research-article

Graph Embedding for Recommendation against Attribute Inference Attacks

Authors:

Xiangliang ZhangAuthors Info & Claims

WWW '21: Proceedings of the Web Conference 2021

Pages 3002 - 3014

https://doi.org/10.1145/3442381.3449813

Published: 03 June 2021 Publication History

Abstract

In recent years, recommender systems play a pivotal role in helping users identify the most suitable items that satisfy personal preferences. As user-item interactions can be naturally modelled as graph-structured data, variants of graph convolutional networks (GCNs) have become a well-established building block in the latest recommenders. Due to the wide utilization of sensitive user profile data, existing recommendation paradigms are likely to expose users to the threat of privacy breach, and GCN-based recommenders are no exception. Apart from the leakage of raw user data, the fragility of current recommenders under inference attacks offers malicious attackers a backdoor to estimate users’ private attributes via their behavioral footprints and the recommendation results. However, little attention has been paid to developing recommender systems that can defend such attribute inference attacks, and existing works achieve attack resistance by either sacrificing considerable recommendation accuracy or only covering specific attack models or protected information. In our paper, we propose GERAI, a novel differentially private graph convolutional network to address such limitations. Specifically, in GERAI, we bind the information perturbation mechanism in differential privacy with the recommendation capability of graph convolutional networks. Furthermore, based on local differential privacy and functional mechanism, we innovatively devise a dual-stage encryption paradigm to simultaneously enforce privacy guarantee on users’ sensitive features and the model optimization process. Extensive experiments show the superiority of GERAI in terms of its resistance to attribute inference attacks and recommendation effectiveness.

References

[1]

2019. MovieLens. http://grouplens.org/datasets/movielens

[2]

Gediminas Adomavicius and Alexander Tuzhilin. 2011. Context-aware recommender systems. In Recommender systems handbook. 217–253.

[3]

Ghazaleh Beigi, Ahmadreza Mosallanezhad, Ruocheng Guo, Hamidreza Alvari, Alexander Nou, and Huan Liu. 2020. Privacy-aware recommendation with private-attribute protection using adversarial learning. In WSDM. 34–42.

[4]

Arnaud Berlioz, Arik Friedman, Mohamed Ali Kaafar, Roksana Boreli, and Shlomo Berkovsky. 2015. Applying differential privacy to matrix factorization. In RECSYS. 107–114.

[5]

Joseph A Calandrino, Ann Kilzer, Arvind Narayanan, Edward W Felten, and Vitaly Shmatikov. 2011. ” You might also like:” Privacy risks of collaborative filtering. In IEEE symposium on security and privacy. 231–246.

Digital Library

[6]

John Canny. 2002. Collaborative filtering with privacy. In IEEE Symposium on Security and Privacy. 45–57.

[7]

Gjorgjina Cenikj and Sonja Gievska. 2020. Boosting Recommender Systems with Advanced Embedding Models. In WWW Companion. 385–389.

[8]

Di Chai, Leye Wang, Kai Chen, and Qiang Yang. 2020. Secure federated matrix factorization. IEEE Intelligent Systems(2020).

[9]

Kamalika Chaudhuri, Claire Monteleoni, and Anand D Sarwate. 2011. Differentially private empirical risk minimization. Journal of Machine Learning Research3 (2011).

[10]

Tong Chen, Hongzhi Yin, Hongxu Chen, Rui Yan, Quoc Viet Hung Nguyen, and Xue Li. 2019. Air: Attentional intention-aware recommender systems. In ICDE. 304–315.

[11]

Michaël Defferrard, Xavier Bresson, and Pierre Vandergheynst. 2016. Convolutional neural networks on graphs with fast localized spectral filtering. In NeurIPS. 3844–3852.

[12]

Cynthia Dwork, Frank McSherry, Kobbi Nissim, and Adam Smith. 2006. Calibrating noise to sensitivity in private data analysis. In Theory of cryptography conference. 265–284.

