Skip to main content
SpringerLink
Log in

Big Enough to Care Not Enough to Scare! Crawling to Attack Recommender Systems

  • Conference paper
  • First Online:
Computer Security – ESORICS 2020 (ESORICS 2020)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12309))

Included in the following conference series:

Abstract

Online recommendation services, such as e-commerce sites, rely on a vast amount of knowledge about users/items that represent an invaluable resource. Part of this acquired knowledge is public and can be accessed by anyone through the Internet. Unfortunately, that same knowledge can be used by competitors or malicious users. A large body of research proposes methods to attack recommender systems, but most of these works assume that the attacker knows or can easily access the rating matrix. In practice, this information is not directly accessible, but can only be gathered via crawling.

Considering such real-life limitations, in this paper, we assess the impact of different crawling approaches when attacking a recommendation service. From the crawled information, we mount different shilling attacks. We determine the value of the collected knowledge through the reconstruction of the user/item neighborhood. Our results show that while crawling can indeed bring knowledge to the attacker (up to 65% of neighborhood reconstruction), this will not be enough to mount a successful shilling attack in practice.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://www.torproject.org/.

  2. 2.

    http://www.netflixprize.com/.

References

  1. Baeza-Yates, R., Castillo, C., Marin, M., Rodriguez, A.: Crawling a country: better strategies than breadth-first for web page ordering. In: Special Interest Tracks and Posters of the 14th International Conference on World Wide Web, WWW 2005, New York, NY, USA, pp. 864–872. Association for Computing Machinery (2005). https://doi.org/10.1145/1062745.1062768

  2. Bhebe, W., Kogeda, O.P.: Shilling attack detection in collaborative recommender systems using a meta learning strategy. In: 2015 International Conference on Emerging Trends in Networks and Computer Communications, pp. 56–61 (2015)

    Google Scholar 

  3. Brin, S., Page, L.: The anatomy of a large-scale hypertextual web search engine. In: Proceedings of the Seventh International Conference on World Wide Web, WWW 2007, pp. 107–117. Elsevier, NLD (1998)

    Google Scholar 

  4. Burke, R., Mobasher, B., Bhaumik, R.: Limited knowledge shilling attacks in collaborative filtering systems. In: Proceedings of the 3rd IJCAI Workshop in Intelligent Techniques for Personalization (2005)

    Google Scholar 

  5. Chakrabarti, S.: Focused Web Crawling, pp. 1147–1155. Springer, Boston (2009). https://doi.org/10.1007/978-0-387-39940-9_165

  6. Chakrabarti, S., Dom, B., Raghavan, P., Rajagopalan, S., Gibson, D., Kleinberg, J.: Automatic resource compilation by analyzing hyperlink structure and associated text. In: Proceedings of the Seventh International Conference on World Wide Web 2007, WWW 2007, pp. 65–74. Elsevier, NLD (1998)

    Google Scholar 

  7. Cho, J., Garcia-Molina, H., Page, L.: Efficient crawling through URL ordering. Comput. Netw. ISDN Syst. 30(1), 161–172 (1998). https://doi.org/10.1016/S0169-7552(98)00108-1. http://www.sciencedirect.com/science/article/pii/S0169755298001081. Proceedings of the Seventh International World Wide Web Conference

  8. Christakopoulou, K., Banerjee, A.: Adversarial attacks on an oblivious recommender. In: Proceedings of the 13th ACM Conference on Recommender Systems, RecSys 2019, pp. 322–330. ACM (2019). https://doi.org/10.1145/3298689.3347031. http://doi.acm.org/10.1145/3298689.3347031

  9. Deldjoo, Y., Di Noia, T., Merra, F.A.: Assessing the impact of a user-item collaborative attack on class of users. In: In Proceedings of the 13th ACM RecSys Workshop on Impact of Recommender Systems (ImpactRS@RecSys 2019) (2019). http://sisinflab.poliba.it/publications/2019/DDM19

  10. Eksombatchai, C., et al.: Pixie: a system for recommending 3+ billion items to 200+ million users in real-time. In: Proceedings of the 2018 World Wide Web Conference, WWW 2018, pp. 1775–1784. WWW Conferences Steering Committee, Republic and Canton of Geneva, CHE (2018). https://doi.org/10.1145/3178876.3186183

