2021 International Conference on Computer Communication and Informatics (ICCCI -2021), Jan.
27-29, 2021, Coimbatore, INDIA
A Study on Shilling Attack Identification in SAN
using Collaborative Filtering Method based
Recommender Systems
Praveena. N
Research Scholar
Department of Computer Science and Engineering
Pondicherry Engineering College
Puducherry, India
praveenan@pec.edu
2021 International Conference on Computer Communication and Informatics (ICCCI) | 978-1-7281-5875-4/21/$31.00 ©2021 IEEE | DOI: 10.1109/ICCCI50826.2021.9402676
Abstract - In Social Aware Network (SAN) model, the
elementary actions focus on investigating the attributes and
behaviors of the customer. This analysis of customer attributes
facilitate in the design of highly active and improved protocols.
In specific, the recommender systems are highly vulnerable to
the shilling attack. The recommender system provides the
solution to solve the issues like information overload.
Collaborative filtering based recommender systems are
susceptible to shilling attack known as profile injection attacks.
In the shilling attack, the malicious users bias the output of the
system’s recommendations by adding the fake profiles. The
attacker exploits the customer reviews, customer ratings and
fake data for the processing of recommendation level. It is
essential to detect the shilling attack in the network for
sustaining the reliability and fairness of the recommender
systems. This article reviews the most prominent issues and
challenges of shilling attack. This paper presents the literature
survey which is contributed in focusing of shilling attack and
also describes the merits and demerits with its evaluation
metrics like attack detection accuracy, precision and recall
along with different datasets used for identifying the shilling
attack in SAN network.
Keywords— collaborative filtering; profile injection attack
detection; machine learning; deep learning; SAN.
I. INTRODUCTION
In the past few years the outstanding growth in the
field of wireless communications and networking technologies
that give important network architectures to create ubiquitous
networks. In the modern paradigm, Social Aware Network
(SAN) improved a dramatic development above field. The
private data and end customer reviews of recommender systems
supports in emphasizing the societal behavior and friendliness
of users. Though, the invaders familiarize weakness in Social
Aware Network by manipulating these user information in an
unauthorized way. Recommender systems have been broadly
used in many areas to overcome the problem of information
overload in the network. Recommendation models are
classified into three types based on the input data such as
collaborative filtering based recommender systems, content
based recommender systems and hybrid recommender systems.
978-1-7281-5875-4/21/$31.00 ©2021 IEEE
Authorized licensed use limited to: California State University Fresno. Downloaded on June 30,2021 at 23:05:36 UTC from IEEE Xplore. Restrictions apply.
Dr. K.Vivekanandan
Professor,
Department of Computer Science and Engineering
Pondicherry Engineering College
Puducherry, India
k.vivekanandan@pec.edu
Among the three different types of recommender systems,
collaborative filtering based recommender system has more
advantages and play vital role in many e-business websites to
predicts the exact recommendation for the end users. The
collaborative filtering based recommender systems brings
additional welfare to merchants so that which also increases the
satisfaction of the user. Due to the openness of the
recommender of the system, the invaders prejudice the
recommendations by inserting a large number false profiles of
the users [1]. This kind of malevolent activity is known as
profile injection attacks. Depend on the intension of the
malicious user, shilling attack can be categorized into two
different types namely push and nuke attack. These types of
attacks is used to promote or demote a specific item to be
recommended in the database of the recommender systems. To
reduce the impact of collaborative based recommender systems
in network many approaches have been planned to detect the
profile injection attacks. From the perspective of machine
learning methods, attack detection models are classified into
three types such as supervised, semi-supervised and
unsupervised models. In recent times, deep learning methods
introduce more changing deep recommendation architecture by
different algorithms so that which brings more opportunity to
increase the performance such as Precision and Recall of
recommender systems the deep learning model. Our goal is to
deliver a better understanding of research challenges and
opportunities in the field of SAN, how this network is more
vulnerable to shilling attack and to find attractive suggestions
for future activities on this well-timed and exhilarating topic.
The remaining organization of this article is as follows:
Section II presents the categories of detecting mechanisms of
shilling attacks and Section III describes several important
types of detecting attacks based on traditional methodology. In
Section IV, depicts the detection methods based on deep
learning models and in Section V we review some important
