VLIA: Navigating Shadows with Proximity for Highly Accurate Visited Location Inference Attack against Federated Recommendation Models
Authors: 
Thirasara Ariyarathna, Meisam Mohammady, Hye-Young (Helen) Paik, 
Salil S KanhereAuthors Info & Claims
Thirasara Ariyarathna, Meisam Mohammady, Hye-Young (Helen) Paik, Salil S KanhereAuthors Info & ClaimsPages 1261 - 1271
Abstract
Personalized location recommendation allows users to enjoy a seamless travel experience by suggesting the optimal travel locations/routes based on user preferences. Most service providers collect users' location data centrally to develop accurate route recommendation applications. Federated learning (FL) can be used as an inherent privacy-preserving mechanism in these applications to prevent users from sharing private data. However, recent research shows that FL is still vulnerable to privacy leakages. Therefore, many FL-based recommendation systems use Local Differential Privacy (LDP) to defend against such attacks. In this paper, we propose the Visited Location Inference Attack (VLIA), a novel attack for federated location recommendation systems through the lens of Membership Inference Attack (MIA). Specifically, we focus on inferring user behaviour data (visited locations) even when the federated recommendation system is protected with LDP. We design and implement VLIA leveraging both embedding and proximity information of locations, making the inference more accurate. Our extensive experiments with two state-of-the-art personalized route recommendation (PRR) systems implemented in the FL setting and two real-world trajectory datasets showcase the effectiveness of the VLIA attack. Our results show that LDP cannot defend VLIA unless the recommendation performance is significantly compromised.
References
[1]
Martin Abadi, Andy Chu, Ian Goodfellow, H. Brendan McMahan, Ilya Mironov, Kunal Talwar, and Li Zhang. 2016. Deep Learning with Differential Privacy. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (Oct 2016).
[2]
Osman Abul, Francesco Bonchi, and Mirco Nanni. 2008. Never walk alone: Uncertainty for anonymity in moving objects databases. In 2008 IEEE 24th international conference on data engineering. Ieee, 376--385.
[3]
Gennady Andrienko, Aris Gkoulalas-Divanis, Marco Gruteser, Christine Kopp, Thomas Liebig, and Klaus Rechert. 2013. Report from Dagstuhl: the liberation of mobile location data and its implications for privacy research. ACM SIGMOBILE Mobile Computing and Communications Review (2013).
[4]
Christine Bauer and Christine Strauss. 2016. Location-based advertising on mobile devices: A literature review and analysis. Management review quarterly 66, 3 (2016), 159--194.
[5]
Dawei Chen, Cheng Soon Ong, and Lexing Xie. 2016. Learning Points and Routes to Recommend Trajectories. CoRR abs/1608.07051 (2016). arXiv:1608.07051 http://arxiv.org/abs/1608.07051
[6]
Rui Chen, Benjamin Fung, and Bipin C Desai. 2011. Differentially private trajectory data publication. arXiv preprint arXiv:1112.2020 (2011).
[7]
Si Chen, Anmin Fu, Jian Shen, Shui Yu, Huaqun Wang, and Huaijiang Sun. 2020. RNN-DP: A new differential privacy scheme base on Recurrent Neural Network for Dynamic trajectory privacy protection. Journal of Network and Computer Applications 168 (2020), 102736.
[8]
Zaiben Chen, Heng Tao Shen, and Xiaofang Zhou. 2011. Discovering popular routes from trajectories. In 2011 IEEE 27th International Conference on Data Engineering. 900--911.
[9]
Ge Cui, Jun Luo, and Xin Wang. 2018. Personalized travel route recommendation using collaborative filtering based on GPS trajectories. International Journal of Digital Earth 11, 3 (2018), 284--307. arXiv:https://doi.org/10.1080/17538947.2017.1326535
[10]
Amine Dadoun, Raphaël Troncy, Olivier Ratier, and Riccardo Petitti. 2019. Location embeddings for next trip recommendation. In Companion Proceedings of The 2019 World Wide Web Conference. 896--903.
[11]
Jian Dai, Bin Yang, Chenjuan Guo, and Zhiming Ding. 2015. Personalized route recommendation using big trajectory data. In 2015 IEEE 31st International Conference on Data Engineering. 543--554.