[13]

Cynthia Dwork, Aaron Roth, 2014. The algorithmic foundations of differential privacy. Foundations and Trends® in Theoretical Computer Science (2014), 211–407.

[14]

Zekeriya Erkin, Michael Beye, Thijs Veugen, and Reginald L Lagendijk. 2010. Privacy enhanced recommender system. In SITB. 35–42.

[15]

Úlfar Erlingsson, Vasyl Pihur, and Aleksandra Korolova. 2014. Rappor: Randomized aggregatable privacy-preserving ordinal response. In SIGSAC. 1054–1067.

Digital Library

[16]

Oana Goga, Howard Lei, Sree Hari Krishnan Parthasarathi, Gerald Friedland, Robin Sommer, and Renata Teixeira. 2013. Exploiting innocuous activity for correlating users across sites. In WWW. 447–458.

[17]

Neil Zhenqiang Gong and Bin Liu. 2016. You are who you know and how you behave: Attribute inference attacks via users’ social friends and behaviors. In USENIX. 979–995.

[18]

Neil Zhenqiang Gong and Bin Liu. 2018. Attribute inference attacks in online social networks. ACM Transactions on Privacy and Security(2018), 1–30.

[19]

Neil Zhenqiang Gong, Ameet Talwalkar, Lester Mackey, Ling Huang, Eui Chul Richard Shin, Emil Stefanov, Elaine Shi, and Dawn Song. 2014. Joint link prediction and attribute inference using a social-attribute network. ACM Transactions on Intelligent Systems and Technology (2014), 1–20.

[20]

Lei Guo, Hongzhi Yin, Qinyong Wang, Tong Chen, Alexander Zhou, and Nguyen Quoc Viet Hung. 2019. Streaming session-based recommendation. In SIGKDD. 1569–1577.

[21]

Will Hamilton, Zhitao Ying, and Jure Leskovec. 2017. Inductive representation learning on large graphs. In NeurIPS. 1024–1034.

[22]

Jianming He, Wesley W Chu, and Zhenyu Victor Liu. 2006. Inferring privacy information from social networks. In ISI. 154–165.

[23]

Jinyuan Jia, Binghui Wang, Le Zhang, and Neil Zhenqiang Gong. 2017. AttriInfer: Inferring user attributes in online social networks using markov random fields. In WWW. 1561–1569.

[24]

Hua Jingyu, Xia Chang, and Zhong Sheng. 2015. Differentially Private Matrix Factorization. In IJCAI. 57–62.

[25]

Thivya Kandappu, Arik Friedman, Roksana Boreli, and Vijay Sivaraman. 2014. PrivacyCanary: Privacy-aware recommenders with adaptive input obfuscation. In MASCOTS. 453–462.

[26]

Rimma Kats. 2018. Many Facebook Users are Sharing Less Content. In eMarketer, https://www.emarketer.com/content/many-facebook-users-are-sharing-less-content-because-of-privacy-concerns.

[27]

Jinsu Kim, Dongyoung Koo, Yuna Kim, Hyunsoo Yoon, Junbum Shin, and Sungwook Kim. 2018. Efficient privacy-preserving matrix factorization for recommendation via fully homomorphic encryption. ACM Transactions on Privacy and Security(2018), 1–30.

[28]

Thomas N Kipf and Max Welling. 2017. Semi-supervised classification with graph convolutional networks. In ICLR.

[29]

Michal Kosinski, David Stillwell, and Thore Graepel. 2013. Private traits and attributes are predictable from digital records of human behavior. PNAS (2013), 5802–5805.

[30]

Jing Lei. 2011. Differentially private m-estimators. In NeurIPS. 361–369.

[31]

Jack Lindamood, Raymond Heatherly, Murat Kantarcioglu, and Bhavani Thuraisingham. 2009. Inferring private information using social network data. In WWW. 1145–1146.

[32]

Xiaoqian Liu, Qianmu Li, Zhen Ni, and Jun Hou. 2019. Differentially private recommender system with autoencoders. In iThings. 450–457.

[33]

Ziqi Liu, Yu-Xiang Wang, and Alexander Smola. 2015. Fast differentially private matrix factorization. In RECSYS. 171–178.

