Reference Recommendation based Membership Inference Attack against Hybrid-based Recommender Systems

TL;DR

This paper introduces a novel metric-based membership inference attack tailored for hybrid recommender systems, exploiting personalization features to determine if user data was used in training, revealing privacy vulnerabilities.

Contribution

The paper proposes a new metric-based MIA specifically designed for hybrid recommender systems, addressing a gap in existing attack methods by leveraging personalization characteristics.

Findings

The proposed MIA effectively infers user data membership in hybrid recommenders.

The attack demonstrates high accuracy both theoretically and empirically.

Personalization features significantly influence MIA success.

Abstract

Recommender systems have been widely deployed across various domains such as e-commerce and social media, and intelligently suggest items like products and potential friends to users based on their preferences and interaction history, which are often privacy-sensitive. Recent studies have revealed that recommender systems are prone to membership inference attacks (MIAs), where an attacker aims to infer whether or not a user's data has been used for training a target recommender system. However, existing MIAs fail to exploit the unique characteristic of recommender systems, and therefore are only applicable to mixed recommender systems consisting of two recommendation algorithms. This leaves a gap in investigating MIAs against hybrid-based recommender systems where the same algorithm utilizing user-item historical interactions and attributes of users and items serves and produces personalised recommendations. To investigate how the personalisation in hybrid-based recommender systems influences MIA, we propose a novel metric-based MIA. Specifically, we leverage the characteristic of personalisation to obtain reference recommendation for any target users. Then, a relative membership metric is proposed to exploit a target user's historical interactions, target recommendation, and reference recommendation to infer the membership of the target user's data. Finally, we theoretically and empirically demonstrate the efficacy of the proposed metric-based MIA on hybrid-based recommender systems.