| Abstract: |
Researchers have
shown that collaborative recommender systems, the most common type of
web personalization system, are highly vulnerable to attack. Attackers
can use automated means to inject a large number of biased profiles into
such a system, resulting in recommendations that favor or disfavor given
items. Since collaborative recommender systems must be open to user
input, it is difficult to design a system that cannot be so attacked.
Researchers studying robust recommendation have therefore begun to study
mechanisms for recognizing and defeating attacks. In prior work, we have
introduced a variety of attributes designed to detect profile injection
attacks and evaluated their combined classification performance against
several well studied attack models using supervised classification
techniques. In this paper, we propose and study the impact the
dimensions of attack type, attack intent, filler size, and attack size
have on the effectiveness of such a detection scheme. We conclude by
experimentally exploring the weaknesses of a detection scheme based on
supervised classification, and techniques that can be combined with this
approach to address these vulnerabilities. |