Over the past decade, many approaches have been presented to detect shilling attacks in collaborative recommender systems. However, these approaches focus mainly on detecting individual attackers and rarely consider the collusive shilling behaviors among attackers, i.e., a group of attackers working together to bias the output of collaborative recommender systems by injecting fake profiles. Such shilling behaviors are generally termed group shilling attacks, which are more harmful to collaborative recommender systems than traditional shilling attacks. In this paper, we propose a graph embedding-based method to detect group shilling attacks in collaborative recommender systems. First, we construct a user relationship graph by analyzing the user rating behaviors and use a graph embedding method to obtain the low-dimensional vector representation of each node in the user relationship graph. Second, we employ the k-means++ clustering algorithm to obtain candidate groups based on the generated user feature vectors. Finally, we calculate the suspicious degree of each candidate group according to the attack group detection indicators and use the Ward’s hierarchical clustering method to cluster the candidate groups according to their suspicious degrees and obtain the attack groups. The experimental results on the Amazon and Netflix datasets show that the proposed method outperforms the baseline methods in detection performance.

在过去的十年中，已经提出了许多方法来检测协作推荐系统中的先令攻击。但是，这些方法主要侧重于检测单个攻击者，很少考虑攻击者之间的串通先令行为，即一群攻击者通过注入伪造的配置文件共同偏向协作推荐系统的输出。此类先令行为通常称为组先令攻击，它比传统先令攻击对协作推荐系统的危害更大。在本文中，我们提出了一种基于图嵌入的方法来检测协作推荐系统中的组先令攻击。第一，我们通过分析用户评价行为来构造用户关系图，并使用图嵌入的方法获得用户关系图中每个节点的低维向量表示。其次，我们使用k-means ++聚类算法基于生成的用户特征向量获得候选组。最后，根据攻击组检测指标计算出每个候选组的可疑程度，并使用沃德的层次聚类方法根据候选组的可疑程度对候选组进行聚类，得到攻击组。在Amazon和Netflix数据集上的实验结果表明，该方法在检测性能方面优于基线方法。我们采用k-means ++聚类算法，根据生成的用户特征向量获得候选组。最后，根据攻击组检测指标计算出每个候选组的可疑程度，并使用沃德的层次聚类方法根据候选组的可疑程度对候选组进行聚类，得到攻击组。在Amazon和Netflix数据集上的实验结果表明，该方法在检测性能方面优于基线方法。我们采用k-means ++聚类算法，根据生成的用户特征向量获得候选组。最后，根据攻击组检测指标计算出每个候选组的可疑程度，并使用沃德的层次聚类方法根据候选组的可疑程度对候选组进行聚类，得到攻击组。在Amazon和Netflix数据集上的实验结果表明，该方法在检测性能方面优于基线方法。