Simulating real profiles for shilling attacks: A generative approach

Collaborative Filtering (CF) approaches are vulnerable to Shilling Attacks, in which malicious users or companies inject a large number of fake profiles in a system in order to manipulate its recommendations. One problem of current Shilling Attack models is that they commonly use straightforward statistical templates, producing profiles with different rating patterns than actual system data, which facilitates its detection, requiring a larger amount of profiles to achieve its goals. To address this problem and create profiles closer to reality, we propose using a generative model, Variational Autoencoder (VAE) to map original data distribution. With VAE, it is possible to generate new profiles based on real data, without explicit copying their actual ratings. Its generated profiles are converted to malicious profiles by adding target item rating value. We test our attack model on MovieLens 100k data set and compare to literature attack models. Our results indicate that our model outperforms all other models in model-based CF system, especially using low attack sizes (from 3% to 5%). Also, analysis comparing profiles generated from it and other approaches shows that our model ratings pattern are very similar to real profiles, which may indicate that attacks mounted using our approach may be less likely to be detected by detection approaches. Thus, we show that our attack model represents an advance on Shilling Attack models, since its superior results in model-based CF and possible indistinction from real profiles may be useful as a baseline to test detection techniques and other tasks among Shilling Attack area.