FedAU2: Attribute Unlearning for User-Level Federated Recommender Systems with Adaptive and Robust Adversarial Training

TL;DR

FedAU2 introduces an adaptive adversarial training method with a dual-stochastic autoencoder to improve attribute unlearning and privacy protection in user-level federated recommender systems, addressing training stability and information leakage.

Contribution

The paper presents FedAU2, a novel attribute unlearning approach with adaptive training and gradient leakage prevention for user-level federated recommenders.

Findings

FedAU2 outperforms baselines in unlearning effectiveness.

It enhances recommendation accuracy while protecting user attributes.

The method demonstrates robustness across three real-world datasets.

Abstract

Federated Recommender Systems (FedRecs) leverage federated learning to protect user privacy by retaining data locally. However, user embeddings in FedRecs often encode sensitive attribute information, rendering them vulnerable to attribute inference attacks. Attribute unlearning has emerged as a promising approach to mitigate this issue. In this paper, we focus on user-level FedRecs, which is a more practical yet challenging setting compared to group-level FedRecs. Adversarial training emerges as the most feasible approach within this context. We identify two key challenges in implementing adversarial training-based attribute unlearning for user-level FedRecs: i) mitigating training instability caused by user data heterogeneity, and ii) preventing attribute information leakage through gradients. To address these challenges, we propose FedAU2, an attribute unlearning method for user-level FedRecs. For CH1, we propose an adaptive adversarial training strategy, where the training dynamics are adjusted in response to local optimization behavior. For CH2, we propose a dual-stochastic variational autoencoder to perturb the adversarial model, effectively preventing gradient-based information leakage. Extensive experiments on three real-world datasets demonstrate that our proposed FedAU2 achieves superior performance in unlearning effectiveness and recommendation performance compared to existing baselines.