paper on existing detection mechanism with their advantage
and disadvantages. In section VI we discuss some major open
issues and challenges of recommender systems. In section VII
it depicts the conclusion and future work.
 2021 International Conference on Computer Communication and Informatics (ICCCI -2021), Jan. 27-29, 2021, Coimbatore, INDIA
II. CATEGORIES OF SHILLING ATTACK DETECTION
METHODOLGY
Shilling attack detection mechanisms in collaborative
filtering based recommender systems are mainly classified into
two different types (i) conventional machine learning
approaches and (ii) deep learning approaches. The traditional
machine learning approaches are further classified into three
types and deep learning methods are consists of two categories
which are discussed in the following sections:
Figure 1: Categories of Shilling Attack Detection Mechanisms
III. COLLABOARATIVE FILTERING BASED SHILLING ATTACK
DETECTION MECHANISM USING MACHINE LEARNING
The shilling attack in collaborative filtering based
recommender systems are detected by using machine learning
methods. Some of the possible existing detection scheme
proposed for detecting false profile in recommender systems
are based on the machine learning algorithm are as follows.
Based on the labelled tags used in the datasets, the detection
methods of shilling attack are categorized into three type’s
supervised, semi-supervised and unsupervised methods in
machine learning perspective [2].
A) Supervised Methods
In supervised methods, in order to train a model, the labeled
data is used in datasets and the value of labeled data are
influenced by identifying the accuracy results of the data. This
approaches are made on the features extracted by the attack
profiles such as user rating, comments etc. For detecting the
fake profiles, this system allows only individual user features
which will not care about the interaction or relationship
between the user profiles. So the supervised approaches do not
achieve that much better accuracy in detecting the attacks
profiles.
Authorized licensed use limited to: California State University Fresno. Downloaded on June 30,2021 at 23:05:36 UTC from IEEE Xplore. Restrictions apply.
Example: C4.5 and Naïve Bayes detector.
B. Unsupervised method
In unsupervised method, for detecting the shilling
attack, the unlabeled data is used for training the
datasets. Some conventions and facts are necessary in
earlier to achieve these approaches. It is suitable to do
online detection application due to the merits of less
computation it poses when compared to prior method.
Statistical methods, association rules and clustering
methods are some of the techniques used in this method.
Example: Principle Component Analysis and Multi-
Dimensional Scaling Algorithm
C. Semi supervised Method
The Semi-supervised machine learning approaches
practice both unlabeled and labelled user data. It is the
combination of both supervised machine learning
approaches and unsupervised machine learning
approaches. This method do worthy with less labeled
data when compared to existing machine learning
approaches. The malicious users react immediately if
they already aware of identification mechanisms in
order to reduce the effectiveness of the shilling
detection method.
Example: Hybrid Shilling Attack Detection Method.
IV. COLLABORATIVE FILTERING BASED SHILLING ATTACK
DETECTION MECHANISM USING DEEP LEARNING
Deep learning is deliberated as a one of a part of machine
learning. Nowadays this deep learning method is more popular
and more flexible due it predicts the result in more accurate
way because it learn and represent the data in deeper format,
levels of representation is also in multiple way. For that aim, it
grows as a changing recommendation architecture for
improving the performance of the recommender systems [13].
Now, recommender systems uses trending deep learning
methods, that play a vital role in achieving high
recommendation quality by overcoming the barriers of
traditional models. The relationship and interdependency of
user and item are effectively captured by deep learning method
so that permits the codification of more complex abstraction as
data representations in the deeper layer. In addition to that, it
also catches the complex relationships within the data itself,
from surplus available data sources in the form of visual
information, textual and contextual. Recommendation with
Neural simple models and Recommendation with Deep cross
models are two classification methods of deep learning models
are explained as follows:
A. Recommendation with Neural simple M odels:
Recommendation with Neural simple model consists of
eight categories such as Multi-Layer Perceptron (MLP), Auto
Encoder (AE), Convolutional Neural Network (CNN),
Recurrent Neural Network (RNN), Restricted Boltzman
Machine (RBM), Neural Auto-regressive Distribution
Estimation (NADE), and Adversarial Networks (AN),
Attentional Models (AM). The applicability of the
recommendation model is determined by the deep learning
technique. For example, the non-linear interdependency
 2021 International Conference on Computer Communication and Informatics (ICCCI -2021), Jan. 27-29, 2021, Coimbatore, INDIA

