temporal defenses for robust recommendations
DESCRIPTION
Presentation at PSDML Workshop (ECML/PKDD 2010), Barcelona Sept 24 2010TRANSCRIPT
![Page 1: Temporal Defenses for Robust Recommendations](https://reader036.vdocuments.net/reader036/viewer/2022062514/559b539e1a28ab954e8b4820/html5/thumbnails/1.jpg)
temporal defenses for robust recommendations
neal lathia, s. hailes, l. capraPSDML @ ECML/PKDD, Sept 24 2010
email: [email protected]: @neal_lathia
http://www.cs.ucl.ac.uk/staff/n.lathia
![Page 2: Temporal Defenses for Robust Recommendations](https://reader036.vdocuments.net/reader036/viewer/2022062514/559b539e1a28ab954e8b4820/html5/thumbnails/2.jpg)
what are recommender systems?
● web portals that (try to) connect you with the content (movies, music, books,...) that interests you
● many, many examples (netflix, last.fm, love film, amazon)
![Page 3: Temporal Defenses for Robust Recommendations](https://reader036.vdocuments.net/reader036/viewer/2022062514/559b539e1a28ab954e8b4820/html5/thumbnails/3.jpg)
how do they work?
● collaborative fltering: reasoning on the user-item rating matrix; many techniques available (kNN, SVD)
● ranking based on predicted interest
u1
u2
u3
u4
u5
1*
4*
4*
5*
3*
2*
5*
5*
2*
3*
?
3*
3*
1*
i1 i2 i3 i4 i5
1*
2*
2*
1*
![Page 4: Temporal Defenses for Robust Recommendations](https://reader036.vdocuments.net/reader036/viewer/2022062514/559b539e1a28ab954e8b4820/html5/thumbnails/4.jpg)
wisdom of the (anonymous) crowds
● “based on the premise that people looking for information should be able to make use of what others have already found and evaluated”
![Page 5: Temporal Defenses for Robust Recommendations](https://reader036.vdocuments.net/reader036/viewer/2022062514/559b539e1a28ab954e8b4820/html5/thumbnails/5.jpg)
wisdom of the (anonymous) crowds
● “based on the premise that people looking for information should be able to make use of what others have already found and evaluated”
+ you don't have to know who rated what to receive recommendations
– who are they? are they rating honestly? are they human?
![Page 6: Temporal Defenses for Robust Recommendations](https://reader036.vdocuments.net/reader036/viewer/2022062514/559b539e1a28ab954e8b4820/html5/thumbnails/6.jpg)
...a sybil attack...shilling attack, profile injection attack
...when an attacker tries to subvert the system by creating a large number of sybils—pseudonymous
identities—in order to gain a disproportionate amount of influence...
![Page 7: Temporal Defenses for Robust Recommendations](https://reader036.vdocuments.net/reader036/viewer/2022062514/559b539e1a28ab954e8b4820/html5/thumbnails/7.jpg)
incentive to attack?
![Page 8: Temporal Defenses for Robust Recommendations](https://reader036.vdocuments.net/reader036/viewer/2022062514/559b539e1a28ab954e8b4820/html5/thumbnails/8.jpg)
![Page 9: Temporal Defenses for Robust Recommendations](https://reader036.vdocuments.net/reader036/viewer/2022062514/559b539e1a28ab954e8b4820/html5/thumbnails/9.jpg)
![Page 10: Temporal Defenses for Robust Recommendations](https://reader036.vdocuments.net/reader036/viewer/2022062514/559b539e1a28ab954e8b4820/html5/thumbnails/10.jpg)
attacks?
random targetted
inject noise structured attack
![Page 11: Temporal Defenses for Robust Recommendations](https://reader036.vdocuments.net/reader036/viewer/2022062514/559b539e1a28ab954e8b4820/html5/thumbnails/11.jpg)
structured attacks: how?
target: item that attacker wants promoted/demoted
selected: similar items, to deceive the algorithm
filler: other items, to deceive humans
![Page 12: Temporal Defenses for Robust Recommendations](https://reader036.vdocuments.net/reader036/viewer/2022062514/559b539e1a28ab954e8b4820/html5/thumbnails/12.jpg)
how can we defendrecommender systems?