[34]

Frank McSherry and Ilya Mironov. 2009. Differentially private recommender systems: Building privacy into the netflix prize contenders. In SIGKDD. 627–636.

[35]

Andriy Mnih and Ruslan R Salakhutdinov. 2008. Probabilistic matrix factorization. In NeurIPS. 1257–1264.

[36]

A Naranyanan and V Shmatikov. 2008. Robust de-anonymization of large datasets. In IEEE Symposium on Security and Privacy. 111–125.

[37]

Valeria Nikolaenko, Stratis Ioannidis, Udi Weinsberg, Marc Joye, Nina Taft, and Dan Boneh. 2013. Privacy-preserving matrix factorization. In SIGSAC. 801–812.

[38]

Javier Parra-Arnau, David Rebollo-Monedero, and Jordi Forné. 2014. Optimal forgery and suppression of ratings for privacy enhancement in recommendation systems. Entropy (2014), 1586–1631.

[39]

Huseyin Polat and Wenliang Du. 2005. Privacy-preserving collaborative filtering. International journal of electronic commerce (2005), 9–35.

[40]

Al Mamunur Rashid, Istvan Albert, Dan Cosley, Shyong K Lam, Sean M McNee, Joseph A Konstan, and John Riedl. 2002. Getting to know you: learning new user preferences in recommender systems. In IUI. 127–134.

[41]

Steffen Rendle, Christoph Freudenthaler, Zeno Gantner, and Lars Schmidt-Thieme. 2009. BPR: Bayesian personalized ranking from implicit feedback. UAI (2009), 452–461.

Digital Library

[42]

Chuan Shi, Binbin Hu, Wayne Xin Zhao, and S Yu Philip. 2018. Heterogeneous information network embedding for recommendation. IEEE Transactions on Knowledge and Data Engineering (2018), 357–370.

[43]

Hyejin Shin, Sungwook Kim, Junbum Shin, and Xiaokui Xiao. 2018. Privacy enhanced matrix factorization for recommendation with local differential privacy. IEEE Transactions on Knowledge and Data Engineering (2018), 1770–1782.

Digital Library

[44]

Kai Shu, Suhang Wang, Jiliang Tang, Reza Zafarani, and Huan Liu. 2017. User identity linkage across online social networks: A review. Acm SIGKDD Explorations Newsletter(2017), 5–17.

[45]

Petar Veličković, Guillem Cucurull, Arantxa Casanova, Adriana Romero, Pietro Lio, and Yoshua Bengio. 2017. Graph attention networks. In ICLR.

[46]

Ning Wang, Xiaokui Xiao, Yin Yang, Jun Zhao, Siu Cheung Hui, Hyejin Shin, Junbum Shin, and Ge Yu. 2019. Collecting and analyzing multidimensional data with local differential privacy. In ICDE. 638–649.

[47]

Qinyong Wang, Hongzhi Yin, Tong Chen, Zi Huang, Hao Wang, Yanchang Zhao, and Nguyen Quoc Viet Hung. 2020. Next Point-of-Interest Recommendation on Resource-Constrained Mobile Devices. In WWW. 906–916.

[48]

Tianhao Wang, Jeremiah Blocki, Ninghui Li, and Somesh Jha. 2017. Locally differentially private protocols for frequency estimation. In USENIX. 729–745.

[49]

Xiang Wang, Xiangnan He, Meng Wang, Fuli Feng, and Tat-Seng Chua. 2019. Neural graph collaborative filtering. In SIGIR. 165–174.

[50]

Udi Weinsberg, Smriti Bhagat, Stratis Ioannidis, and Nina Taft. 2012. BlurMe: Inferring and obfuscating user gender based on ratings. In RECSYS. 195–202.

[51]

Xin Xia, Hongzhi Yin, Junliang Yu, Qinyong Wang, Lizhen Cui, and Xiangliang Zhang. 2020. Self-Supervised Hypergraph Convolutional Networks for Session-based Recommendation. In AAAI.