  11. Ester, M., Kriegel, H.P., Schubert, M.: Accurate and efficient crawling for relevant websites. In: Proceedings of the Thirtieth International Conference on Very Large Data Bases - Volume 30, VLDB 2004, pp. 396–407. VLDB Endowment (2004)

    Google Scholar 

  12. Fang, M., Yang, G., Gong, N.Z., Liu, J.: Poisoning attacks to graph-based recommender systems. In: Proceedings of the 34th Annual Computer Security Applications Conference, ACSAC 2018, New York, NY, USA, pp. 381–392. Association for Computing Machinery (2018). https://doi.org/10.1145/3274694.3274706

  13. Gomez-Uribe, C., Hunt, N.: The netflix recommender system: algorithms, business value, and innovation. ACM Trans. Manage. Inf. Syst. 6(4) (2016). https://doi.org/10.1145/2843948

  14. Gunes, I., Bilge, A., Polat, H.: Shilling attacks against memory-based privacy-preserving recommendation algorithms. TIIS 7, 1272–1290 (2013)

    Article  Google Scholar 

  15. Gunes, I., Kaleli, C., Bilge, A., Polat, H.: Shilling attacks against recommender systems: a comprehensive survey. Artif. Intell. Rev. 42(4), 767–799 (2012). https://doi.org/10.1007/s10462-012-9364-9

    Article  Google Scholar 

  16. Hara, K., Suzuki, I., Kobayashi, K., Fukumizu, K.: Reducing hubness: a cause of vulnerability in recommender systems. In: Proceedings of the 38th International ACM SIGIR Conference on Research and Development in Information Retrieval, SIGIR 2015, New York, NY, USA, pp. 815–818. Association for Computing Machinery (2015). https://doi.org/10.1145/2766462.2767823

  17. Holzmann, H., Anand, A., Khosla, M.: Delusive PageRank in incomplete graphs. In: Aiello, L.M., Cherifi, C., Cherifi, H., Lambiotte, R., Lió, P., Rocha, L.M. (eds.) COMPLEX NETWORKS 2018. SCI, vol. 812, pp. 104–117. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-05411-3_9

    Chapter  Google Scholar 

  18. Holzmann, H., Anand, A., Khosla, M.: Estimating PageRank deviations in crawled graphs. Appl. Netw. Sci. 4, 86–107 (2019)

    Article  Google Scholar 

  19. Hurley, N.J., O’Mahony, M.P., Silvestre, G.C.M.: Attacking recommender systems: a cost-benefit analysis. IEEE Intell. Syst. 22(3), 64–68 (2007)

    Article  Google Scholar 

  20. Knees, P., Schnitzer, D., Flexer, A.: Improving neighborhood-based collaborative filtering by reducing hubness. In: Proceedings of International Conference on Multimedia Retrieval, ICMR 2014, New York, NY, USA, pp. 161–168. Association for Computing Machinery (2014). https://doi.org/10.1145/2578726.2578747

  21. Koren, Y., Bell, R.: Advances in Collaborative Filtering, pp. 145–186. Springer, Boston (2011). https://doi.org/10.1007/978-0-387-85820-3_5

    Book  Google Scholar 

  22. Koster, M.: Robots in the web: threat or treat? ConneXions 9(4), 8–18 (1995)

    Google Scholar 

  23. Lawankar, A., Mangrulkar, N.: A review on techniques for optimizing web crawler results. In: 2016 World Conference on Futuristic Trends in Research and Innovation for Social Welfare (Startup Conclave), pp. 1–4 (2016)

    Google Scholar 

  24. Li, B., Wang, Y., Singh, A., Vorobeychik, Y.: Data poisoning attacks on factorization-based collaborative filtering. In: Proceedings of the 30th International Conference on Neural Information Processing Systems, NIPS 2016, pp. 1893–1901 (2016). http://dl.acm.org/citation.cfm?id=3157096.3157308

  25. Linden, G., Smith, B., York, J.: Amazon.com recommendations: item-to-item collaborative filtering. IEEE Internet Comput. 7(1), 76–80 (2003)

    Google Scholar 

  26. Muñoz-González, L., Pfitzner, B., Russo, M., Carnerero-Cano, J., Lupu, E.C.: Poisoning attacks with generative adversarial nets. ArXiv abs/1906.07773 (2019)

    Google Scholar 

  27. Page, L., Brin, S., Motwani, R., Winograd, T.: The PageRank citation ranking: bringing order to the web. In: WWW 1999 (1999)