![Page 13: Temporal Defenses for Robust Recommendations](https://reader036.vdocuments.net/reader036/viewer/2022062514/559b539e1a28ab954e8b4820/html5/thumbnails/13.jpg)
prior work: static classification
u1
u2
u3
u4
u5
i1 i2 i3 i4 i5
honest
sybil
![Page 14: Temporal Defenses for Robust Recommendations](https://reader036.vdocuments.net/reader036/viewer/2022062514/559b539e1a28ab954e8b4820/html5/thumbnails/14.jpg)
problems with static classification
u1
u2
u3
u4
u5
i1 i2 i3 i4 i5
honest
sybil
when to run classifier?
when is system under attack?
when are sybils damaging recommendations?
![Page 15: Temporal Defenses for Robust Recommendations](https://reader036.vdocuments.net/reader036/viewer/2022062514/559b539e1a28ab954e8b4820/html5/thumbnails/15.jpg)
proposal: temporal defenses
1. force sybils to draw out their attack2. learn normal temporal behaviour
3. monitor & detect a wide range of attacks
~ and then ~4. force sybils to attack more intelligently
![Page 16: Temporal Defenses for Robust Recommendations](https://reader036.vdocuments.net/reader036/viewer/2022062514/559b539e1a28ab954e8b4820/html5/thumbnails/16.jpg)
1. distrusting newcomers
→ time →
prediction shift
![Page 17: Temporal Defenses for Robust Recommendations](https://reader036.vdocuments.net/reader036/viewer/2022062514/559b539e1a28ab954e8b4820/html5/thumbnails/17.jpg)
1. distrusting newcomers
prediction shift
→ time →
![Page 18: Temporal Defenses for Robust Recommendations](https://reader036.vdocuments.net/reader036/viewer/2022062514/559b539e1a28ab954e8b4820/html5/thumbnails/18.jpg)
1. distrusting newcomers
prediction shift
→ time →
![Page 19: Temporal Defenses for Robust Recommendations](https://reader036.vdocuments.net/reader036/viewer/2022062514/559b539e1a28ab954e8b4820/html5/thumbnails/19.jpg)
1. force sybils to draw out their attackhow? distrust newcomers
sybils are forced to appear more than once
![Page 20: Temporal Defenses for Robust Recommendations](https://reader036.vdocuments.net/reader036/viewer/2022062514/559b539e1a28ab954e8b4820/html5/thumbnails/20.jpg)
2. sybil group dynamicssingle sybil = not an effective attack
sybils need to collude: how?
![Page 21: Temporal Defenses for Robust Recommendations](https://reader036.vdocuments.net/reader036/viewer/2022062514/559b539e1a28ab954e8b4820/html5/thumbnails/21.jpg)
2. examine sybil group dynamics
how many sybils are there?
how many ratings per sybil?
![Page 22: Temporal Defenses for Robust Recommendations](https://reader036.vdocuments.net/reader036/viewer/2022062514/559b539e1a28ab954e8b4820/html5/thumbnails/22.jpg)
2. examine sybil group dynamics
how many sybils are there?
how many ratings per sybil?
(few, many) (many, many)
(many, few)(few, few)
![Page 23: Temporal Defenses for Robust Recommendations](https://reader036.vdocuments.net/reader036/viewer/2022062514/559b539e1a28ab954e8b4820/html5/thumbnails/23.jpg)
how does this affect data? (attack impact)
how many sybils are there?
how many ratings per sybil?
![Page 24: Temporal Defenses for Robust Recommendations](https://reader036.vdocuments.net/reader036/viewer/2022062514/559b539e1a28ab954e8b4820/html5/thumbnails/24.jpg)
how to detect these attacks? (monitor!)
how many sybils are there?
how many ratings per sybil?
system-level
user-level
item-level
![Page 25: Temporal Defenses for Robust Recommendations](https://reader036.vdocuments.net/reader036/viewer/2022062514/559b539e1a28ab954e8b4820/html5/thumbnails/25.jpg)
overview of methodology
● monitor: learn how data changes over time● what data to look at?
● flag: anomalous changes due to attack● when to flag?
● this work: simple anomaly-detection; flag when time series is > a variance-adjusted threshold above an exponentially weighted moving average
![Page 26: Temporal Defenses for Robust Recommendations](https://reader036.vdocuments.net/reader036/viewer/2022062514/559b539e1a28ab954e8b4820/html5/thumbnails/26.jpg)
a) system-level
![Page 27: Temporal Defenses for Robust Recommendations](https://reader036.vdocuments.net/reader036/viewer/2022062514/559b539e1a28ab954e8b4820/html5/thumbnails/27.jpg)
a) system-level
![Page 28: Temporal Defenses for Robust Recommendations](https://reader036.vdocuments.net/reader036/viewer/2022062514/559b539e1a28ab954e8b4820/html5/thumbnails/28.jpg)
how to evaluate our simple technique?
