Graph Embedding for Recommendation against Attribute Inference Attacks
In recent years, recommender systems play a pivotal role in helping users
identify the most suitable items that satisfy personal preferences. As
user-item interactions can be naturally modelled as graph-structured data,
variants of graph convolutional networks (GCNs) have become a well-established
building block in the latest recommenders. Due to the wide utilization of
sensitive user profile data, existing recommendation paradigms are likely to
expose users to the threat of privacy breach, and GCN-based recommenders are no
exception. Apart from the leakage of raw user data, the fragility of current
recommenders under inference attacks offers malicious attackers a backdoor to
estimate users' private attributes via their behavioral footprints and the
recommendation results. However, little attention has been paid to developing
recommender systems that can defend such attribute inference attacks, and
existing works achieve attack resistance by either sacrificing considerable
recommendation accuracy or only covering specific attack models or protected
information. In our paper, we propose GERAI, a novel differentially private
graph convolutional network to address such limitations. Specifically, in
GERAI, we bind the information perturbation mechanism in differential privacy
with the recommendation capability of graph convolutional networks.
Furthermore, based on local differential privacy and functional mechanism, we
innovatively devise a dual-stage encryption paradigm to simultaneously enforce
privacy guarantee on users' sensitive features and the model optimization
process. Extensive experiments show the superiority of GERAI in terms of its
resistance to attribute inference attacks and recommendation effectiveness.
223
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
