Abstract
Online vendors employ collaborative filtering algorithms to provide recommendations to their customers so that they can increase their sales and profits. Although recommendation schemes are successful in e-commerce sites, they are vulnerable to shilling or profile injection attacks. On one hand, online shopping sites utilize collaborative filtering schemes to enhance their competitive edge over other companies. On the other hand, malicious users and/or competing vendors might decide to insert fake profiles into the user-item matrices in such a way so that they can affect the predicted ratings on behalf of their advantages. In the past decade, various studies have been conducted to scrutinize different shilling attacks strategies, profile injection attack types, shilling attack detection schemes, robust algorithms proposed to overcome such attacks, and evaluate them with respect to accuracy, cost/benefit, and overall performance. Due to their popularity and importance, we survey about shilling attacks in collaborative filtering algorithms. Giving an overall picture about various shilling attack types by introducing new classification attributes is imperative for further research. Explaining shilling attack detection schemes in detail and robust algorithms proposed so far might open a lead to develop new detection schemes and enhance such robust algorithms further, even propose new ones. Thus, we describe various attack types and introduce new dimensions for attack classification. Detailed description of the proposed detection and robust recommendation algorithms are given. Moreover, we briefly explain evaluation of the proposed schemes. We conclude the paper by discussing various open questions.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
ACM (1992) Special issue on information filtering. Commun ACM 35(12)
Bhaumik R, Williams CA, Mobasher B, Burke RD (2006) Securing collaborative filtering against malicious attacks through anomaly detection. In: Proceedings of the 4th workshop on intelligent techniques for web personalization, Boston, MA
Bhaumik R, Burke RD, Mobasher B (2007a) Effectiveness of crawling attacks against web-based recommender systems. In: Proceedings of the 5th workshop on intelligent techniques for web personalization, Vancouver, BC, Canada, pp 17–26
Bhaumik R, Burke RD, Mobasher B (2007b) Crawling attacks against web-based recommender systems. In: Proceedings of the international conference on data mining, Las Vegas, NV, USA, pp 183–189
Bhaumik R, Mobasher B, Burke RD (2011) A clustering approach to unsupervised attack detection in collaborative recommender systems. In: Proceedings of the 7th IEEE international conference on data mining, Las Vegas, NV, USA, pp 181–187
Breese JS, Heckerman D, Kadie K (1998) Empirical analysis of predictive algorithms for collaborative filtering. In: Proceedings of the 14th conference on uncertainty in artificial intelligence, Madison, WI, USA, pp 43–52
Bryan K, O’Mahony MP, Cunningham P (2008) Unsupervised retrieval of attack profiles in collaborative recommender systems. In: Proceedings of the 2nd ACM international conference on recommender systems, Lausanne, Switzerland, pp 155–162
Burke RD, Mobasher B, Zabicki R, Bhaumik R (2005a) Identifying attack models for secure recommendation. In: Proceedings of the WebKDD workshop on the next generation of recommender systems research, San Diego, CA, USA, pp 19–25
Burke RD, Mobasher B, Bhaumik R (2005b) Limited knowledge shilling attacks in collaborative filtering systems. In: Proceedings of workshop on intelligent techniques for web personalization, Edinburgh, UK
Burke RD, Mobasher B, Bhaumik R, Williams CA (2005c) Segment-based injection attacks against collaborative filtering recommender systems. In: Proceedings of the 5th IEEE international conference on data mining, Houston, TX, USA, pp 577–580
Burke RD, Mobasher B, Bhaumik R, Williams CA (2005d) Collaborative recommendation vulnerability to focused bias injection attacks. In: Proceedings of the Workshop on privacy and security aspects of data mining, Houston, TX, USA, pp 35–43
