当前位置: X-MOL 学术IEEE Trans. Inform. Forensics Secur. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Identification of Malicious Injection Attacks in Dense Rating and Co-Visitation Behaviors
IEEE Transactions on Information Forensics and Security ( IF 6.8 ) Pub Date : 2020-08-14 , DOI: 10.1109/tifs.2020.3016827
Zhihai Yang , Qindong Sun , Yaling Zhang , Wei Wang

Personalized recommender systems are pervasive in different domains, ranging from e-commerce services, financial transaction systems to social networks. The generated ratings and reviews by users toward products are not only favourable to make targeted improvements on the products for online businesses, but also beneficial for other users to get a more insightful review of the products. In reality, recommender systems can also be deliberately manipulated by malicious users due to their fundamental vulnerabilities and openness. However, improving the detection performance for defending malicious threats including profile injection attacks and co-visitation injection attacks is constrained by the challenging issues: (1) various types of malicious attacks in real-world data coexist; (2) it is difficult to balance the commonality and speciality of rating behaviors in terms of accurate detection; and (3) rating behaviors between attackers and anchor users caused by the consistency of attack intentions are extremely similar. In this article, we develop a unified detection approach named IMIA-HCRF , to progressively discriminate malicious injection behaviors for recommender systems. First, disturbed data are empirically eliminated by implementing both the construction of association graph and enhancement of dense behaviors, which can be adapted to different attacks. Then, the smooth boundary of dense rating (or co-visitation) behaviors is further segmented using higher order potentials, which is finally leveraged to determine the concerned injection behaviors. Extensive experiments on both synthetic data and real-world data demonstrate that the proposed IMIA-HCRF outperforms all baselines on various metrics. The detection performance of IMIA-HCRF can achieve an improvement of 7.8% for mixed profile injection attacks as well as 6% for mixed co-visitation injection attacks over the baselines in terms of FAR (false alarm rate) while keeping the highest DR (detection rate). Additional experiments on real-world data show that IMIA-HCRF brings an improvement with the advantage of 11.5% FAR in average compared with the baselines.

中文翻译:

确定密集等级和同视行为中的恶意注射攻击

个性化的推荐系统遍及各个领域,从电子商务服务,金融交易系统到社交网络。用户针对产品生成的评分和评论不仅有利于针对在线业务对产品进行有针对性的改进,而且还有利于其他用户获得对产品的更深刻的评论。实际上,由于恶意用户的基本漏洞和开放性,他们也可能故意操纵推荐系统。但是,提高挑战性能以防御包括配置文件注入攻击和共同访问注入攻击在内的恶意威胁受到以下挑战性问题的限制:(1)现实数据中各种类型的恶意攻击共存;(2)在准确检测方面很难平衡评级行为的通用性和特殊性;(3)评估攻击者与用户所造成的攻击意图的一致性极为相似。在本文中,我们开发了一种统一的检测方法,名为信息系统 ,以逐步区分推荐系统的恶意注入行为。首先,通过实施关联图的构造和增强密集行为(可适应于不同的攻击),从经验上消除了干扰数据。然后,使用高阶电势进一步细分密集评级(或共同访问)行为的平滑边界,最终利用该边界来确定相关的注入行为。在合成数据和真实数据上进行的大量实验表明,提出的信息系统在各种指标上均胜过所有基准。的检测性能信息系统在保持最高DR(检测率)的同时,在FAR(错误警报率)方面,混合配置文件注入攻击的基线可以提高7.8%,混合共视注入攻击的基线可以提高6%。实际数据的其他实验表明信息系统 与基准相比,平均FAR平均提高了11.5%。
更新日期:2020-09-05
down
wechat
bug