between item and user are easily modeled by using MLP. recommendation systems. Combination of one or more model
Convolutional Neural Network (CNN) extracts both native and is possible because of the flexibility of the deep neural network.
universal representations from different information sources in Out of several combinations of deep learning techniques, only
the form of textual and visual information. The temporal a few had been evolved. Some of the exploited hybrid models
dynamics and sequential evolution of content information are are RNN+CNN, AE+CNN and RNN+AE.
modeled by Recurrent Neural Network (RNN).
B. Recommendation with Deep combined Models
One or more deep learning technique are combined to form
powerful hybrid model for predicting more accuracy in the
TABLE 1 : A SUMMARY OF THE SHILLING ATTACK REVEALING METHODOLOGIES
Sl. Technique used Metrics Datasets Merits Demerits
No.

1 Ensemble based Shilling Precision Amazon It detects different types Attack detection accuracy
Attack Detection scheme Recall Netflix of shilling attacks with is low
using multiple dimension F-measure Movie lens high accuracy rate.
concentrated feature dataset
extraction process [3]

2 Ordered item sequence Precision Movie lens It improves precision with Attack detection accuracy
based Ensemble method Recall IM dataset high recall value. is low
(OIS-EM) for shilling F-measure
attack detection [4]

3 Shilling Attack Detection Attack Movie lens Performs well when Consumes more time for
scheme based on credibility detection rate, Datasets, detecting attacks with detecting attacks with
of group users and rating False positive Subsets of high precision and good increase in the scale of
time series [5] rate Netflix, false positive rate. datasets.
Subsets of
each movie

4 Trust features and time Precision CiaoDVD Achieves high precision Detects only individual
series analysis (TF-TSA) Recall dataset, and high recall account by using a lot of
based Shilling Attack F I-measure Epinions detection features and
Detection scheme [6] dataset also it cannot advert
group of spammers.

5 Unsupervised shilling attack Precision Amazon High accuracy in Artificially utilized

detection model based on Recall Review precision, recall and F- features are considered to
analysis of user rating F – score Dataset, score be least non-linear
behavior. [7] Netflix
Dataset,
Movie lens
Dataset

Authorized licensed use limited to: California State University Fresno. Downloaded on June 30,2021 at 23:05:36 UTC from IEEE Xplore. Restrictions apply.
 2021 International Conference on Computer Communication and Informatics (ICCCI -2021), Jan. 27-29, 2021, Coimbatore, INDIA

Sl. Technique used Metrics Datasets Merits Demerits

No.

6 A novel unsupervised RD- RDMA Movie lens More accuracy in Consumes more time and
TIA method based on DegSim Dataset, detecting unknown Computational cost also
statistical approach for Subsets of attacks. high for calculating the
Shilling Attack Detection Netflix, and similarity with other
[8] Subsets of profiles.
each movie.

8 A semi supervised learning Sensitivity Movie lens High Accuracy in It is ineffective for
method of Shilling Attack Specificity Dataset detecting the fake detecting various hybrid
Detection. [SEMI- SLM- profiles. attacks
SAD]
[10]

9 An integrated perception
patterns and social network
search based shilling attack
detection. (IPP-SNS-SAD)
[11]
Accuracy Netflix In order to identify the It is effective only for
F-measure Dataset presence of attack profiles detecting known attacks.
it need prior knowledge
from the user data.

10 CNN based shilling attack Precision Netflix Attack detection rate Detection accuracy will
detection scheme Recall Dataset, accuracy is high and not be the same if we go
[12] F-measure Movie lens detecting attacks using for large number of
look Dataset automatically extracted datasets.
high.