Burke RD, Mobasher B, Williams CA, Bhaumik R (2006a) Classification features for attack detection in collaborative recommender systems. In: Proceedings of the 12th ACM SIGKDD international conference on knowledge discovery and data mining, Philadelphia, PA, USA, pp 542–547
Burke RD, Mobasher B, Williams CA, Bhaumik R (2006b) Detecting profile injection attacks in collaborative recommender systems. In: Proceedings of the 8th IEEE conference on e-commerce technology, San Francisco, CA, USA, pp 23–30
Burke RD, O’Mahony MP, Hurley NJ (2011) Robust collaborative recommendation. In: Ricci F, Rokach L, Shapira B, Kantor PB (eds) Recommender systems handbook. Springer, New York, pp 805–835
Cheng Z, Hurley NJ (2009a) Robustness analysis of model-based collaborative filtering systems. Lect Notes Comput Sci 6206: 3–15
Cheng Z, Hurley NJ (2009b) Effective diverse and obfuscated attacks on model-based recommender systems. In: Proceedings of the 3rd ACM international conference on recommender systems, New York, NY, USA, pp 141–148
Cheng Z, Hurley NJ (2009c) Trading robustness for privacy in decentralized recommender systems. In: Proceedings of the 31st conference on innovative applications of artificial intelligence, Pasadena, CA, USA, pp 79–84
Cheng Z, Hurley NJ (2010a) Analysis of robustness in trust-based recommender systems. In: Proceedings of the 9th conference on adaptivity, personalization and fusion of heterogeneous information, Paris, France, pp 114–121
Cheng Z, Hurley NJ (2010b) Robust collaborative recommendation by least trimmed squares matrix factorization. In: Proceedings of the 22nd IEEE international conference on tools with artificial intelligence, Arras, France, pp 105–112
Chirita PA, Nejdl W, Zamfir C (2005) Preventing shilling attacks in online recommender systems. In: Proceedings of the 7th annual ACM international workshop on web information and data management, Bremen, Germany, pp 67–74
Dellarocas C (2000) Immunizing online reputation reporting systems against unfair ratings and discriminatory behavior. In: Proceedings of the 2nd ACM conference on electronic commerce, Minneapolis, MN, USA, pp 150–157
Goldberg D, Nichols D, Oki BM (1992) Using collaborative filtering to weave an information tapestry. Commun ACM 35(12): 61–70
He F, Wang X, Liu B (2010) Attack detection by rough set theory in recommendation system. In: Proceedings of the IEEE international conference on granular computing, San Jose, CA, USA, pp 692–695
Herlocker JL, Konstan JA, Terveen LG, Riedl JT (2004) Evaluating collaborative filtering recommender systems. ACM Trans Inf Syst 22(1): 5–53
Hurley NJ, O’Mahony MP, Silvestre GCM (2007) Attacking recommender systems: a cost-benefit analysis. IEEE Intell Syst 22(3): 64–68
Hurley NJ, Cheng Z, Zhang M (2009) Statistical attack detection. In: Proceedings of the 3rd ACM international conference on recommender systems, New York, NY, USA, pp 149–156
Ji AT, Yeon C, Kim HN, Jo GS (2007) Distributed collaborative filtering for robust recommendations against shilling attacks. Lect Notes Comput Sci 4509: 14–25
Lam SK, Riedl JT (2004) Shilling recommender systems for fun and profit. In: Proceedings of the 13th international conference on world wide web, New York, NY, USA, pp 393–402
Lam SK, Riedl JT (2005) Privacy, shilling, and the value of information in recommender systems. In: Proceedings of the user modeling workshop on privacy-enhanced personalization, Edinburgh, UK, pp 85–92
Lam SK, Frankowski D, Riedl JT (2006) Do you trust your recommendations? An exploration of security and privacy issues in recommender systems. Lect Notes Comput Sci 3995: 14–29
Lang J, Spear M, Wu SF (2010) Social manipulation of online recommender systems. Lect Notes Comput Sci 6430: 125–139
Li C, Luo Z (2011) Detection of shilling attacks in collaborative filtering recommender systems. In: Proceedings of the international conference of soft computing and pattern recognition, Dalian, China, pp 190–193
Long Q, Hu Q (2010) Robust evaluation of binary collaborative recommendation under profile injection attack. In: Proceedings of the IEEE international conference on progress in informatics and computing, Shanghai, China, pp 1246–1250
