带检测机制的联邦矩阵分解推荐模型DM-FedMF

IF 6.7 2区计算机科学 Q1 ENGINEERING, MULTIDISCIPLINARY

IEEE Transactions on Network Science and Engineering Pub Date : 2025-03-17 DOI:10.1109/TNSE.2025.3551923

Xiaoyao Zheng;Xianmin Jia;Xiongchao Cheng;Wenxuan He;Liping Sun;Liangmin Guo;Qingying Yu;Yonglong Luo

{"title":"带检测机制的联邦矩阵分解推荐模型DM-FedMF","authors":"Xiaoyao Zheng;Xianmin Jia;Xiongchao Cheng;Wenxuan He;Liping Sun;Liangmin Guo;Qingying Yu;Yonglong Luo","doi":"10.1109/TNSE.2025.3551923","DOIUrl":null,"url":null,"abstract":"Items are recommended to users by the federated recommendation system while protecting user privacy, but there is a risk of the performance of the global model being seriously affected by malicious clients through the tampering of local data and model parameters. In this paper, a federated matrix factorization recommendation model with a detection mechanism(DM-FedMF) is proposed. The experimental analysis concludes that there is a gradient difference in item preference parameters between malicious and benign clients. Accordingly, an objective function is designed to measure item preference differences as a means of identifying malicious clients on the server. Secondly, a malicious client reporting mechanism is proposed to count the reported frequency of all clients and set a threshold. Based on the number of honest clients, the list of attackers is updated. Finally, the malicious client is detected and eliminated based on the list of attackers. The other three defense algorithms are compared with two public datasets in this paper. The experimental results show that the detection mechanism can effectively defend against data poisoning attacks, category attacks, noise attacks, and sign flipping attacks, and the performance of the model's recommendations is better than that achieved by applying other defense methods.","PeriodicalId":54229,"journal":{"name":"IEEE Transactions on Network Science and Engineering","volume":"12 4","pages":"2679-2693"},"PeriodicalIF":6.7000,"publicationDate":"2025-03-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"DM-FedMF: A Recommendation Model of Federated Matrix Factorization With Detection Mechanism\",\"authors\":\"Xiaoyao Zheng;Xianmin Jia;Xiongchao Cheng;Wenxuan He;Liping Sun;Liangmin Guo;Qingying Yu;Yonglong Luo\",\"doi\":\"10.1109/TNSE.2025.3551923\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Items are recommended to users by the federated recommendation system while protecting user privacy, but there is a risk of the performance of the global model being seriously affected by malicious clients through the tampering of local data and model parameters. In this paper, a federated matrix factorization recommendation model with a detection mechanism(DM-FedMF) is proposed. The experimental analysis concludes that there is a gradient difference in item preference parameters between malicious and benign clients. Accordingly, an objective function is designed to measure item preference differences as a means of identifying malicious clients on the server. Secondly, a malicious client reporting mechanism is proposed to count the reported frequency of all clients and set a threshold. Based on the number of honest clients, the list of attackers is updated. Finally, the malicious client is detected and eliminated based on the list of attackers. The other three defense algorithms are compared with two public datasets in this paper. The experimental results show that the detection mechanism can effectively defend against data poisoning attacks, category attacks, noise attacks, and sign flipping attacks, and the performance of the model's recommendations is better than that achieved by applying other defense methods.\",\"PeriodicalId\":54229,\"journal\":{\"name\":\"IEEE Transactions on Network Science and Engineering\",\"volume\":\"12 4\",\"pages\":\"2679-2693\"},\"PeriodicalIF\":6.7000,\"publicationDate\":\"2025-03-17\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Transactions on Network Science and Engineering\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10930618/\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"ENGINEERING, MULTIDISCIPLINARY\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Network Science and Engineering","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10930618/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"ENGINEERING, MULTIDISCIPLINARY","Score":null,"Total":0}

引用次数: 0

摘要

联邦推荐系统在保护用户隐私的同时向用户推荐项目，但存在恶意客户端通过篡改局部数据和模型参数严重影响全局模型性能的风险。提出了一种带有检测机制的联邦矩阵分解推荐模型（DM-FedMF）。实验分析表明，恶意客户和良性客户在项目偏好参数上存在梯度差异。因此，设计了一个目标函数来测量项目偏好差异，作为识别服务器上恶意客户端的一种手段。其次，提出了一种恶意客户端报告机制，统计所有客户端的报告频率并设置阈值；根据诚实客户端的数量，更新攻击者列表。最后，根据攻击者列表检测并消除恶意客户端。另外三种防御算法在两个公共数据集上进行了比较。实验结果表明，该检测机制可以有效防御数据中毒攻击、类别攻击、噪声攻击和符号翻转攻击，并且模型推荐的性能优于应用其他防御方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

DM-FedMF: A Recommendation Model of Federated Matrix Factorization With Detection Mechanism

Items are recommended to users by the federated recommendation system while protecting user privacy, but there is a risk of the performance of the global model being seriously affected by malicious clients through the tampering of local data and model parameters. In this paper, a federated matrix factorization recommendation model with a detection mechanism(DM-FedMF) is proposed. The experimental analysis concludes that there is a gradient difference in item preference parameters between malicious and benign clients. Accordingly, an objective function is designed to measure item preference differences as a means of identifying malicious clients on the server. Secondly, a malicious client reporting mechanism is proposed to count the reported frequency of all clients and set a threshold. Based on the number of honest clients, the list of attackers is updated. Finally, the malicious client is detected and eliminated based on the list of attackers. The other three defense algorithms are compared with two public datasets in this paper. The experimental results show that the detection mechanism can effectively defend against data poisoning attacks, category attacks, noise attacks, and sign flipping attacks, and the performance of the model's recommendations is better than that achieved by applying other defense methods.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

IEEE Transactions on Network Science and Engineering Engineering-Control and Systems Engineering

CiteScore

12.60

自引率

9.10%

发文量

393

期刊介绍： The proposed journal, called the IEEE Transactions on Network Science and Engineering (TNSE), is committed to timely publishing of peer-reviewed technical articles that deal with the theory and applications of network science and the interconnections among the elements in a system that form a network. In particular, the IEEE Transactions on Network Science and Engineering publishes articles on understanding, prediction, and control of structures and behaviors of networks at the fundamental level. The types of networks covered include physical or engineered networks, information networks, biological networks, semantic networks, economic networks, social networks, and ecological networks. Aimed at discovering common principles that govern network structures, network functionalities and behaviors of networks, the journal seeks articles on understanding, prediction, and control of structures and behaviors of networks. Another trans-disciplinary focus of the IEEE Transactions on Network Science and Engineering is the interactions between and co-evolution of different genres of networks.