Home

Awesome

Official Implementation

Membership Inference Attacks Against Recommender Systems

Minxing Zhang, Zhaochun Ren, Zihan Wang, Pengjie Ren, Zhumin Chen, Pengfei Hu, Yang Zhang

ACM Conference on Computer and Communications Security (CCS) 2021


Framework


Introduction

There are two .py files which are our attack models. One is based on a clustering algorithm. And the other is based on the deep learning technique.

And there are three types of datasets, i.e., "Interactions", "Recommendations" and "Vectorizations".

Note that, to balance data, the first half of Interactions and Recommendations are for Members while the second half of them are for Non-Members.

Here, we will provide the guidelines to construct datasets for the attack:

Datasets for "Interactions" are derived following the steps:

  1. To randomly divide the original dataset into 3 subsets for Shadow Model, Target Model, and Vectorization.
  2. For each subset, filter the users with less than 20 records.
  3. To relabel users and items by consecutive numbers.
  4. To store records using the above format and to sort them by user number.

Datasets for "Recommendations" are derived from corresponding recommendation systems (Item-based Collaborative Filtering, Latent Factor Model, or Neural Collaborative Filtering), which are stored in the above format.

Datasets for "Vectorization" are derived following the method in the paper.

Dataset Construction

The implementations of dataset construction can be found here.

Reference

To acknowledge the use of our work, please cite our paper:

@inproceedings{zhang2021membership,
  title={Membership inference attacks against recommender systems},
  author={Zhang, Minxing and Ren, Zhaochun and Wang, Zihan and Ren, Pengjie and Chen, Zhunmin and Hu, Pengfei and Zhang, Yang},
  booktitle={Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security},
  pages={864--879},
  year={2021}
}