Massa P, Avesani P (2007) Trust-aware recommender systems. In: Proceedings of the 1st ACM international conference on recommender systems, Minneapolis, MN, USA, pp 17–24
Mehta B (2007) Unsupervised shilling detection for collaborative filtering. In: Proceedings of the 22nd international conference on artificial intelligence, Vancouver, BC, Canada, pp 1402–1407
Mehta B, Hofmann T (2008) A survey of attack-resistant collaborative filtering algorithms. IEEE Data Eng Bull 31(2): 14–22
Mehta B, Nejdl W (2008) Attack resistant collaborative filtering. In: Proceedings of the 31st annual international ACM SIGIR conference on research and development in information retrieval, Singapore, pp 75–82
Mehta B, Nejdl W (2009) Unsupervised strategies for shilling detection and robust collaborative filtering. User Model User Adapt Interact 19(1-2): 65–97
Mehta B, Hofmann T, Nejdl W (2007a) Lies and propaganda: Detecting spam users in collaborative filtering. In: Proceedings of the 12th international conference on intelligent user interfaces, Honolulu, HI, USA, pp 14–21
Mehta B, Hofmann T, Nejdl W (2007b) Robust collaborative filtering. In: Proceedings of the 1st ACM international conference on recommender systems, Minneapolis, MN, USA, pp 49–56
Miyahara K, Pazzani MJ (2002) Improvement of collaborative filtering with the simple Bayesian classifier. IPSJ J 43(11)
Mobasher B, Burke RD, Bhaumik R, Williams CA (2005) Effective attack models for shilling item-based collaborative filtering systems. In: Proceedings of the WebKDD workshop, Chicago, IL, USA
Mobasher B, Burke RD, Williams CA, Bhaumik R (2006a) Analysis and detection of segment-focused attacks against collaborative recommendation. Lect Notes Comput Sci 4198: 96–118
Mobasher B, Burke RD, Sandvig JJ (2006b) Model-based collaborative filtering as a defense against profile injection attacks. In: Proceedings of the 21st national conference on artificial intelligence, Boston, MA, USA, pp 1388–1393
Mobasher B, Burke RD, Bhaumik R, Sandvig JJ (2007a) Attacks and remedies in collaborative recommendation. IEEE Intell Syst 22(3): 56–63
Mobasher B, Burke RD, Bhaumik R, Williams CA (2007b) Towards trustworthy recommender systems: an analysis of attack models and algorithm robustness. ACM Trans Internet Technol 7(4): 23–60
O’Donovan J, Smyth B (2006) Is trust robust?: An analysis of trust-based recommendation. In: Proceedings of the 11th international conference on intelligent user interfaces, Sydney, Australia, pp 101–108
O’Mahony MP, Hurley NJ, Silvestre GCM (2002a) Towards robust collaborative filtering. Lect Notes Comput Sci 2464: 87–94
O’Mahony MP, Hurley NJ, Silvestre GCM (2002b) Promoting recommendations: an attack on collaborative filtering. In: Proceedings of the 13th international conference on database and expert systems applications, Aix-en-Provence, France, pp 494–503
O’Mahony MP, Hurley NJ, Silvestre GCM (2003) Collaborative filtering-safe and sound. Lect Notes Comput Sci 2871: 506–510
O’Mahony MP (2004) Towards robust and efficient automated collaborative filtering. PhD dissertation, University College Dublin
O’Mahony MP, Hurley NJ, Silvestre GCM (2004a) Utility-based neighborhood formation for efficient and robust collaborative filtering. In: Proceedings of the 5th ACM conference on electronic commerce, New York, NY, USA, pp 260–261
O’Mahony MP, Hurley NJ, Silvestre GCM (2004b) Efficient and secure collaborative filtering through intelligent neighbor selection. In: Proceedings of the 16th European conference on artificial intelligence, Valencia, Spain, pp 383–387
O’Mahony MP, Hurley NJ, Kushmerick N, Silvestre GCM (2004c) Collaborative recommendation: a robustness analysis. ACM Trans Internet Technol 4(4): 344–377
O’Mahony MP, Hurley NJ, Silvestre GCM (2004d) An evaluation of neighborhood formation on the performance of collaborative filtering. Artif Intell Rev 21(3-4): 215–228
O’Mahony MP, Hurley NJ, Silvestre GCM (2005) Recommender systems: Attack types and strategies. In: Proceedings of the 20th national conference on artificial intelligence, Pittsburgh, PA, USA, pp 334–339
