C OMMUNITY D ETECTION A TTACK AGAINST C OLLABORATIVE L EARNING - BASED R ECOMMENDER S YSTEMS APREPRINT Yacine Belal INSA Lyon LIRIS Lyon, France yacine.belal@insa-lyon.fr Mohamed Maouche Univ. Lyon INRIA CITI Lyon, France mohamed.maouche@inria.fr Sonia Ben Mokhtar INSA Lyon LIRIS CNRS Lyon, France sonia.benmokhtar@insa-lyon.fr Anthony Simonet-Boulogne iExec Blockchain Tech Lyon, France anthony.simonet-boulogne@iex.ec June 16, 2023 ABSTRACT Collaborative-learning based recommender systems emerged following the success of collaborative learning techniques such as Federated Learning (FL) and Gossip Learning (GL). In these systems, users participate in the training of a recommender system while keeping their history of consumed items on their devices. While these solutions seemed appealing for preserving the privacy of the participants at a first glance, recent studies have shown that collaborative learning can be vulnerable to a variety of privacy attacks. In this paper we propose a novel privacy attack called Community Detection Attack (CDA), which allows an adversary to discover the members of a community based on a set of items of her choice (e.g., discovering users interested in LGBT content). Through ex- periments on three real recommendation datasets and by using two state-of-the-art recommendation models, we assess the sensitivity of an FL-based recommender system as well as two flavors of Gos- sip Learning-based recommender systems to CDA. Results show that on all models and all datasets, the FL setting is more vulnerable to CDA than Gossip settings. We further evaluated two off-the- shelf mitigation strategies, namely differential privacy (DP) and a share less policy, which consists in sharing a subset of model parameters. Results show a better privacy-utility trade-off for the share less policy compared to DP especially in the Gossip setting. Keywords Gossip Learning, Federated Learning, Privacy-Preserving, Inference Attacks, Point-of-Interest recommen- dation, Recommender Systems 1 Introduction Recommender systems[46, 9] are widely used algorithms in today’s online services (e.g., market places [49], social networks [32], music and video on demand platforms [26]). Their usefulness in helping users dive into the overwhelm- ing amount of content available online is no more questionable. In a nutshell, a recommender system aims at finding relevant/personalized items for each user using information such as items category/popularity [45], users’ past con- sumed items and items consumed by similar users [33]. One of the downsides of today’s recommender systems is their intrinsic centralization. Indeed, in order to compute useful recommendations, most recommender systems collect and process users’ private data such as their history of consumed/liked items, which may reveal sensitive information such as their tastes, age, political opinions or sexual orientation[21]. This limitation has pushed the research community arXiv:2306.08929v1 [cs.IR] 15 Jun 2023