A Security-assured Accuracy-maximised Privacy Preserving Collaborative Filtering Recommendation Algorithm

TL;DR

This paper introduces a novel privacy-preserving collaborative filtering algorithm that guarantees security against $k$NN attacks while maintaining optimal prediction accuracy through partitioned neighbor selection with differential privacy.

Contribution

The paper proposes Partitioned Probabilistic Neighbour Selection, a new method that balances security and accuracy in privacy-preserving recommender systems.

Findings

Ensures security against $k$NN attack with optimal accuracy.

Uses exponential differential privacy for neighbor selection.

Theoretical and experimental results validate effectiveness.

Abstract

The neighbourhood-based Collaborative Filtering is a widely used method in recommender systems. However, the risks of revealing customers' privacy during the process of filtering have attracted noticeable public concern recently. Specifically, $k$NN attack discloses the target user's sensitive information by creating $k$ fake nearest neighbours by non-sensitive information. Among the current solutions against $k$NN attack, the probabilistic methods showed a powerful privacy preserving effect. However, the existing probabilistic methods neither guarantee enough prediction accuracy due to the global randomness, nor provide assured security enforcement against $k$NN attack. To overcome the problems of current probabilistic methods, we propose a novel approach, Partitioned Probabilistic Neighbour Selection, to ensure a required security guarantee while achieving the optimal prediction accuracy against $k$NN attack. In this paper, we define the sum of $k$ neighbours' similarity as the accuracy metric $\alpha$, the number of user partitions, across which we select the $k$ neighbours, as the security metric $\beta$. Differing from the present methods that globally selected neighbours, our method selects neighbours from each group with exponential differential privacy to decrease the magnitude of noise. Theoretical and experimental analysis show that to achieve the same security guarantee against $k$NN attack, our approach ensures the optimal prediction accuracy.