[12]
Yves-Alexandre De Montjoye, César A Hidalgo, Michel Verleysen, and Vincent D Blondel. 2013. Unique in the crowd: The privacy bounds of human mobility. Scientific reports 3, 1 (2013), 1--5.
[13]
Daniel Delling and Dorothea Wagner. 2009. Pareto Paths with SHARC. In Experimental Algorithms, Jan Vahrenhold (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 125--136.
[14]
Cynthia Dwork, Kunal Talwar, Abhradeep Thakurta, and Li Zhang. 2014. Analyze gauss: optimal bounds for privacy-preserving principal component analysis. In Proceedings of the forty-sixth annual ACM symposium on Theory of computing. 11--20.
[15]
Zekeriya Erkin, Thijs Veugen, Tomas Toft, and Reginald L. Lagendijk. 2012. Generating Private Recommendations Efficiently Using Homomorphic Encryption and Data Packing. IEEE Transactions on Information Forensics and Security 7, 3 (2012), 1053--1066.
[16]
Kassem Fawaz and Kang G Shin. 2014. Location privacy protection for smartphone users. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. 239--250.
[17]
Jonas Geiping, Hartmut Bauermeister, Hannah Dröge, and Michael Moeller. 2020. Inverting gradients-how easy is it to break privacy in federated learning? Advances in Neural Information Processing Systems 33 (2020), 16937--16947.
[18]
Google. 2023. Google Maps. https://www.google.com/maps/
[19]
Peter E. Hart, Nils J. Nilsson, and Bertram Raphael. 1968. A Formal Basis for the Heuristic Determination of Minimum Cost Paths. IEEE Transactions on Systems Science and Cybernetics 4, 2 (1968), 100--107.
[20]
Mubashir Imran, Hongzhi Yin, Tong Chen, Quoc Viet Hung Nguyen, Alexander Zhou, and Kai Zheng. 2023. ReFRS: Resource-efficient federated recommender system for dynamic and diversified user preferences. ACM Transactions on Information Systems 41, 3 (2023), 1--30.
[21]
Baidu Inc. 2023. Baidu Maps. https://map.baidu.com/
[22]
E. Kanoulas, Yang Du, Tian Xia, and Donghui Zhang. 2006. Finding Fastest Paths on A Road Network with Speed Patterns. In 22nd International Conference on Data Engineering (ICDE'06). 10--10.
[23]
Julia Letchner, John Krumm, and Eric Horvitz. 2006. Trip Router with Individualized Preferences (TRIP): Incorporating Personalization into Route Planning. In AAAI, Vol. 2.
[24]
Hao Liu, Yongxin Tong, Panpan Zhang, Xinjiang Lu, Jianguo Duan, and Hui Xiong. 2019. Hydra: A Personalized and Context-Aware Multi-Modal Transportation Recommendation System. In Proceedings of the 25th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining (Anchorage, AK, USA) (KDD '19). Association for Computing Machinery, New York, NY, USA, 2314--2324.
[25]
Hechen Liu, Ling-Yin Wei, Yu Zheng, Markus Schneider, and Wen-Chih Peng. 2011. Route Discovery from Mining Uncertain Trajectories. In 2011 IEEE 11th International Conference on Data Mining Workshops. 1239--1242.
[26]
Lingjuan Lyu, Han Yu, and Qiang Yang. 2020. Threats to federated learning: A survey. arXiv preprint arXiv:2003.02133 (2020).
[27]
H. Brendan McMahan, Eider Moore, Daniel Ramage, Seth Hampson, and Blaise Agüera y Arcas. 2017. Communication-Efficient Learning of Deep Networks from Decentralized Data. arXiv:1602.05629 [cs.LG]
[28]
Luca Melis, Congzheng Song, Emiliano De Cristofaro, and Vitaly Shmatikov. 2019. Exploiting unintended feature leakage in collaborative learning. In 2019 IEEE symposium on security and privacy (SP). IEEE, 691--706.
