PrivMVMF: Privacy-Preserving Multi-View Matrix Factorization for Recommender Systems

TL;DR

This paper reveals privacy vulnerabilities in federated matrix factorization for recommender systems and introduces PrivMVMF, a homomorphic encryption-based framework to enhance user data privacy.

Contribution

It provides a theoretical analysis of privacy risks in federated matrix factorization and proposes a novel privacy-preserving method using homomorphic encryption.

Findings

Server can infer user data with >80% accuracy from gradients.

Reconstruction attack outperforms random guess by >30% with Laplace noise.

PrivMVMF effectively protects privacy on MovieLens dataset.

Abstract

With an increasing focus on data privacy, there have been pilot studies on recommender systems in a federated learning (FL) framework, where multiple parties collaboratively train a model without sharing their data. Most of these studies assume that the conventional FL framework can fully protect user privacy. However, there are serious privacy risks in matrix factorization in federated recommender systems based on our study. This paper first provides a rigorous theoretical analysis of the server reconstruction attack in four scenarios in federated recommender systems, followed by comprehensive experiments. The empirical results demonstrate that the FL server could infer users' information with accuracy >80% based on the uploaded gradients from FL nodes. The robustness analysis suggests that our reconstruction attack analysis outperforms the random guess by >30% under Laplace noises with b no larger than 0.5 for all scenarios. Then, the paper proposes a new privacy-preserving framework based on homomorphic encryption, Privacy-Preserving Multi-View Matrix Factorization (PrivMVMF), to enhance user data privacy protection in federated recommender systems. The proposed PrivMVMF is successfully implemented and tested thoroughly with the MovieLens dataset.