[52]

Min Xie, Hongzhi Yin, Hao Wang, Fanjiang Xu, Weitong Chen, and Sen Wang. 2016. Learning graph-based poi embedding for location-based recommendation. In CIKM. 15–24.

[53]

Depeng Xu, Shuhan Yuan, Xintao Wu, and HaiNhat Phan. 2018. DPNE: Differentially private network embedding. In PAKDD. 235–246.

[54]

Hongzhi Yin, Qinyong Wang, Kai Zheng, Zhixu Li, Jiali Yang, and Xiaofang Zhou. 2019. Social influence-based group representation learning for group recommendation. In ICDE. 566–577.

[55]

Rex Ying, Ruining He, Kaifeng Chen, Pong Eksombatchai, William L Hamilton, and Jure Leskovec. 2018. Graph convolutional neural networks for web-scale recommender systems. In SIGKDD. 974–983.

[56]

Junliang Yu, Hongzhi Yin, Jundong Li, Min Gao, Zi Huang, and Lizhen Cui. 2020. Enhance Social Recommendation with Adversarial Graph Convolutional Networks. IEEE Transactions on Knowledge and Data Engineering (2020).

[57]

Jun Zhang, Zhenjie Zhang, Xiaokui Xiao, Yin Yang, and Marianne Winslett. 2012. Functional mechanism: regression analysis under differential privacy. VLDB (2012).

Digital Library

[58]

Shijie Zhang, Hongzhi Yin, Tong Chen, Quoc Viet Nguyen Hung, Zi Huang, and Lizhen Cui. 2020. GCN-Based User Representation Learning for Unifying Robust Recommendation and Fraudster Detection. In SIGIR. 689–698.

[59]

Shijie Zhang, Hongzhi Yin, Qinyong Wang, Tong Chen, Hongxu Chen, and Quoc Viet Hung Nguyen. 2019. Inferring Substitutable Products with Deep Network Embedding. In IJCAI. 4306–4312.

[60]

Cai-Nicolas Ziegler, Sean M McNee, Joseph A Konstan, and Georg Lausen. 2005. Improving recommendation lists through topic diversification. In WWW. 22–32.

Cited By

Duan ZWang CZhong W(2024)SSGCL: Simple Social Recommendation with Graph Contrastive LearningMathematics10.3390/math1207110712:7(1107)Online publication date: 7-Apr-2024
https://doi.org/10.3390/math12071107
Chen CZhang YLi YWang JQi LXu XZheng XYin J(2024)Post-Training Attribute Unlearning in Recommender SystemsACM Transactions on Information Systems10.1145/370198743:1(1-28)Online publication date: 6-Nov-2024
https://dl.acm.org/doi/10.1145/3701987
Chen LYuan WChen TYe GHung NYin H(2024)Adversarial Item Promotion on Visually-Aware Recommender Systems by Guided DiffusionACM Transactions on Information Systems10.1145/366608842:6(1-26)Online publication date: 19-Aug-2024
https://dl.acm.org/doi/10.1145/3666088
Show More Cited By

Recommendations

Are Attribute Inference Attacks Just Imputation?
CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security

Models can expose sensitive information about their training data. In an attribute inference attack, an adversary has partial knowledge of some training records and access to a model trained on those records, and infers the unknown values of a sensitive ...
Improving Sequential Recommendation with Attribute-Augmented Graph Neural Networks
Advances in Knowledge Discovery and Data Mining
Abstract
Many practical recommender systems provide item recommendation for different users only via mining user-item interactions but totally ignoring the rich attribute information of items that users interact with. In this paper, we propose an attribute-...
Privacy-aware network embedding-based ensemble for social recommendation
Abstract
Recommender systems play a significant role in helping online users to find the relevant items based on their past preferences. With the sweep of the social network, the social recommendation has emerged that relies on users' social connections to ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

