Threats and Countermeasures in Federated Recommender Systems

The School of ITEE is hosting the following confirmation seminar:

Threats and Countermeasures in Federated Recommender Systems 

Speaker: Wei Yuan
Host: A/Prof. Hongzhi Yin

Abstract: With the growing concerns of data privacy in recommender systems, Federated Recommender Systems (FedRecs) are raising more and more researchers' attention, since they can learn an effective recommendation model without accessing clients' private data. Intuitively, based on the federated learning paradigm, FedRecs were considered a fairly secure and privacy-preserving solution to train a recommender model meeting privacy protection regulations (e.g., GDPR and CCPA). As a result, few works explore the potential threats of FedRecs. In this research, we attempt to validate the threats of FedRecs from two aspects: (1) Privacy protection. Although the server cannot directly access clients' private data in FedRecs, the public parameters learned based on these sensitive data will be uploaded to the server to collaboratively build recommender systems. Therefore, these public parameters may leave a security hole for adversaries to infer clients' private data. Besides, even though FedRecs can effectively protect user privacy, it may still break current privacy protection rules, as the presence of ``the right to be forgotten''. (2) Robustness. Since all participants in FedRecs can directly influence the systems by uploading parameters/gradients, FedRecs may be more vulnerable than traditional centralized recommender systems when malicious clients attempt to manipulate the systems. Some existing works already point out the vulnerability of FedRecs for model poisoning attacks, but all these works' attacks are either based on certain unrealistic assumptions or with less effectiveness, which cannot thoroughly reveal the vulnerability of FedRecs. 

After pointing out the potential threats, this research provides corresponding solutions to address the disclosed problems. Specifically, we take the first step to incorporate unlearning in FedRecs to avoid breaking current privacy-preserving regulations. Then, we propose a regularization-based method to prevent users' interaction data leakage from membership inference attacks. Finally, we present a gradient clipping-based defense against all current FedRec model poisoning attacks. Since all completed research focused on general FedRecs, ongoing works further study the threats and countermeasures of advanced FedRecs.

Speaker biography: Wei Yuan is a PhD student from the School of ITEE at The University of Queensland under the supervision of A/Prof. Hongzhi Yin and Dr Miao Xu. He received his master’s degree in software engineering at Nanjing University. His research interests include secure and trustworthy recommender systems, federated learning, AI for software engineering, and natural language generation.