V. OPEN RESEARCH CHALLENGES In order to develop an efficient method to identify shilling

The existing approaches for detecting shilling attack
studied in this review paper assisted in determining the
following limitations:
 Supervised shilling attack detection methods are
effective for identifying only for fixed known types of
attacks, however they are unsuccessful for sensing
unknown types of attacks.
 Unsupervised shilling attack detection methods like
Clustering-based methods are not constant meanwhile
some typical users have same resemblances to spam
users.
 Semi-supervised shilling attack detection methods are
more flexible than the above two existing methods like
supervised and unsupervised methods, but it is more
complex and take long time to complete the
computation.
 The first deep learning technique such as (CNN)
Convolutional Neural Network based Shilling Attack
Detection proved the quality and accuracy in precisely
identifying varied number of mixed attacks compared
to the existing machine learning approaches but it
consider less number of datasets for evaluating its
performance.
attack by using hybrid deep learning models consider the
following challenges of deep neural network [15] a) Combined
Representation Learning from Item and user Content data, b)
Reasonable Recommendation with Deep Learning, c) Going
Bottomless for Recommendation.
VI. CONCLUSION AND FUTURE WORK
This manuscript analyzed the possibility of shilling
attacks and their various methods to detect the shilling attack
with their merits and demerits are discussed. The classification
for organizing and collecting existing works, and a group of
significant research models are highlighted. This paper also
discussed the pros and cons of machine learning and deep
learning techniques for recommendation tasks. In this paper, it
depicted the open research challenges that could be developed
for effective identification of shilling attacks in collaborative
filtering based recommender systems. It describes the
extraction of the related work that motivates the different
researchers to show their interest to work in this domain in
future.

Authorized licensed use limited to: California State University Fresno. Downloaded on June 30,2021 at 23:05:36 UTC from IEEE Xplore. Restrictions apply.
 2021 International Conference on Computer Communication and Informatics (ICCCI -2021), Jan. 27-29, 2021, Coimbatore, INDIA

REFERENCES
[1] Zhou, Quanqiang, Jinxia Wu, and Liangliang Duan. "Recommendation
attack detection based on deep learning." Journal of Information Security
and Applications 52 (2020): 102493.
[2] Batmaz, Zeynep, Burcu Yilmazel, and Cihan Kaleli. "Shilling attack
detection in binary data: a classification approach." Journal of Ambient
Intelligence and Humanized Computing 11.6 (2020): 2601-2611.
[3] Hao, Y., Zhang, F., Wang, J., Zhao, Q., & Cao, J. (2019). Detecting
Shilling Attacks with Automatic Features from Multiple Views. Security
and Communication Networks, 2019.
[4] Zhang, Fuzhi, and Honghong Chen. "An ensemble method for detecting
shilling attacks based on ordered item sequences." Security and
Communication Networks 9.7 (2016): 680-696.
[5] Zhou, Wei, et al. "Shilling attack detection for recommender systems
based on credibility of group users and rating time series." PloS one 13.5
(2018): e0196533.
[6] Xu, Yishu, and Fuzhi Zhang. "Detecting shilling attacks in social
recommender systems based on time series analysis and trust
features." Knowledge-Based Systems 178 (2019): 25-47.
[7] Cai, Hongyun, and Fuzhi Zhang. "Detecting shilling attacks in
recommender systems based on analysis of user rating
behavior." Knowledge-Based Systems 177 (2019): 22-43.
[8] Zhou, Wei, et al. "Shilling attacks detection in recommender systems
based on target item analysis." PloS one 10.7 (2017): e0130968.
[9] Batmaz, Zeynep, and Huseyin Polat. "Designing shilling attacks on
disguised binary data." International Journal of Data Mining, Modelling
and Management 9.3 (2017): 185-200.
[10] Cao, Jie, et al. "Shilling attack detection utilizing semi-supervised
learning method for collaborative recommender system." World Wide
Web 16.5-6 (2019): 729-748.
[11] Zhu, Li. "A novel social network measurement and perception pattern
based on a multi-agent and convolutional neural network." Computers &
Electrical Engineering 66 (2018): 229-245.
[12] Tong, Chao, et al. "A shilling attack detector based on convolutional
neural network for collaborative recommender system in social aware
network." The Computer Journal 61.7 (2018): 949-958.
[13] Zhang, Shuai, et al. "Deep learning based recommender system: A survey
and new perspectives." ACM Computing Surveys (CSUR) 52.1 (2019): 1-
38.
[14] Berman, Daniel S., et al. "A survey of deep learning methods for cyber
security." Information 10.4 (2019): 122.
[15] Apruzzese, Giovanni, et al. "On the effectiveness of machine and deep
learning for cyber security." 2018 10th International Conference on
Cyber Conflict (CyCon). IEEE, 2018.

Authorized licensed use limited to: California State University Fresno. Downloaded on June 30,2021 at 23:05:36 UTC from IEEE Xplore. Restrictions apply.