UA-FedRec: Untargeted Attack on Federated News Recommendation

TL;DR

This paper introduces UA-FedRec, an untargeted attack method that significantly degrades federated news recommendation systems by exploiting model vulnerabilities, highlighting critical security concerns in privacy-preserving recommendation frameworks.

Contribution

The paper presents a novel untargeted attack approach on federated news recommendation, combining news and user model perturbations with sample size manipulation to effectively compromise system performance.

Findings

UA-FedRec significantly reduces recommendation accuracy.

The attack remains effective even with defense mechanisms.

The study exposes security vulnerabilities in federated news systems.

Abstract

News recommendation is critical for personalized news distribution. Federated news recommendation enables collaborative model learning from many clients without sharing their raw data. It is promising for privacy-preserving news recommendation. However, the security of federated news recommendation is still unclear. In this paper, we study this problem by proposing an untargeted attack called UA-FedRec. By exploiting the prior knowledge of news recommendation and federated learning, UA-FedRec can effectively degrade the model performance with a small percentage of malicious clients. First, the effectiveness of news recommendation highly depends on user modeling and news modeling. We design a news similarity perturbation method to make representations of similar news farther and those of dissimilar news closer to interrupt news modeling, and propose a user model perturbation method to make malicious user updates in opposite directions of benign updates to interrupt user modeling. Second, updates from different clients are typically aggregated by weighted-averaging based on their sample sizes. We propose a quantity perturbation method to enlarge sample sizes of malicious clients in a reasonable range to amplify the impact of malicious updates. Extensive experiments on two real-world datasets show that UA-FedRec can effectively degrade the accuracy of existing federated news recommendation methods, even when defense is applied. Our study reveals a critical security issue in existing federated news recommendation systems and calls for research efforts to address the issue.