O’Mahony MP, Hurley NJ, Silvestre GCM (2006a) Detecting noise in recommender system databases. In: Proceedings of the 11th international conference on intelligent user interfaces, Sydney, Australia, pp 109–115
O’Mahony MP, Hurley NJ, Silvestre GCM (2006b) Attacking recommender systems: The cost of promotion. In: Proceedings of the workshop on recommender systems, in conjunction with the 17th European conference on artificial intelligence, Riva del Garda, Trentino, Italy, pp 24–28
O’Mahony MP, Smyth B (2007a) Evaluating the robustness of collaborative web search. In: Proceedings of the 18th Irish conference on artificial intelligence and cognitive science, Dublin, Ireland
O’Mahony MP, Smyth B (2007b) Collaborative web search: a robustness analysis. Artif Intell Rev 28(1): 69–86
Oostendorp N, Sami R (2009) The copied-item injection attack. In: Proceedings of the workshop on recommender systems and the social web, New York, NY, USA, pp 63–70
Pennock DM, Horvitz E, Lawrence S, Giles CL (2000) Collaborative filtering by personality diagnosis: a hybrid memory- and model-based approach. In: Proceedings of the 16th conference on uncertainty in artificial intelligence, Stanford, CA, USA, pp 473–480
Polat H, Du W (2005) Privacy-preserving collaborative filtering. Int J Electron Commer 9(4): 9–35
Ray S, Mahanti A (2009a) Filler item strategies for shilling attacks against recommender systems. In: Proceedings of the 42nd Hawaii international conference on system sciences. Big Island, HI, USA, pp 1–10
Ray S, Mahanti A (2009b) Strategies for effective shilling attacks against recommender systems. Lect Notes Comput Sci 5456: 111–125
Ray S, Mahanti A (2010) Improving prediction accuracy in trust-aware recommender systems. In: Proceedings of the 43rd Hawaii international conference on system sciences, Kauai, HI, USA, pp 1–9
Ramezani M, Sandvig JJ, Schimoler T, Gemmell J, Mobasher B, Burke RD (2009) Evaluating the impact of attacks in collaborative tagging environments. In: Proceedings of the international conference on computational science and engineering, Vancouver, BC, Canada, pp 136–143
Resnick P, Sami R (2007) The influence-limiter: Provably manipulation-resistant recommender systems. In: Proceedings of the 1st ACM international conference on recommender systems, Minneapolis, MN, USA, pp 25–32
Resnick P, Sami R (2008a) Manipulation-resistant recommender systems through influence limits. ACM SIGecom Exch 17(3): 1–4
Resnick P, Sami R (2008b) The information cost of manipulation resistance in recommender systems. In: Proceedings of the 2nd ACM international conference on recommender systems. Lausanne, Switzerland, pp 147–154
Sandvig JJ, Mobasher B, Burke RD (2007a) Robustness of collaborative recommendation based on association rule mining. In: Proceedings of the 1st ACM conference on recommender systems, Minneapolis, MN, USA, pp 105–112
Sandvig JJ, Mobasher B, Burke RD (2007b) Impact of relevance measures on the robustness and accuracy of collaborative filtering. In: Proceedings of the 8th international conference on electronic commerce and web technologies, Regensburg, Germany, pp 99–108
Sandvig JJ, Mobasher B, Burke RD (2008) A survey of collaborative recommendation and the robustness of model-based algorithms. IEEE Data Engineering Bulletin 31(2): 3–13
Su XF, Zeng HJ, Chen Z (2005) Finding group shilling in recommendation system. In: Proceedings of the 14th international conference on world wide web, Chiba, Japan, pp 960–961
Tang T, Tang Y (2011) An effective recommender attack detection method based on time SFM factors. In: Proceedings of the IEEE 3rd international conference on communication software and networks, Xi’an, China, pp 78–81
Van Roy B, Yan X (2009) Manipulation-resistant collaborative filtering systems. In: Proceedings of the 3rd ACM conference on recommender systems, New York, NY, USA, pp 165–172
Van Roy B, Yan X (2010) Manipulation robustness of collaborative filtering. Manag Sci 56(11): 1911–1929
Williams CA (2006) Profile injection attack detection for securing collaborative recommender systems. Masters thesis, DePaul University
Williams CA, Bhaumik R, Burke RD, Mobasher B (2006a) The impact of attack profile classification on the robustness of collaborative recommendation. In: Proceedings of the WebKDD workshop, Philadelphia, PA, USA
Williams CA, Mobasher B, Burke RD, Bhaumik R, Sandvig JJ (2006b) Detection of obfuscated attacks in collaborative recommender systems. In: Proceedings of the workshop on recommender systems, in conjunction with the 17th European conference on artificial intelligence, Riva del Garda, Trentino, Italy, pp 19–23
Williams CA, Mobasher B, Burke RD (2007a) Defending recommender systems: detection of profile injection attacks. Serv Oriented Comput Appl 1(3): 157–170
Williams CA, Mobasher B, Burke RD, Bhaumik R (2007b) Detecting profile injection attacks in collaborative filtering: a classification-based approach. Lect Notes Comput Sci 4811: 167–186
Wu Z, Cao J, Mao B, Wang Y (2011) Semi-SAD: applying semi-supervised learning to shilling attack detection. In: Proceedings of the 5th ACM conference on recommender systems, Chicago, IL, USA, pp 289–292
Yan X (2009) Manipulation robustness of collaborative filtering systems. PhD dissertation, Stanford University
Yan X, Van Roy B (2009) Manipulation robustness of collaborative filtering systems. The Computing Research Repository (abs/0903.0069)
Zhang FG (2008) Analysis of segment shilling attack against trust based recommender systems. In: Proceedings of the 4th international conference on wireless communications, networking and mobile computing, Dalian, China, pp 1–4
Zhang FG (2009a) Reverse bandwagon profile injection attack against recommender systems. In: Proceedings of the 2nd international symposium on computational intelligence and design, Changsha, China, pp 15–18
Zhang FG (2009b) Average shilling attack against trust-based recommender systems. In: Proceedings of the international conference on information management, innovation management and industrial engineering, Xi’an, China, pp 588–591
Zhang FG (2009c) A survey of shilling attacks in collaborative filtering recommender systems. In: Proceedings of the international conference on computational intelligence and software engineering, Wuhan, China, pp 1–4
Zhang FG (2010) Analysis of love-hate shilling attack against e-commerce recommender system. In: Proceedings of the international conference of information science and management engineering, Xi’an, China, pp 318–321
Zhang FG (2011a) Preventing recommendation attack in trust-based recommender systems. J Comput Sci Technol 26(5): 823–828
Zhang FG (2011b) Analysis of bandwagon and average hybrid attack model against trust-based recommender systems. In: Proceedings of the 5th international conference on management of e-commerce and e-government, Hubei, China, pp 269–273
Zhang FG, Xu SH (2007) Analysis of trust-based e-commerce recommender systems under recommendation attacks. In: Proceedings of the 1st international symposium on data, privacy, and e-commerce, Chengdu, China, pp 385–390
Zhang S, Ouyang Y, Ford J, Makedon F (2006a) Analysis of a low-dimensional linear model under recommendation attacks. In: Proceedings of the 29th annual international ACM SIGIR conference on research and development in information retrieval, Seattle, WA, USA, pp 517–524
Zhang S, Chakrabarti A, Ford J, Makedon F (2006b) Attack detection in time series for recommender systems. In: Proceedings the 20th ACM SIGKDD international conference on knowledge discovery and data mining, Philadelphia, PA, USA, pp 809–814
Zhang Q, Luo Y, Weng C, Li M (2009) A trust-based detecting mechanism against profile injection attacks in recommender systems. In: Proceedings of the 3rd IEEE international conference on secure software integration and reliability improvement, Shanghai, China, pp 59–64
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Gunes, I., Kaleli, C., Bilge, A. et al. Shilling attacks against recommender systems: a comprehensive survey. Artif Intell Rev 42, 767–799 (2014). https://doi.org/10.1007/s10462-012-9364-9
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10462-012-9364-9