In recent years, recommender systems are crucially important for the delivery of personalized services that satisfy users' preferences. With personalized recommendation services, users can enjoy a variety of recommendations such as movies, books, ads, restaurants, and more. Despite the great benefits, personalized recommendations typically require the collection of personal data for user modelling and analysis, which can make users susceptible to attribute inference attacks. Specifically, the vulnerability of existing centralized recommenders under attribute inference attacks leaves malicious attackers a backdoor to infer users' private attributes, as the systems remember information of their training data (i.e., interaction data and side information). An emerging practice is to implement recommender systems in the federated setting, which enables all user devices to collaboratively learn a shared global recommender while keeping all the training data on device. However, the privacy issues in federated recommender systems have been rarely explored. In this paper, we first design a novel attribute inference attacker to perform a comprehensive privacy analysis of the state-of-the-art federated recommender models. The experimental results show that the vulnerability of each model component against attribute inference attack is varied, highlighting the need for new defense approaches. Therefore, we propose a novel adaptive privacy-preserving approach to protect users' sensitive data in the presence of attribute inference attacks and meanwhile maximize the recommendation accuracy. Extensive experimental results on two real-world datasets validate the superior performance of our model on both recommendation effectiveness and resistance to inference attacks.

翻译：近年来，推荐系统对于提供满足用户偏好的个性化服务至关重要。借助个性化推荐服务，用户可享受电影、书籍、广告、餐厅等多样化推荐。尽管带来巨大益处，个性化推荐通常需要收集个人数据进行用户建模与分析，这使用户易受属性推断攻击。具体而言，现有集中式推荐系统在属性推断攻击下的脆弱性为恶意攻击者提供了推断用户私有属性的后门，因为系统会记忆训练数据信息（即交互数据和辅助信息）。一种新兴实践是在联邦设置中实现推荐系统，该设置使所有用户设备能协同学习共享的全局推荐模型，同时将所有训练数据保留在设备本地。然而，联邦推荐系统的隐私问题鲜有研究。本文首先设计了一种新型属性推断攻击者，对当前最先进的联邦推荐模型进行全面的隐私分析。实验结果表明，各模型组件在应对属性推断攻击时的脆弱性存在差异，凸显了开发新型防御方法的必要性。为此，我们提出一种新颖的自适应隐私保护方法，在抵御属性推断攻击的同时保护用户敏感数据，并最大化推荐精度。在两个真实数据集上的大量实验结果验证了本模型在推荐效果和抗推断攻击性能方面的卓越表现。