1 preserving privacy in collaborative filtering through distributed aggregation of offline profiles...
Post on 15-Jan-2016
215 views
TRANSCRIPT
1
Preserving Privacy in Collaborative Filtering through Distributed
Aggregation of Offline Profiles
The 3rd ACM Conference on Recommender Systems, New York City, NY, USA, October 22-25, 2009
http://lca.epfl.ch/privacy
Reza Shokri Pedram Pedarsani
George TheodorakopoulosJean-Pierre Hubaux
2
Privacy in Recommender Systems
• Untrusted Server– Tracking users’ activities
• Publishing Users’ Profiles– Re-identification attacks on anonymous datasets
A. Narayanan and V. Shmatikov. Robust de-anonymization of large sparse datasets. In IEEE Symposium on Security and Privacy, 2008.
3
Problem Statement• Improving users privacy with minimum imposition of
accuracy loss on the recommendations– Centralized recommender system– Contact between users– Distributed privacy preserving mechanism
• Distributed aggregation of users’ profiles– Users hide the items they have actually rated through
adding items rated by other users to their profile
Proposed Solution
4
Outline
• Profile Aggregation• Aggregation Methods• Evaluation
5
Profile Aggregationitems
ratings
2 25 5 34 43315
21
34
• Each user gives a subset of his items to his contact peer• Thus, users profiles are aggregated after the contact
Alice Bob
6
System ModelOnline profile
Offline profile
synchronization
• Actual Profile: Set of items rated by a user• Offline Profile: Actual profile + aggregated items• Online Profile: The latest synchronized offline profile on the server
contact
7
Online Profiles vs. Actual Profiles…
…
Online profile of users
…
…
Actual profile of users
8
Aggregation Methods
• How many items to aggregate?• Which items to aggregate?
Similarity-based Aggregation(Similarity: The Pearson’s correlation coefficient)
– Random Selection (SRS)– Minimum Rating Frequency (SMRF)
(rating frequency: percentage of users that have rated an item)IMDB: 167,237 votes IMDB: 1,625 votes
9
Evaluation Metrics
• Privacy Gain
• Accuracy Loss
10
Privacy Gain
number of usersactual profile of user ‘u’
online profile of user ‘u’ rating frequency of item ‘i’
R. Myers, R. C. Wilson, and E. R. Hancock. Bayesian graph edit distance. IEEE Trans. Pattern Anal. Mach. Intell., 22(6), 2000.
Intuition: Structural difference of two graphs (online and actual) viewed as difference between correspondent edges
Privacy: How difficult is for the server to guess the users’ actual profiles, having access to their online profiles
Weight of items added by aggregation
Weight of items in online profile
11
Accuracy Loss
The bipartite graph that contains actual ratings
The bipartite graph available to the server
12
Experiment• Simulation on randomly chosen profiles
– From the Netflix prize dataset– 300 users– Average: 30000 ratings and 2500 items in each experiment
• Memory-based CF: user-based• Testing set: 10% of the actual ratings of each user• Users select their contact peers at random• Aggregation methods
– Union– SRS– SMRF
13
Privacy Gain
Similarity-based Random Selection (SRS)Similarity-based Minimum Rating Frequency (SMRF)
14
Accuracy Loss
Similarity-based Random Selection (SRS)Similarity-based Minimum Rating Frequency (SMRF)
15
Tradeoff between Privacy
and Accuracy
16
Conclusion
• A novel method for privacy preservation in collaborative filtering recommendation systems
• Protection of users privacy against an untrusted server
• Considerably improving users privacy with minimum effect on recommendations accuracy by aggregating users’ profiles based on their similarities
• Proposed method can also be used on protecting privacy of users in published datasets
17
Future Work
• The evaluation of the mechanism can be improved by considering more realistic contact pattern between users, e.g., users friendship in a social network, or physical vicinity
• We would like to evaluate the practical implication of the method on the maintenance of the profiles
http://lca.epfl.ch/privacy