Recommender systems by borattoludovico

Unmasking Privacy: A Reproduction and Evaluation Study of Obfuscation-based Perturbation Techniques for Collaborative Filtering

A well-designed obfuscation framework can significantly enhance user privacy in recommender systems without fundamentally compromising their performance, offering a viable path to balancing personalization and privacy.

As digital platforms increasingly rely on personalization to engage users, recommender systems have become a central component of e-commerce and entertainment industries. However, this personalization often comes at the cost of user privacy. The conflict between preserving privacy and maintaining recommendation accuracy is a challenge in the field of collaborative filtering (CF).

In a recent study, with Alex Martinez and Mihnea Tufis, presented at SIGIR ’24, we reproduce and evaluate obfuscation-based perturbation techniques for privacy preservation in collaborative filtering systems. These techniques aim to obscure sensitive user data while balancing the trade-off between privacy and the performance of recommendation algorithms.

Privacy in recommender systems

Recommender systems use collaborative filtering to predict user preferences based on historical data. While effective, this process requires significant personal information, creating privacy concerns, particularly in light of regulations like GDPR. Privacy-enhancing technologies have emerged to address these concerns, with data perturbation being a prominent technique due to its simplicity and low computational cost.

Our Contributions

The study focuses on reproducing and extending a framework proposed by Batmaz and Polat, which outlines eight algorithms for privacy-preserving CF. We implemented the framework, designed an evaluation protocol, and analyzed the accuracy-privacy trade-off using two datasets: MovieLens-1M and Last.fm-1K.

The main contributions include:

  1. Implementation of privacy-enhancing algorithms. We implemented four obfuscation algorithms tailored for implicit feedback data, where user-item interactions are binary (e.g., 0 or 1).
  2. Evaluation framework. A systematic protocol was developed to evaluate recommendation performance while ensuring consistency across obfuscated datasets.
  3. Empirical analysis. We tested the impact of privacy-related parameters (e.g., randomization thresholds, group-based obfuscation) on recommendation accuracy.

Experimental Setup

Datasets

  1. MovieLens-1M. A dataset of ~1 million user ratings for movies, converted to binary feedback for the study.
  2. Last.fm-1K. A music recommendation dataset with ~19 million interactions, filtered and preprocessed for CF.

Algorithms

The study employed two state-of-the-art CF algorithms:

  • Neural Collaborative Filtering (NCF). A deep learning-based model capturing complex user-item interactions.
  • Light Graph Convolutional Network (LightGCN). A simplified graph-based CF model optimized for scalability.

Obfuscation Techniques

As shown in the figure, obfuscation involved flipping user-item interactions based on random decision variables and thresholds. Masking, which adds synthetic interactions, provided an additional layer of privacy.

Results and Insights

  1. Privacy-performance trade-off. Increasing privacy levels (e.g., higher randomization) consistently reduced recommendation accuracy. However, the impact varied depending on the dataset and algorithm.
  2. Algorithm and dataset dependence. LightGCN outperformed NCF, and MovieLens-1M yielded better results than Last.fm-1K, highlighting the influence of dataset characteristics on algorithm performance.
  3. Group settings. Contrary to expectations, the number of user-item groups used for obfuscation had negligible effects on accuracy, suggesting higher group settings could enhance privacy without degrading performance.

Challenges and future directions

  1. Balancing dataset size and obfuscation. The size of the obfuscated dataset significantly influenced performance. Future studies could disentangle this effect to better understand algorithm robustness.
  2. Quantifying privacy. A comprehensive metric to evaluate privacy levels would enable more nuanced analyses of the accuracy-privacy trade-off.
  3. Extending to explicit feedback. The study primarily addressed binary feedback. Incorporating explicit ratings into the framework could expand its applicability.