommender systems. Lect Notes Comput Sci 3995: 14–29CrossRefGoogle Scholar
  31. Lang J, Spear M, Wu SF (2010) Social manipulation of online recommender systems. Lect Notes Comput Sci 6430: 125–139CrossRefGoogle Scholar
  32. Li C, Luo Z (2011) Detection of shilling attacks in collaborative filtering recommender systems. In: Proceedings of the international conference of soft computing and pattern recognition, Dalian, China, pp 190–193Google Scholar
  33. Long Q, Hu Q (2010) Robust evaluation of binary collaborative recommendation under profile injection attack. In: Proceedings of the IEEE international conference on progress in informatics and computing, Shanghai, China, pp 1246–1250Google Scholar
  34. Massa P, Avesani P (2007) Trust-aware recommender systems. In: Proceedings of the 1st ACM international conference on recommender systems, Minneapolis, MN, USA, pp 17–24Google Scholar
  35. Mehta B (2007) Unsupervised shilling detection for collaborative filtering. In: Proceedings of the 22nd international conference on artificial intelligence, Vancouver, BC, Canada, pp 1402–1407Google Scholar
  36. Mehta B, Hofmann T (2008) A survey of attack-resistant collaborative filtering algorithms. IEEE Data Eng Bull 31(2): 14–22Google Scholar
  37. Mehta B, Nejdl W (2008) Attack resistant collaborative filtering. In: Proceedings of the 31st annual international ACM SIGIR conference on research and development in information retrieval, Singapore, pp 75–82Google Scholar
  38. Mehta B, Nejdl W (2009) Unsupervised strategies for shilling detection and robust collaborative filtering. User Model User Adapt Interact 19(1-2): 65–97CrossRefGoogle Scholar
  39. Mehta B, Hofmann T, Nejdl W (2007a) Lies and propaganda: Detecting spam users in collaborative filtering. In: Proceedings of the 12th international conference on intelligent user interfaces, Honolulu, HI, USA, pp 14–21Google Scholar
  40. Mehta B, Hofmann T, Nejdl W (2007b) Robust collaborative filtering. In: Proceedings of the 1st ACM international conference on recommender systems, Minneapolis, MN, USA, pp 49–56Google Scholar
  41. Miyahara K, Pazzani MJ (2002) Improvement of collaborative filtering with the simple Bayesian classifier. IPSJ J 43(11)Google Scholar
  42. Mobasher B, Burke RD, Bhaumik R, Williams CA (2005) Effective attack models for shilling item-based collaborative filtering systems. In: Proceedings of the WebKDD workshop, Chicago, IL, USAGoogle Scholar
  43. Mobasher B, Burke RD, Williams CA, Bhaumik R (2006a) Analysis and detection of segment-focused attacks against collaborative recommendation. Lect Notes Comput Sci 4198: 96–118CrossRefGoogle Scholar
  44. Mobasher B, Burke RD, Sandvig JJ (2006b) Model-based collaborative filtering as a defense against profile injection attacks. In: Proceedings of the 21st national conference on artificial intelligence, Boston, MA, USA, pp 1388–1393Google Scholar
  45. Mobasher B, Burke RD, Bhaumik R, Sandvig JJ (2007a) Attacks and remedies in collaborative recommendation. IEEE Intell Syst 22(3): 56–63CrossRefGoogle Scholar
  46. Mobasher B, Burke RD, Bhaumik R, Williams CA (2007b) Towards trustworthy recommender systems: an analysis of attack models and algorithm robustness. ACM Trans Internet Technol 7(4): 23–60CrossRefGoogle Scholar
  47. O’Donovan J, Smyth B (2006) Is trust robust?: An analysis of trust-based recommendation. In: Proceedings of the 11th international conference on intelligent user interfaces, Sydney, Australia, pp 101–108Google Scholar
  48. O’Mahony MP, Hurley NJ, Silvestre GCM (2002a) Towards robust collaborative filtering. Lect Notes Comput Sci 2464: 87–94CrossRefGoogle Scholar
  49. O’Mahony MP, Hurley NJ, Silvestre GCM (2002b) Promoting recommendations: an attack on collaborative filtering. In: Proceedings of the 13th international conference on database and expert systems applications, Aix-en-Provence, France, pp 494–503Google Scholar
  50. O’Mahony MP, Hurley NJ, Silvestre GCM (2003) Collaborative filtering-safe and sound. Lect Notes Comput Sci 2871: 506–510CrossRefGoogle Scholar
  51. O’Mahony MP (2004) Towards robust and efficient automated collaborative filtering. PhD dissertation, University College DublinGoogle Scholar
  52. O’Mahony MP, Hurley NJ, Silvestre GCM (2004a) Utility-based neighborhood formation for efficient and robust collaborative filtering. In: Proceedings of the 5th ACM conference on electronic commerce, New York, NY, USA, pp 260–261Google Scholar
  53. O’Mahony MP, Hurley NJ, Silvestre GCM (2004b) Efficient and secure collaborative filtering through intelligent neighbor selection. In: Proceedings of the 16th European conference on artificial intelligence, Valencia, Spain, pp 383–387Google Scholar