● a) simulation● simulate stream of “average user ratings”● play with mean/variance of time series● measure precision/recall
● b) real data + injected attacks● measure attack impact
![Page 29: Temporal Defenses for Robust Recommendations](https://reader036.vdocuments.net/reader036/viewer/2022062514/559b539e1a28ab954e8b4820/html5/thumbnails/29.jpg)
evaluation
● a) simulation
![Page 30: Temporal Defenses for Robust Recommendations](https://reader036.vdocuments.net/reader036/viewer/2022062514/559b539e1a28ab954e8b4820/html5/thumbnails/30.jpg)
evaluation
● a) real data – before
![Page 31: Temporal Defenses for Robust Recommendations](https://reader036.vdocuments.net/reader036/viewer/2022062514/559b539e1a28ab954e8b4820/html5/thumbnails/31.jpg)
evaluation
● a) real data – after
![Page 32: Temporal Defenses for Robust Recommendations](https://reader036.vdocuments.net/reader036/viewer/2022062514/559b539e1a28ab954e8b4820/html5/thumbnails/32.jpg)
b) user-level
● similar approach; look at different data:● how many high volume raters?● how much do high-volume raters rate?
![Page 33: Temporal Defenses for Robust Recommendations](https://reader036.vdocuments.net/reader036/viewer/2022062514/559b539e1a28ab954e8b4820/html5/thumbnails/33.jpg)
evaluation
● a) real data – before
![Page 34: Temporal Defenses for Robust Recommendations](https://reader036.vdocuments.net/reader036/viewer/2022062514/559b539e1a28ab954e8b4820/html5/thumbnails/34.jpg)
evaluation
![Page 35: Temporal Defenses for Robust Recommendations](https://reader036.vdocuments.net/reader036/viewer/2022062514/559b539e1a28ab954e8b4820/html5/thumbnails/35.jpg)
where we stand
![Page 36: Temporal Defenses for Robust Recommendations](https://reader036.vdocuments.net/reader036/viewer/2022062514/559b539e1a28ab954e8b4820/html5/thumbnails/36.jpg)
c) item-level: slightly different context
1. the item is rated by many usersdefine many? using how other items were rated
2. the item is rated with extreme ratingsdefine extreme? what is avg item mean?
3. (from a + b) the item mean ratings shiftsnuke or promote?
flag: if all three conditions broken. Why?1 � popular item. 2 � few extreme ratings. 3 � cold start item
1 + 2 but not 3 � attack doesn't change anything
![Page 37: Temporal Defenses for Robust Recommendations](https://reader036.vdocuments.net/reader036/viewer/2022062514/559b539e1a28ab954e8b4820/html5/thumbnails/37.jpg)
evaluation
![Page 38: Temporal Defenses for Robust Recommendations](https://reader036.vdocuments.net/reader036/viewer/2022062514/559b539e1a28ab954e8b4820/html5/thumbnails/38.jpg)
future work: how to defeat these defenses?
![Page 39: Temporal Defenses for Robust Recommendations](https://reader036.vdocuments.net/reader036/viewer/2022062514/559b539e1a28ab954e8b4820/html5/thumbnails/39.jpg)
future work: how to defeat these defenses?
![Page 40: Temporal Defenses for Robust Recommendations](https://reader036.vdocuments.net/reader036/viewer/2022062514/559b539e1a28ab954e8b4820/html5/thumbnails/40.jpg)
contributions
1. force sybils to draw out their attack2. learn normal temporal behaviour
3. monitor & detect a wide range of attacks
~ and then ~4. force sybils to attack more intelligently
![Page 41: Temporal Defenses for Robust Recommendations](https://reader036.vdocuments.net/reader036/viewer/2022062514/559b539e1a28ab954e8b4820/html5/thumbnails/41.jpg)
temporal defenses for robust recommendations
n. lathia, s. hailes, l. capraPSDML @ ECML/PKDD, Sept 24 2010
[email protected]@neal_lathia
http://www.cs.ucl.ac.uk/staff/n.lathia