TY - GEN
T1 - Social Relation-Level Privacy Risks and Preservation in Social Recommender Systems
AU - Zhao, Xuhao
AU - Zhang, Zhongrui
AU - Zhu, Yanmin
AU - Wang, Zhaobo
AU - Ma, Wenze
AU - Yu, Jiadi
AU - Tang, Feilong
N1 - Publisher Copyright:
© 2025 Copyright held by the owner/author(s).
PY - 2025/7/13
Y1 - 2025/7/13
N2 - The integration of social information into recommender systems (RSs) has gained significant popularity for enhancing recommendation performance and user experience. However, this practice introduces substantial privacy risks, particularly concerning the leakage of sensitive social relationships. While prior research has primarily focused on user-level and interaction-level privacy risks, the social relation-level privacy risks remain largely unexplored. To fill this gap, we investigate social privacy risks through membership inference attacks (MIA) and propose a Social relation-level MIA (SMIA) framework. Two key challenges arise: (1) the adversary can only access the recommended item IDs, which provide indirect and limited information about social relationships, and (2) extracting socially relevant preferences from recommendation results is inherently difficult. To tackle the first challenge, we leverage shadow models to transform sparse item IDs into dense features, enabling adversaries to effectively utilize recommendation outputs. For the second challenge, SMIA employs a dual-branch learning approach that disentangles social and behavioral preferences. Therefore, we can extract socially relevant signals from the disentangled preferences. Extensive experiments on real-world datasets demonstrate that both social and general RSs are highly vulnerable to such attacks, highlighting the urgent need for robust privacy protection mechanisms. To defend against these attacks, we introduce a Socially Adversarial Learning (SAL) defense mechanism that selectively obscures sensitive social information in user representations during training, effectively reducing privacy leakage. We further evaluate the effectiveness of our defense and discuss future directions for developing privacy-preserving mechanisms in social RSs. The code is at https://github.com/XuHao-bit/SMIA.
AB - The integration of social information into recommender systems (RSs) has gained significant popularity for enhancing recommendation performance and user experience. However, this practice introduces substantial privacy risks, particularly concerning the leakage of sensitive social relationships. While prior research has primarily focused on user-level and interaction-level privacy risks, the social relation-level privacy risks remain largely unexplored. To fill this gap, we investigate social privacy risks through membership inference attacks (MIA) and propose a Social relation-level MIA (SMIA) framework. Two key challenges arise: (1) the adversary can only access the recommended item IDs, which provide indirect and limited information about social relationships, and (2) extracting socially relevant preferences from recommendation results is inherently difficult. To tackle the first challenge, we leverage shadow models to transform sparse item IDs into dense features, enabling adversaries to effectively utilize recommendation outputs. For the second challenge, SMIA employs a dual-branch learning approach that disentangles social and behavioral preferences. Therefore, we can extract socially relevant signals from the disentangled preferences. Extensive experiments on real-world datasets demonstrate that both social and general RSs are highly vulnerable to such attacks, highlighting the urgent need for robust privacy protection mechanisms. To defend against these attacks, we introduce a Socially Adversarial Learning (SAL) defense mechanism that selectively obscures sensitive social information in user representations during training, effectively reducing privacy leakage. We further evaluate the effectiveness of our defense and discuss future directions for developing privacy-preserving mechanisms in social RSs. The code is at https://github.com/XuHao-bit/SMIA.
KW - Membership inference attack
KW - Privacy-preserving machine learning
KW - Social recommendation
UR - https://www.scopus.com/pages/publications/105011829366
U2 - 10.1145/3726302.3730086
DO - 10.1145/3726302.3730086
M3 - 会议稿件
AN - SCOPUS:105011829366
T3 - SIGIR 2025 - Proceedings of the 48th International ACM SIGIR Conference on Research and Development in Information Retrieval
SP - 1728
EP - 1737
BT - SIGIR 2025 - Proceedings of the 48th International ACM SIGIR Conference on Research and Development in Information Retrieval
PB - Association for Computing Machinery, Inc
T2 - 48th International ACM SIGIR Conference on Research and Development in Information Retrieval, SIGIR 2025
Y2 - 13 July 2025 through 18 July 2025
ER -