  54. O’Mahony MP, Hurley NJ, Kushmerick N, Silvestre GCM (2004c) Collaborative recommendation: a robustness analysis. ACM Trans Internet Technol 4(4): 344–377CrossRefGoogle Scholar
  55. O’Mahony MP, Hurley NJ, Silvestre GCM (2004d) An evaluation of neighborhood formation on the performance of collaborative filtering. Artif Intell Rev 21(3-4): 215–228CrossRefzbMATHGoogle Scholar
  56. O’Mahony MP, Hurley NJ, Silvestre GCM (2005) Recommender systems: Attack types and strategies. In: Proceedings of the 20th national conference on artificial intelligence, Pittsburgh, PA, USA, pp 334–339Google Scholar
  57. O’Mahony MP, Hurley NJ, Silvestre GCM (2006a) Detecting noise in recommender system databases. In: Proceedings of the 11th international conference on intelligent user interfaces, Sydney, Australia, pp 109–115Google Scholar
  58. O’Mahony MP, Hurley NJ, Silvestre GCM (2006b) Attacking recommender systems: The cost of promotion. In: Proceedings of the workshop on recommender systems, in conjunction with the 17th European conference on artificial intelligence, Riva del Garda, Trentino, Italy, pp 24–28Google Scholar
  59. O’Mahony MP, Smyth B (2007a) Evaluating the robustness of collaborative web search. In: Proceedings of the 18th Irish conference on artificial intelligence and cognitive science, Dublin, IrelandGoogle Scholar
  60. O’Mahony MP, Smyth B (2007b) Collaborative web search: a robustness analysis. Artif Intell Rev 28(1): 69–86CrossRefGoogle Scholar
  61. Oostendorp N, Sami R (2009) The copied-item injection attack. In: Proceedings of the workshop on recommender systems and the social web, New York, NY, USA, pp 63–70Google Scholar
  62. Pennock DM, Horvitz E, Lawrence S, Giles CL (2000) Collaborative filtering by personality diagnosis: a hybrid memory- and model-based approach. In: Proceedings of the 16th conference on uncertainty in artificial intelligence, Stanford, CA, USA, pp 473–480Google Scholar
  63. Polat H, Du W (2005) Privacy-preserving collaborative filtering. Int J Electron Commer 9(4): 9–35Google Scholar
  64. Ray S, Mahanti A (2009a) Filler item strategies for shilling attacks against recommender systems. In: Proceedings of the 42nd Hawaii international conference on system sciences. Big Island, HI, USA, pp 1–10Google Scholar
  65. Ray S, Mahanti A (2009b) Strategies for effective shilling attacks against recommender systems. Lect Notes Comput Sci 5456: 111–125CrossRefGoogle Scholar
  66. Ray S, Mahanti A (2010) Improving prediction accuracy in trust-aware recommender systems. In: Proceedings of the 43rd Hawaii international conference on system sciences, Kauai, HI, USA, pp 1–9Google Scholar
  67. Ramezani M, Sandvig JJ, Schimoler T, Gemmell J, Mobasher B, Burke RD (2009) Evaluating the impact of attacks in collaborative tagging environments. In: Proceedings of the international conference on computational science and engineering, Vancouver, BC, Canada, pp 136–143Google Scholar
  68. Resnick P, Sami R (2007) The influence-limiter: Provably manipulation-resistant recommender systems. In: Proceedings of the 1st ACM international conference on recommender systems, Minneapolis, MN, USA, pp 25–32Google Scholar
  69. Resnick P, Sami R (2008a) Manipulation-resistant recommender systems through influence limits. ACM SIGecom Exch 17(3): 1–4CrossRefGoogle Scholar
  70. Resnick P, Sami R (2008b) The information cost of manipulation resistance in recommender systems. In: Proceedings of the 2nd ACM international conference on recommender systems. Lausanne, Switzerland, pp 147–154Google Scholar
  71. Sandvig JJ, Mobasher B, Burke RD (2007a) Robustness of collaborative recommendation based on association rule mining. In: Proceedings of the 1st ACM conference on recommender systems, Minneapolis, MN, USA, pp 105–112Google Scholar
  72. Sandvig JJ, Mobasher B, Burke RD (2007b) Impact of relevance measures on the robustness and accuracy of collaborative filtering. In: Proceedings of the 8th international conference on electronic commerce and web technologies, Regensburg, Germany, pp 99–108Google Scholar
  73. Sandvig JJ, Mobasher B, Burke RD (2008) A survey of collaborative recommendation and the robustness of model-based algorithms. IEEE Data Engineering Bulletin 31(2): 3–13Google Scholar
  74. Su XF, Zeng HJ, Chen Z (2005) Finding group shilling in recommendation system. In: Proceedings of the 14th international conference on world wide web, Chiba, Japan, pp 960–961Google Scholar
  75. Tang T, Tang Y (2011) An effective recommender attack detection method based on time SFM factors. In: Proceedings of the IEEE 3rd international conference on communication software and networks, Xi’an, China, pp 78–81Google Scholar
  76. Van Roy B, Yan X (2009) Manipulation-resistant collaborative filtering systems. In: Proceedings of the 3rd ACM conference on recommender systems, New York, NY, USA, pp 165–172Google Scholar
