Service Oriented Computing and Applications

, Volume 1, Issue 3, pp 157–170 | Cite as

Defending recommender systems: detection of profile injection attacks

  • Chad A. WilliamsEmail author
  • Bamshad Mobasher
  • Robin Burke
Original Research


Collaborative recommender systems are known to be highly vulnerable to profile injection attacks, attacks that involve the insertion of biased profiles into the ratings database for the purpose of altering the system’s recommendation behavior. Prior work has shown when profiles are reverse engineered to maximize influence; even a small number of malicious profiles can significantly bias the system. This paper describes a classification approach to the problem of detecting and responding to profile injection attacks. A number of attributes are identified that distinguish characteristics present in attack profiles in general, as well as an attribute generation approach for detecting profiles based on reverse engineered attack models. Three well-known classification algorithms are then used to demonstrate the combined benefit of these attributes and the impact the selection of classifier has with respect to improving the robustness of the recommender system. Our study demonstrates this technique significantly reduces the impact of the most powerful attack models previously studied, particularly when combined with a support vector machine classifier.


Attack detection Bias profile injection Collaborative filtering Recommender systems Attack models Support vector machines 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bhaumik R, Williams C, Mobasher B, Burke R (2006) Securing collaborative filtering against malicious attacks through anomaly detection. In: Proceedings of the 4th workshop on intelligent techniques for web personalization (ITWP’06), Held at AAAI 2006, Boston, July 2006Google Scholar
  2. 2.
    Burke R, Mobasher B, Bhaumik R (2005) Limited knowledge shilling attacks in collaborative filtering systems. In: Proceedings of the 3rd IJCAI workshop in intelligent techniques for personalization, Edinburgh, Scotland, August 2005Google Scholar
  3. 3.
    Burke R, Mobasher B, Williams C, Bhaumik R (2005) Segment-based injection attacks against collaborative filtering recommender systems. In: Proceedings of the international conference on data mining (ICDM 2005), Houston, December 2005Google Scholar
  4. 4.
    Burke R, Mobasher B, Williams C, Bhaumik R (2006) Detecting profile injection attacks in collaborative recommender systems. In: Proceedings of the IEEE joint conference on e-commerce technology and enterprise computing, e-commerce and e-services (CEC/EEE 2006), Palo Alto, CA, June 2006Google Scholar
  5. 5.
    Burke R, Mobasher B, Zabicki R, Bhaumik R (2005) Identifying attack models for secure recommendation. In: Beyond personalization: a workshop on the next generation of recommender systems, San Diego, California, January 2005Google Scholar
  6. 6.
    Chirita P, Nejdl W, Zamfir C (2005) Preventing shilling attacks in online recommender systems. In: WIDM ’05: Proceedings of the 7th annual ACM international workshop on Web information and data management, New York, NY, USA, ACM Press pp 67–74Google Scholar
  7. 7.
    Herlocker J, Konstan J, Borchers A, Riedl J (1999) An algorithmic framework for performing collaborative filtering. In Proceedings of the 22nd ACM conference on research and development in information retrieval (SIGIR’99), Berkeley, CA, August 1999Google Scholar
  8. 8.
    Herlocker J, Konstan J, Tervin LG and Riedl J (2004). Evaluating collaborative filtering recommender systems. ACM Trans Inform Syst 22(1): 5–53 CrossRefGoogle Scholar
  9. 9.
    Lam S, Reidl J (2004) Shilling recommender systems for fun and profit. In: Proceedings of the 13th international WWW conference, New York, May 2004Google Scholar
  10. 10.
    Massa P and Avesani P (2004). Trust-aware collaborative filtering for recommender systems. Lecture Notes Comput Sci 3290: 492–508 Google Scholar
  11. 11.
