Skip to main content
Log in

Defending recommender systems: detection of profile injection attacks

  • Original Research
  • Published:
Service Oriented Computing and Applications Aims and scope Submit manuscript


Collaborative recommender systems are known to be highly vulnerable to profile injection attacks, attacks that involve the insertion of biased profiles into the ratings database for the purpose of altering the system’s recommendation behavior. Prior work has shown when profiles are reverse engineered to maximize influence; even a small number of malicious profiles can significantly bias the system. This paper describes a classification approach to the problem of detecting and responding to profile injection attacks. A number of attributes are identified that distinguish characteristics present in attack profiles in general, as well as an attribute generation approach for detecting profiles based on reverse engineered attack models. Three well-known classification algorithms are then used to demonstrate the combined benefit of these attributes and the impact the selection of classifier has with respect to improving the robustness of the recommender system. Our study demonstrates this technique significantly reduces the impact of the most powerful attack models previously studied, particularly when combined with a support vector machine classifier.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Similar content being viewed by others


  1. Bhaumik R, Williams C, Mobasher B, Burke R (2006) Securing collaborative filtering against malicious attacks through anomaly detection. In: Proceedings of the 4th workshop on intelligent techniques for web personalization (ITWP’06), Held at AAAI 2006, Boston, July 2006

  2. Burke R, Mobasher B, Bhaumik R (2005) Limited knowledge shilling attacks in collaborative filtering systems. In: Proceedings of the 3rd IJCAI workshop in intelligent techniques for personalization, Edinburgh, Scotland, August 2005

  3. Burke R, Mobasher B, Williams C, Bhaumik R (2005) Segment-based injection attacks against collaborative filtering recommender systems. In: Proceedings of the international conference on data mining (ICDM 2005), Houston, December 2005

  4. Burke R, Mobasher B, Williams C, Bhaumik R (2006) Detecting profile injection attacks in collaborative recommender systems. In: Proceedings of the IEEE joint conference on e-commerce technology and enterprise computing, e-commerce and e-services (CEC/EEE 2006), Palo Alto, CA, June 2006

  5. Burke R, Mobasher B, Zabicki R, Bhaumik R (2005) Identifying attack models for secure recommendation. In: Beyond personalization: a workshop on the next generation of recommender systems, San Diego, California, January 2005

  6. Chirita P, Nejdl W, Zamfir C (2005) Preventing shilling attacks in online recommender systems. In: WIDM ’05: Proceedings of the 7th annual ACM international workshop on Web information and data management, New York, NY, USA, ACM Press pp 67–74

  7. Herlocker J, Konstan J, Borchers A, Riedl J (1999) An algorithmic framework for performing collaborative filtering. In Proceedings of the 22nd ACM conference on research and development in information retrieval (SIGIR’99), Berkeley, CA, August 1999

  8. Herlocker J, Konstan J, Tervin LG and Riedl J (2004). Evaluating collaborative filtering recommender systems. ACM Trans Inform Syst 22(1): 5–53

    Article  Google Scholar 

  9. Lam S, Reidl J (2004) Shilling recommender systems for fun and profit. In: Proceedings of the 13th international WWW conference, New York, May 2004

  10. Massa P and Avesani P (2004). Trust-aware collaborative filtering for recommender systems. Lecture Notes Comput Sci 3290: 492–508

    Google Scholar 

  11. Mobasher B, Burke R, Bhaumik R, Williams C (2005) Effective attack models for shilling item-based collaborative filtering systems. In: Proceedings of the 2005 WebKDD workshop, held in conjuction with ACM SIGKDD’2005, Chicago, IL, August 2005

  12. Mobasher B, Burke R, Bhaumik R, Williams C (2007) Towards trustworthy recommender systems: An analysis of attack models and algorithm robustness. ACM Trans Int Technol (in press)

  13. Mobasher B, Burke R, Williams C, Bhaumik R (2006) Analysis and detection of segment-focused attacks against collaborative recommendation. In: Lecture notes in computer science: Proceedings of the 2005 WebKDD workshop. Springer, Heidelberg

  14. Mobasher B, Burke R, Sandvig JJ (2006) Model-based collaborative filtering as a defense against profile injection attacks. In: Proceedings of the 21st national conference on artificial intelligence (AAAI’06), Boston, MA, July 2006

  15. O’Mahony M, Hurley N, Kushmerick N and Silvestre G (2004). Collaborative recommendation: a robustness analysis. ACM Trans Internet Technol 4(4): 344–377

    Article  Google Scholar 

  16. O’Mahony MP, Hurley NJ, Guénolé CM (2006) Silvestre. Detecting noise in recommender system databases. In: IUI ’06: Proceedings of the 11th international conference on Intelligent user interfaces, pp 109–115

  17. O’Mahony MP, Hurley NJ, Silvestre G (2004) Utility-based neighbourhood formation for efficient and robust collaborative filtering. In: Proceedings of the 5th ACM conference on electronic commerce (EC04), pp 260–261, May 2004

  18. Quinlan JR (1993) C4.5: Programs for machine learning. Morgan Kaufmann San Fransisco (1994)

  19. Resnick P, Iacovou N, Suchak M, Bergstrom P, Riedl J (1994) Grouplens: an open architecture for collaborative filtering of netnews. In: CSCW ’94: Proceedings of the 1994 ACM conference on computer supported cooperative work, pp 175–186. ACM Press, New York

  20. Sarwar B, Karypis G, Konstan J, Riedl J (2001) Item-based collaborative filtering recommendation algorithms. In: Proceedings of the 10th international world Wide Web conference, Hong Kong, May 2001

  21. Su X-F, Zeng H-J, Chen Z (2005) Finding group shilling in recommendation system. In: WWW ’05: Special interest tracks and posters of the 14th international conference on World Wide Web, Chiba, Japan. ACM Press, New York pp 960–961

  22. Williams C, Mobasher B, Burke R, Sandvig J, Bhaumik R (2006) Detection of obfuscated attacks in collaborative recommender systems. In: Proceedings of the ECAI06 workshop on recommender systems, Held at the 17th European Conference on Artificial Intelligence (ECAI’06), Riva del Garda, Italy, August 2006

  23. Witten IH and Frank E (2005). Data Mining: practical machine learning tools and techniques, 2nd edn. Morgan Kaufmann, San Francisco

    MATH  Google Scholar 

  24. Zhang S, Chakrabarti A, Ford J, Makedon F (2006) Attack detection in time series for recommender systems. In: KDD ’06: Proceedings of the 12th ACM SIGKDD international conference on Knowledge discovery and data mining, pages 809–814

  25. Zhang S, Ouyang Y, Ford J, Makedon F (2006) Analysis of a low-dimensional linear model under recommendation attacks. In: SIGIR ’06: Proceedings of the 29th annual international ACM SIGIR conference on Research and development in information retrieval, New York, NY, USA ACM Press, New York, pp 517–524

Download references

Author information

Authors and Affiliations


Corresponding author

Correspondence to Chad A. Williams.

Additional information

This research was supported in part by the National Science Foundation Cyber Trust program under Grant IIS-0430303 and the National Science Foundation IGERT program under Grant DGE-0549489.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Williams, C.A., Mobasher, B. & Burke, R. Defending recommender systems: detection of profile injection attacks. SOCA 1, 157–170 (2007).

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: