Shilling Attack Detection Method Integrating Item Temporal Information and Relational Networks

Abstract

Shilling attack detection is a method to identify and defend against malicious users in recommender systems, and it mainly detects shilling attackers by analyzing user behavior or item content anomalies. Items in the system subject to shilling attack often present abnormal scoring time-series information and relationship networks, but time-series data has the characteristics of large and unstable data volume, which makes it difficult to directly use raw data for detection, while detection from user relationship networks can often only solve a specific attack problem, and it is difficult to detect coordinated attack behaviors. To address the above issues, we propose a detection method called ITRN, which makes full use of item timing information and relational networks, dividing the time series of item ratings based on important points, constructing cubes for similarity measure using the second-order difference method to obtain the anomalous time intervals and the set of suspicious users, constructing a suspicious user-item bipartite graph, aggregating the higher-order neighboring information of the suspicious users using LightGCN, and then inputting these higher-order embedded inputs into the linear layer that are mapped into a scalar, and finally these scalars are input into the Sigmoid function to obtain the probability of the user being suspicious. Experiments were conducted on three datasets of varying sizes from Movielens, and the results showed that our method improved precision by approximately 0.02 and F1-measure by approximately 0.01 compared to the optimal baseline model.