    Google Scholar 

  28. Patel, K., Thakkar, A., Shah, C., Makvana, K.: A state of art survey on shilling attack in collaborative filtering based recommendation system. In: Satapathy, S.C.C., Das, S. (eds.) Proceedings of First International Conference on Information and Communication Technology for Intelligent Systems: Volume 1. SIST, vol. 50, pp. 377–385. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-30933-0_38

    Chapter  Google Scholar 

  29. Rendle, S., Freudenthaler, C., Gantner, Z., Schmidt-Thieme, L.: BPR: Bayesian personalized ranking from implicit feedback. In: Proceedings of the Twenty-Fifth Conference on Uncertainty in Artificial Intelligence, UAI 2009, Arlington, Virginia, USA, pp. 452–461. AUAI Press (2009)

    Google Scholar 

  30. Ricci, F., Rokach, L., Shapira, B.: Recommender Systems Handbook. Springer, Boston (2011). https://doi.org/10.1007/978-0-387-85820-3_25

  31. Si, M., Li, Q.: Shilling attacks against collaborative recommender systems: a review. Artif. Intell. Rev. 53(1), 291–319 (2018). https://doi.org/10.1007/s10462-018-9655-x

    Article  Google Scholar 

  32. Su, X., Khoshgoftaar, T.M.: A survey of collaborative filtering techniques. Adv. Artif. Intell. 2009 (2009). https://doi.org/10.1155/2009/421425

  33. Zhang, Y., Gao, H., Pei, G., Luo, S., Chang, G., Cheng, N.: A survey of research on captcha designing and breaking techniques. In: 2019 18th IEEE International Conference On Trust, Security and Privacy in Computing and Communications/13th IEEE International Conference on Big Data Science and Engineering (TrustCom/BigDataSE), pp. 75–84 (2019)

    Google Scholar 

  34. Zhou, W., et al.: Shilling attacks detection in recommender systems based on target item analysis. PLoS ONE 10(7), 1–26 (2015). https://doi.org/10.1371/journal.pone.0130968

    Article  Google Scholar 

Download references

Acknowledgments

This work was supported by the European Commission under the Horizon 2020 Programme (H2020), as part of the LOCARD project (Grant Agreement no. 832735).

Author information

Authors and Affiliations

  1. Department of Mathematics, University of Padova, Padua, Italy

    Fabio Aiolli, Mauro Conti & Mirko Polato

  2. Delft University of Technology, Delft, The Netherlands

    Stjepan Picek

Authors
  1. Fabio Aiolli
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mauro Conti
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Stjepan Picek
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Mirko Polato
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mirko Polato .

Editor information

Editors and Affiliations

  1. University of Surrey, Guildford, UK

    Liqun Chen

  2. Purdue University, West Lafayette, IN, USA

    Ninghui Li

  3. Delft University of Technology, Delft, The Netherlands

    Kaitai Liang

  4. University of Surrey, Guildford, UK

    Steve Schneider

Appendices

A Neighborhood Reconstruction: User-Based with Cosine Similarity

In Fig. 7, we depict the results for all four considered datasets for the neighborhood reconstruction when using user-based cosine similarity.

Fig. 7.
figure 7

Neighborhood reconstruction using user-based cosine similarity. The results are the average (± standard deviation) over five randomly selected users. k on the x-axis is the dimension of the considered neighborhood.

Full size image

B Neighborhood Reconstruction: Item-Based with Pearson’s Correlation

Finally, in Fig. 8, we depict the results for the neighborhood reconstruction when using an item-based Pearson correlation.

Fig. 8.
figure 8

Neighborhood reconstruction using item-based Pearson’s correlation. The results are the average (± standard deviation) over five randomly selected average popular items. k on the x-axis is the dimension of the considered neighborhood.

Full size image

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Aiolli, F., Conti, M., Picek, S., Polato, M. (2020). Big Enough to Care Not Enough to Scare! Crawling to Attack Recommender Systems. In: Chen, L., Li, N., Liang, K., Schneider, S. (eds) Computer Security – ESORICS 2020. ESORICS 2020. Lecture Notes in Computer Science(), vol 12309. Springer, Cham. https://doi.org/10.1007/978-3-030-59013-0_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-59013-0_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-59012-3

  • Online ISBN: 978-3-030-59013-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation