DV-FSR: A Dual-View Target Attack Framework for Federated Sequential Recommendation

TL;DR

This paper introduces DV-FSR, a dual-view attack framework for federated sequential recommendation systems, combining explicit sampling and contrastive learning strategies, and evaluates its effectiveness alongside a tailored defense mechanism.

Contribution

The paper proposes a novel dual-view attack framework for federated sequential recommendation, integrating explicit and implicit strategies, and introduces a defense mechanism to counteract such targeted attacks.

Findings

The proposed DV-FSR significantly outperforms existing attack methods.

The defense mechanism effectively mitigates the impact of the attack.

Extensive experiments validate the attack's high effectiveness on various models.

Abstract

Federated recommendation (FedRec) preserves user privacy by enabling decentralized training of personalized models, but this architecture is inherently vulnerable to adversarial attacks. Significant research has been conducted on targeted attacks in FedRec systems, motivated by commercial and social influence considerations. However, much of this work has largely overlooked the differential robustness of recommendation models. Moreover, our empirical findings indicate that existing targeted attack methods achieve only limited effectiveness in Federated Sequential Recommendation (FSR) tasks. Driven by these observations, we focus on investigating targeted attacks in FSR and propose a novel dualview attack framework, named DV-FSR. This attack method uniquely combines a sampling-based explicit strategy with a contrastive learning-based implicit gradient strategy to orchestrate a coordinated attack. Additionally, we introduce a specific defense mechanism tailored for targeted attacks in FSR, aiming to evaluate the mitigation effects of the attack method we proposed. Extensive experiments validate the effectiveness of our proposed approach on representative sequential models.