source code of the paper "[SIGIR 25] Social Relation-Level Privacy Risks and Preservation in Social Recommender Systems"
The integration of social information into recommender systems (RSs) has gained significant popularity for enhancing recommendation performance and user experience. However, this practice introduces substantial privacy risks, particularly concerning the leakage of sensitive social relationships. While prior research has primarily focused on user-level and interaction-level privacy risks, the vulnerabilities associated with social relation-level privacy leakage remain largely unexplored. To address this gap, we investigate social privacy risks through the lens of membership inference attacks (MIA). Nevertheless, two key challenges arise: (1) the adversary can only access sparse recommendation results, which contain indirect and limited information about social relationships, and (2) extracting socially relevant preferences from these results is inherently difficult. To tackle these challenges, we propose a dual-branch learning framework that disentangles user preferences and extracts social influence and homophily patterns to uncover social relationship signals. Extensive experiments on real-world datasets demonstrate that both social and general RSs are highly vulnerable to such attacks, highlighting the urgent need for robust privacy protection mechanisms. To mitigate these risks, we introduce a socially adversarial learning defense mechanism (\OURDF{}) that selectively obscures sensitive social information in user representations during training, effectively reducing privacy leakage. We further evaluate the effectiveness of our defense and discuss future directions for developing privacy-preserving mechanisms in social recommender systems.
- create a folder for datasets at
../raw dataset/. - download ciao or flickr at the dataset path, and use
data_preprocessing.pyto preprocessing the raw data.
- use
main.py --model_name [TARGET_NAME]to train a target social recommender, [TARGET_NAME]={'DESIGN, DiffNet}. - use
pp_main.py --xxxto train a target model with our SAL defense mechanism. - use
pp_main_baseline.pyto train a target model with ER or DP-SGD defense mechanism.
- directly run
./mia_from_trained_model.shto perform our attacks.
- Once you change the dataset of shadow dataset, remember to delete the cached matrixs stored in
../raw_dataset. - Remember to run
mia_enhance_attack.pyto perform attacks.
If you use this code, please consider to cite the following paper: