Membership Inference Attacks Against Latent Factor Model

TL;DR

This paper demonstrates that latent factor models in recommendation systems are vulnerable to membership inference attacks, achieving high accuracy in identifying user data with an attack model trained on shadow recommenders.

Contribution

It introduces a novel membership inference attack method against latent factor models using a multilayer perceptron and shadow recommenders, highlighting privacy risks.

Findings

Attack model achieves 0.857 AUC on MovieLens dataset

Latent factor models are susceptible to membership inference attacks

Proposes a new attack framework for recommendation systems

Abstract

The advent of the information age has led to the problems of information overload and unclear demands. As an information filtering system, personalized recommendation systems predict users' behavior and preference for items and improves users' information acquisition efficiency. However, recommendation systems usually use highly sensitive user data for training. In this paper, we use the latent factor model as the recommender to get the list of recommended items, and we representing users from relevant items Compared with the traditional member inference against machine learning classifiers. We construct a multilayer perceptron model with two hidden layers as the attack model to complete the member inference. Moreover, a shadow recommender is established to derive the labeled training data for the attack model. The attack model is trained on the dataset generated by the shadow recommender and tested on the dataset generated by the target recommender. The experimental data show that the AUC index of our attack model can reach 0.857 on the real dataset MovieLens, which shows that the attack model has good performance.