Robust federated contrastive recommender system against targeted model poisoning attack  

作　　者：Wei YUAN Chaoqun YANG Liang QU Guanhua YE Quoc Viet Hung NGUYEN Hongzhi YIN 

机构地区：[1]School of Electrical Engineering and Computer Science,The University of Queensland,Brisbane 4072,Australia [2]School of Information and Communication Technology,Griffith University,Gold Coast 4222,Australia [3]Deep Neural Computing Company Limited,Shenzhen 518000,Chi

出　　处：《Science China(Information Sciences)》2025年第4期46-61,共16页中国科学(信息科学)(英文版)

基　　金：supported by Australian Research Council under the Streams of Future Fellowship(Grant No.FT210100624);Discovery Project(Grant No.DP240101108);Linkage Project(Grant No.LP230200892)。

摘　　要：Federated recommender systems(FedRecs)have garnered increasing attention recently,thanks to their privacypreserving benefits.However,the decentralized and open characteristics of current FedRecs present at least two dilemmas.First,the performance of FedRecs is compromised due to highly sparse on-device data for each client.Second,the system's robustness is undermined by the vulnerability to model poisoning attacks launched by malicious users.In this paper,we introduce a novel contrastive learning framework designed to fully leverage the client's sparse data through embedding augmentation,referred to as CL4FedRec.Unlike previous contrastive learning approaches in FedRecs that necessitate clients to share their private parameters,our CL4FedRec aligns with the basic FedRec learning protocol,ensuring compatibility with most existing FedRec implementations.We then evaluate the robustness of FedRecs equipped with CL4FedRec by subjecting it to several state-of-the-art model poisoning attacks.Surprisingly,our observations reveal that contrastive learning tends to exacerbate the vulnerability of FedRecs to these attacks.This is attributed to the enhanced embedding uniformity,making the polluted target item embedding easily proximate to popular items.Based on this insight,we propose an enhanced and robust version of CL4FedRec(rCL4FedRec)by introducing a regularizer to maintain the distance among item embeddings with different popularity levels.Extensive experiments conducted on four commonly used recommendation datasets demonstrate that rCL4FedRec significantly enhances both the model's performance and the robustness of FedRecs.

关 键 词：federated recommender system contrastive learning model poisoning attack and defense 

分 类 号：TP391[自动化与计算机技术—计算机应用技术]