Bi-TWD: A Unified Attack Detection Framework in Recommender Systems Based on BiLSTM and Three-way Decision

The emergence of shilling attacks has threatened the security of recommender systems, which can seriously affect the trustworthiness of recommendation results and reduce the stickiness of users. The state-of-the-art detection methods have showed the effectiveness by manually or automatically extracting detection features. However, these methods lack universality because they tend to focus on detecting individual attacks or group shilling attacks. To this end, this paper proposes a unified framework for detecting various shilling attacks based on BiLSTM and three-way decision, which is named Bi-TWD for short. Firstly, each user rating behavior trajectory is divided into multiple subsequences and a window feature vector can be generated from each subsequence. Secondly, all window feature vectors of the same user are integrated into a fused behavior representation by using BiLSTM and the suspicious degree of each user is calculated. Finally, according to user suspicious degree, users are classified into a positive domain, a negative domain and a boundary domain by using the three-way decision theory. Users in the positive domain are regarded as attack users; the ones in the negative domain are referred to genuine users, while users in the boundary domain are further analyzed. The experiments are conducted on the Netflix and the sampled Amazon datasets, and the experimental results show the effectiveness and excellent performance of the proposed method for detecting various attacks.