    Mobasher B, Burke R, Bhaumik R, Williams C (2005) Effective attack models for shilling item-based collaborative filtering systems. In: Proceedings of the 2005 WebKDD workshop, held in conjuction with ACM SIGKDD’2005, Chicago, IL, August 2005Google Scholar
  12. 12.
    Mobasher B, Burke R, Bhaumik R, Williams C (2007) Towards trustworthy recommender systems: An analysis of attack models and algorithm robustness. ACM Trans Int Technol (in press)Google Scholar
  13. 13.
    Mobasher B, Burke R, Williams C, Bhaumik R (2006) Analysis and detection of segment-focused attacks against collaborative recommendation. In: Lecture notes in computer science: Proceedings of the 2005 WebKDD workshop. Springer, HeidelbergGoogle Scholar
  14. 14.
    Mobasher B, Burke R, Sandvig JJ (2006) Model-based collaborative filtering as a defense against profile injection attacks. In: Proceedings of the 21st national conference on artificial intelligence (AAAI’06), Boston, MA, July 2006Google Scholar
  15. 15.
    O’Mahony M, Hurley N, Kushmerick N and Silvestre G (2004). Collaborative recommendation: a robustness analysis. ACM Trans Internet Technol 4(4): 344–377 CrossRefGoogle Scholar
  16. 16.
    O’Mahony MP, Hurley NJ, Guénolé CM (2006) Silvestre. Detecting noise in recommender system databases. In: IUI ’06: Proceedings of the 11th international conference on Intelligent user interfaces, pp 109–115Google Scholar
  17. 17.
    O’Mahony MP, Hurley NJ, Silvestre G (2004) Utility-based neighbourhood formation for efficient and robust collaborative filtering. In: Proceedings of the 5th ACM conference on electronic commerce (EC04), pp 260–261, May 2004Google Scholar
  18. 18.
    Quinlan JR (1993) C4.5: Programs for machine learning. Morgan Kaufmann San Fransisco (1994)Google Scholar
  19. 19.
    Resnick P, Iacovou N, Suchak M, Bergstrom P, Riedl J (1994) Grouplens: an open architecture for collaborative filtering of netnews. In: CSCW ’94: Proceedings of the 1994 ACM conference on computer supported cooperative work, pp 175–186. ACM Press, New YorkGoogle Scholar
  20. 20.
    Sarwar B, Karypis G, Konstan J, Riedl J (2001) Item-based collaborative filtering recommendation algorithms. In: Proceedings of the 10th international world Wide Web conference, Hong Kong, May 2001Google Scholar
  21. 21.
    Su X-F, Zeng H-J, Chen Z (2005) Finding group shilling in recommendation system. In: WWW ’05: Special interest tracks and posters of the 14th international conference on World Wide Web, Chiba, Japan. ACM Press, New York pp 960–961Google Scholar
  22. 22.
    Williams C, Mobasher B, Burke R, Sandvig J, Bhaumik R (2006) Detection of obfuscated attacks in collaborative recommender systems. In: Proceedings of the ECAI06 workshop on recommender systems, Held at the 17th European Conference on Artificial Intelligence (ECAI’06), Riva del Garda, Italy, August 2006Google Scholar
  23. 23.
    Witten IH and Frank E (2005). Data Mining: practical machine learning tools and techniques, 2nd edn. Morgan Kaufmann, San Francisco zbMATHGoogle Scholar
  24. 24.
    Zhang S, Chakrabarti A, Ford J, Makedon F (2006) Attack detection in time series for recommender systems. In: KDD ’06: Proceedings of the 12th ACM SIGKDD international conference on Knowledge discovery and data mining, pages 809–814Google Scholar
  25. 25.
    Zhang S, Ouyang Y, Ford J, Makedon F (2006) Analysis of a low-dimensional linear model under recommendation attacks. In: SIGIR ’06: Proceedings of the 29th annual international ACM SIGIR conference on Research and development in information retrieval, New York, NY, USA ACM Press, New York, pp 517–524Google Scholar

Copyright information

© Springer-Verlag London Limited 2007

Authors and Affiliations

  • Chad A. Williams
    • 1
    Email author
  • Bamshad Mobasher
    • 2
  • Robin Burke
    • 2
  1. 1.Department of Computer ScienceUniversity of Illinois at ChicagoChicagoUSA
  2. 2.School of Computer Science, Telecommunication, and Information Systems, Center for Web IntelligenceDePaul UniversityChicagoUSA

Personalised recommendations