[29]
Xuying Meng, Suhang Wang, Kai Shu, Jundong Li, Bo Chen, Huan Liu, and Yujun Zhang. 2018. Personalized Privacy-Preserving Social Recommendation. In AAAI. 3796--3803. https://www.aaai.org/ocs/index.php/AAAI/AAAI18/paper/view/16768
[30]
Waze Mobile. 2023. Waze. https://www.waze.com/
[31]
Luis Moreira-Matias, Joao Gama, Michel Ferreira, Joao Mendes-Moreira, and Luis Damas. 2013. Predicting taxi-passenger demand using streaming data. IEEE Transactions on Intelligent Transportation Systems (2013).
[32]
Viraaji Mothukuri, Reza M Parizi, Seyedamin Pouriyeh, Yan Huang, Ali Dehghantanha, and Gautam Srivastava. 2021. A survey on security and privacy of federated learning. Future Generation Computer Systems 115 (2021), 619--640.
[33]
Arvind Narayanan and Vitaly Shmatikov. 2008. Robust De-anonymization of Large Sparse Datasets. In 2008 IEEE Symposium on Security and Privacy (sp 2008). 111--125.
[34]
Milad Nasr, Reza Shokri, and Amir Houmansadr. 2019. Comprehensive privacy analysis of deep learning: Passive and active white-box inference attacks against centralized and federated learning. In 2019 IEEE symposium on security and privacy (SP). IEEE, 739--753.
[35]
Vasileios Perifanis and Pavlos S Efraimidis. 2022. Federated neural collaborative filtering. Knowledge-Based Systems 242 (2022), 108441.
[36]
Nikolaos Polatidis, Christos K. Georgiadis, Elias Pimenidis, and Haralambos Mouratidis. 2017. Privacy-Preserving Collaborative Recommendations Based on Random Perturbations. Expert Syst. Appl. 71, C (April 2017), 18--25.
[37]
Vincent Primault, Antoine Boutet, Sonia Ben Mokhtar, and Lionel Brunie. 2018. The long road to computational location privacy: A survey. IEEE Communications Surveys & Tutorials 21, 3 (2018), 2772--2793.
[38]
Anastasia Pustozerova and Rudolf Mayer. 2020. Information leaks in federated learning. In Proceedings of the Network and Distributed System Security Symposium, Vol. 10. 122.
[39]
Pranav Rajpurkar, Jian Zhang, Konstantin Lopyrev, and Percy Liang. 2016. SQuAD: 100,000+ Questions for Machine Comprehension of Text. In Proceedings of the 2016 Conference on Empirical Methods in Natural Language Processing. Association for Computational Linguistics, Austin, Texas, 2383--2392.
[40]
Reza Shokri, George Theodorakopoulos, Jean-Yves Le Boudec, and Jean-Pierre Hubaux. 2011. Quantifying location privacy. In 2011 IEEE symposium on security and privacy. IEEE, 247--262.
[41]
Zehua Sun, Yonghui Xu, Yong Liu, Wei He, Yali Jiang, Fangzhao Wu, and Lizhen Cui. 2022. A Survey on Federated Recommendation Systems. arXiv preprint arXiv:2301.00767 (2022).
[42]
Anshuman Suri, Pallika Kanani, Virendra J Marathe, and Daniel W Peterson. 2022. Subject membership inference attacks in federated learning. arXiv preprint arXiv:2206.03317 (2022).
[43]
Cong Wang, Yifeng Zheng, Jinghua Jiang, and Kui Ren. 2018. Toward Privacy-Preserving Personalized Recommendation Services. Engineering 4, 1 (2018), 21--28. Cybersecurity.
[44]
Jingyuan Wang, Ning Wu, Wayne Xin Zhao, Fanzhang Peng, and Xin Lin. 2019. Empowering A* Search Algorithms with Neural Networks for Personalized Route Recommendation. CoRR abs/1907.08489 (2019). arXiv:1907.08489 http://arxiv.org/abs/1907.08489
[45]
J. Wang, N. Wu, and X. Zhao. 5555. Personalized Route Recommendation with Neural Network Enhanced A* Search Algorithm. IEEE Transactions on Knowledge & Data Engineering 01 (mar 5555), 1--1.
[46]
Chuhan Wu, Fangzhao Wu, Yang Cao, Yongfeng Huang, and Xing Xie. 2021. Fedgnn: Federated graph neural network for privacy-preserving recommendation. arXiv preprint arXiv:2102.04925 (2021).