  77. Van Roy B, Yan X (2010) Manipulation robustness of collaborative filtering. Manag Sci 56(11): 1911–1929CrossRefzbMATHGoogle Scholar
  78. Williams CA (2006) Profile injection attack detection for securing collaborative recommender systems. Masters thesis, DePaul UniversityGoogle Scholar
  79. Williams CA, Bhaumik R, Burke RD, Mobasher B (2006a) The impact of attack profile classification on the robustness of collaborative recommendation. In: Proceedings of the WebKDD workshop, Philadelphia, PA, USAGoogle Scholar
  80. Williams CA, Mobasher B, Burke RD, Bhaumik R, Sandvig JJ (2006b) Detection of obfuscated attacks in collaborative recommender systems. In: Proceedings of the workshop on recommender systems, in conjunction with the 17th European conference on artificial intelligence, Riva del Garda, Trentino, Italy, pp 19–23Google Scholar
  81. Williams CA, Mobasher B, Burke RD (2007a) Defending recommender systems: detection of profile injection attacks. Serv Oriented Comput Appl 1(3): 157–170CrossRefGoogle Scholar
  82. Williams CA, Mobasher B, Burke RD, Bhaumik R (2007b) Detecting profile injection attacks in collaborative filtering: a classification-based approach. Lect Notes Comput Sci 4811: 167–186CrossRefGoogle Scholar
  83. Wu Z, Cao J, Mao B, Wang Y (2011) Semi-SAD: applying semi-supervised learning to shilling attack detection. In: Proceedings of the 5th ACM conference on recommender systems, Chicago, IL, USA, pp 289–292Google Scholar
  84. Yan X (2009) Manipulation robustness of collaborative filtering systems. PhD dissertation, Stanford UniversityGoogle Scholar
  85. Yan X, Van Roy B (2009) Manipulation robustness of collaborative filtering systems. The Computing Research Repository (abs/0903.0069)Google Scholar
  86. Zhang FG (2008) Analysis of segment shilling attack against trust based recommender systems. In: Proceedings of the 4th international conference on wireless communications, networking and mobile computing, Dalian, China, pp 1–4Google Scholar
  87. Zhang FG (2009a) Reverse bandwagon profile injection attack against recommender systems. In: Proceedings of the 2nd international symposium on computational intelligence and design, Changsha, China, pp 15–18Google Scholar
  88. Zhang FG (2009b) Average shilling attack against trust-based recommender systems. In: Proceedings of the international conference on information management, innovation management and industrial engineering, Xi’an, China, pp 588–591Google Scholar
  89. Zhang FG (2009c) A survey of shilling attacks in collaborative filtering recommender systems. In: Proceedings of the international conference on computational intelligence and software engineering, Wuhan, China, pp 1–4Google Scholar
  90. Zhang FG (2010) Analysis of love-hate shilling attack against e-commerce recommender system. In: Proceedings of the international conference of information science and management engineering, Xi’an, China, pp 318–321Google Scholar
  91. Zhang FG (2011a) Preventing recommendation attack in trust-based recommender systems. J Comput Sci Technol 26(5): 823–828CrossRefGoogle Scholar
  92. Zhang FG (2011b) Analysis of bandwagon and average hybrid attack model against trust-based recommender systems. In: Proceedings of the 5th international conference on management of e-commerce and e-government, Hubei, China, pp 269–273Google Scholar
  93. Zhang FG, Xu SH (2007) Analysis of trust-based e-commerce recommender systems under recommendation attacks. In: Proceedings of the 1st international symposium on data, privacy, and e-commerce, Chengdu, China, pp 385–390Google Scholar
  94. Zhang S, Ouyang Y, Ford J, Makedon F (2006a) Analysis of a low-dimensional linear model under recommendation attacks. In: Proceedings of the 29th annual international ACM SIGIR conference on research and development in information retrieval, Seattle, WA, USA, pp 517–524Google Scholar
  95. Zhang S, Chakrabarti A, Ford J, Makedon F (2006b) Attack detection in time series for recommender systems. In: Proceedings the 20th ACM SIGKDD international conference on knowledge discovery and data mining, Philadelphia, PA, USA, pp 809–814Google Scholar
  96. Zhang Q, Luo Y, Weng C, Li M (2009) A trust-based detecting mechanism against profile injection attacks in recommender systems. In: Proceedings of the 3rd IEEE international conference on secure software integration and reliability improvement, Shanghai, China, pp 59–64Google Scholar

Copyright information

© Springer Science+Business Media Dordrecht 2012

Authors and Affiliations

  • Ihsan Gunes
    • 1
  • Cihan Kaleli
    • 1
  • Alper Bilge
    • 1
  • Huseyin Polat
    • 1
  1. 1.Computer Engineering DepartmentAnadolu UniversityEskisehirTurkey

Personalised recommendations