KDD2024 | Research on Privacy Risks in Interest Point Recommendation

Hey, remember to give it to me“ Machine Learning and Recommendation Algorithms ”Add Star symbol

TLDR:

paperhttps://arxiv.org/abs/2310.18606
code:https://github.com/KunlinChoi/POIPrivacy

0 Summary

2.1 LocExtract location extraction attack

The purpose of this attack is to extract the most frequently visited location by a user during the training of the victim model. We found that when randomly querying victim models, these models tend to ‘over learn’ the most frequently visited locations by users, making these locations more likely to appear in the model output. For example, randomly select 10 users and use 100 randomly selected locations to query the victim model. Among these queries, 32.5% of the query results will display the most frequently visited locations of the target user, while these most frequently visited locations only account for 18.7% of the user dataset.

Based on this observation, we have designed the following attack method: by generating different random inputs and iteratively querying the victim model multiple times, we use Soft Voting to select the position with the highest aggregated logit from all query results as the…