[47]
Heng Xu, Xin Robert Luo, John M Carroll, and Mary Beth Rosson. 2011. The personalization privacy paradox: An exploratory study of decision making process for location-aware marketing. Decision support systems 51, 1 (2011), 42--52.
[48]
Can Yang and Győző Gidófalvi. 2018. Fast map matching, an algorithm integrating hidden Markov model with precomputation. International Journal of Geographical Information Science 32, 3 (2018), 547--570. arXiv:https://doi.org/10.1080/13658816.2017.1400548
[49]
Samuel Yeom, Irene Giacomelli, Matt Fredrikson, and Somesh Jha. 2018. Privacy risk in machine learning: Analyzing the connection to overfitting. In 2018 IEEE 31st computer security foundations symposium (CSF). IEEE, 268--282.
[50]
Samuel Yeom, Irene Giacomelli, Matt Fredrikson, and Somesh Jha. 2018. Privacy risk in machine learning: Analyzing the connection to overfitting. In 2018 IEEE 31st computer security foundations symposium (CSF). IEEE, 268--282.
[51]
Wei Yuan, Chaoqun Yang, Quoc Viet Hung Nguyen, Lizhen Cui, Tieke He, and Hongzhi Yin. 2023. Interaction-level membership inference attack against federated recommender systems. arXiv preprint arXiv:2301.10964 (2023).
[52]
Shijie Zhang, Wei Yuan, and Hongzhi Yin. 2023. Comprehensive privacy analysis on federated recommender system against attribute inference attacks. IEEE Transactions on Knowledge and Data Engineering (2023).
[53]
Bo Zhao, Konda Reddy Mopuri, and Hakan Bilen. 2020. idlg: Improved deep leakage from gradients. arXiv preprint arXiv:2001.02610 (2020).
[54]
Shenglin Zhao, Irwin King, and Michael R Lyu. 2016. A survey of point-of-interest recommendation in location-based social networks. arXiv preprint arXiv:1607.00647 (2016).
[55]
Yu Zheng and Hao Fu. 2011. Geolife GPS trajectory dataset - User Guide.
[56]
Ligeng Zhu, Zhijian Liu, and Song Han. 2019. Deep leakage from gradients. Advances in neural information processing systems 32 (2019).
Index Terms
- VLIA: Navigating Shadows with Proximity for Highly Accurate Visited Location Inference Attack against Federated Recommendation Models
Recommendations
Interaction-level Membership Inference Attack Against Federated Recommender Systems
WWW '23: Proceedings of the ACM Web Conference 2023The marriage of federated learning and recommender system (FedRec) has been widely used to address the growing data privacy concerns in personalized recommendation services. In FedRecs, users’ attribute information and behavior data (i.e., user-item ...
User Consented Federated Recommender System Against Personalized Attribute Inference Attack
WSDM '24: Proceedings of the 17th ACM International Conference on Web Search and Data MiningRecommender systems can be privacy-sensitive. To protect users' private historical interactions, federated learning has been proposed in distributed learning for user representations. Using federated recommender (FedRec) systems, users can train a shared ...
Towards fair and personalized federated recommendation
AbstractRecommender systems have gained immense popularity in recent years for predicting users’ interests by learning embeddings. The majority of existing recommendation approaches, represented by graph neural network-based recommendation algorithms, ...
Highlights- We design a novel federated recommendation framework, which takes fairness and personalization of recommendation into consideration simultaneously.
- In the proposed framework, user local model, cluster-level model, and global model are ...
Comments
Information & Contributors
Information
Published In
July 2024
1987 pages
ISBN:9798400704826
DOI:10.1145/3634737
- Chair:
- Jianying Zhou,
- Co-chair:
- Tony Q. S. Quek,
- Program Chairs:
- Debin Gao,
- Alvaro Cardenas
Copyright © 2024 Copyright is held by the owner/author(s). Publication rights licensed to ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 01 July 2024
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
ASIA CCS '24
Sponsor:
ASIA CCS '24: 19th ACM Asia Conference on Computer and Communications Security
July 1 - 5, 2024
Singapore, Singapore
Acceptance Rates
Overall Acceptance Rate 418 of 2,322 submissions, 18%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 107Total Downloads
- Downloads (Last 12 months)107
- Downloads (Last 6 weeks)12
Reflects downloads up to 26 Jan 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in