The purpose of this research is to explore the vulnerabilities of recommendation and personalization systems in the face of malicious attacks, explore techniques for enhancing their robustness, and examine methods by which attacks can be recognized and possibly defeated. Most research in computer security focuses on protecting assets inside an organization's security perimeter from unauthorized access and modification. This project examines the problem of security for systems that are designed to be accessed and modified by the general public. How do we protect such a system from the legal but biased inputs of an attacker trying to subvert its functionality? The project will advance our understanding of the trustworthiness of recommender systems, now a crucial component in many areas from e-commerce and e-learning to content management systems. We will explore the spectrum of possible attacks against recommendation systems, and develop formal models characterizing these attacks and their impacts. We will investigate different metrics for assessing the robustness of recommendation algorithms including accuracy, stability and expected payoff to the attacker. In tandem with this theoretical work, we will conduct empirical investigations using data from a variety of domains. We will test a range of recommendation algorithms including user-based, item-based and model-based collaborative recommenders, and also explore hybrid recommendation by combining collaborative recommendation techniques with content-based and knowledge-based ones. Finally, informed by these results, we will consider how recommender systems can be secured, through improved algorithms but also by detecting attacks and responding appropriately. Our research will have significant implications for a variety of adaptive information systems that rely on users' input for learning user or group profiles. Many such systems have open components through which a malicious user or an automated agent can affect the overall system behavior.