WWW '21: Proceedings of the Web Conference 2021

April 2021

4054 pages

ISBN:9781450383127

DOI:10.1145/3442381

Editors:
Jure Leskovec
Stanford
,
Marko Grobelnik
Jožef Stefan Institute
,
Marc Najork
Google
,
Jie Tang
Tsinghua University
,
Leila Zia
Wikimedia Foundation

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGWEB: ACM Special Interest Group on Hypertext, Hypermedia, and Web

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 June 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

WWW '21

Sponsor:

SIGWEB

WWW '21: The Web Conference 2021

April 19 - 23, 2021

Ljubljana, Slovenia

Acceptance Rates

Overall Acceptance Rate 1,899 of 8,196 submissions, 23%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

56
Total Citations
View Citations
950
Total Downloads

Downloads (Last 12 months)188
Downloads (Last 6 weeks)16

Reflects downloads up to 23 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Duan ZWang CZhong W(2024)SSGCL: Simple Social Recommendation with Graph Contrastive LearningMathematics10.3390/math1207110712:7(1107)Online publication date: 7-Apr-2024
https://doi.org/10.3390/math12071107
Chen CZhang YLi YWang JQi LXu XZheng XYin J(2024)Post-Training Attribute Unlearning in Recommender SystemsACM Transactions on Information Systems10.1145/370198743:1(1-28)Online publication date: 6-Nov-2024
https://dl.acm.org/doi/10.1145/3701987
Chen LYuan WChen TYe GHung NYin H(2024)Adversarial Item Promotion on Visually-Aware Recommender Systems by Guided DiffusionACM Transactions on Information Systems10.1145/366608842:6(1-26)Online publication date: 19-Aug-2024
https://dl.acm.org/doi/10.1145/3666088
Zhang JTal I(2024)A Systematic Review of Contemporary Applications of Privacy-Aware Graph Neural Networks in Smart CitiesProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3669980(1-10)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3669980
Shen MTan ZNiyato DLiu YKang JXiong ZZhu LWang WShen X(2024)Artificial Intelligence for Web 3.0: A Comprehensive SurveyACM Computing Surveys10.1145/365728456:10(1-39)Online publication date: 14-May-2024
https://dl.acm.org/doi/10.1145/3657284
Ge YLiu SFu ZTan JLi ZXu SLi YXian YZhang Y(2024)A Survey on Trustworthy Recommender SystemsACM Transactions on Recommender Systems10.1145/36528913:2(1-68)Online publication date: 13-Apr-2024
https://dl.acm.org/doi/10.1145/3652891
Zhong DWang XXu ZXu JWang WSerra ESpezzano F(2024)Interaction-level Membership Inference Attack against Recommender Systems with Long-tailed DistributionProceedings of the 33rd ACM International Conference on Information and Knowledge Management10.1145/3627673.3679804(3433-3442)Online publication date: 21-Oct-2024
https://dl.acm.org/doi/10.1145/3627673.3679804
Zhang SYin HChen HLong CAngélica LLattanzi SMuñoz Medina AAkoglu LGionis AVassilvitskii S(2024)Defense Against Model Extraction Attacks on Recommender SystemsProceedings of the 17th ACM International Conference on Web Search and Data Mining10.1145/3616855.3635751(949-957)Online publication date: 4-Mar-2024
https://dl.acm.org/doi/10.1145/3616855.3635751
Zheng RQu LChen TCui LShi YYin HChua TNgo CKa-Wei Lee RKumar RLauw H(2024)Decentralized Collaborative Learning with Adaptive Reference Data for On-Device POI RecommendationProceedings of the ACM Web Conference 202410.1145/3589334.3645696(3930-3939)Online publication date: 13-May-2024
https://dl.acm.org/doi/10.1145/3589334.3645696
Qu LYuan WZheng RCui LShi YYin HChua TNgo CKa-Wei Lee RKumar RLauw H(2024)Towards Personalized Privacy: User-Governed Data Contribution for Federated RecommendationProceedings of the ACM Web Conference 202410.1145/3589334.3645690(3910-3918)Online publication date: 13-May-2024
https://dl.acm.org/doi/10.1145/3589334.3645690
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Table of Contents