Privacy preservation in recommender systems and federated learning
Lead Research Organisation:
University of Surrey
Department Name: Vision Speech and Signal Proc CVSSP
Abstract
Every major company with an online presence collects customer data in order to personalize recommendations. These recommender systems may be used to provide more appropriate content such as films, videos or music. Alternatively, they may recommend products or services via targeted adverts or personalized offers/discounts. In the modern era, many consumers are wary of retailers building too detailed a picture of them, which can feel invasive. This research project will attempt to develop algorithms for effective
recommender systems, which simultaneously preserve the customer's privacy. This is especially important in the context of modern federated learning, where user's data or model updates may be transported across insecure networks. This will be achieved using an adversarial learning approach, where two different AIs with competing objectives share the same latent feature representation. This latent representation will encode a particular users preferences, and will be the only thing stored by the retailer. The first AI will be the recommender system which attempts to predict future spending and watching habits of the user based on the stored preference embedding. The competing AI will be a spy system, which will attempt to recognise which user is being served, or to unpick past spending habits, based on their embedded preference epresentation. By jointly training a system which satisfies the first AI and confounds the second, we ensure that a user's embedded preferential representation remains effective, while remaining unobtrusive. The stages of this project will be to: (1) Develop a basic anonymized recommender system from which identity cannot be retrieved. (2) Develop a non-invertible variant, where it specifically becomes impossible to unpick previous spending habits from the stored preference data. (3) Develop a compositional/online variant, where preferences can be updated on the fly as users continue to interact with the system, without a need to revisit historical data in order to rebuild the preference embedding.
recommender systems, which simultaneously preserve the customer's privacy. This is especially important in the context of modern federated learning, where user's data or model updates may be transported across insecure networks. This will be achieved using an adversarial learning approach, where two different AIs with competing objectives share the same latent feature representation. This latent representation will encode a particular users preferences, and will be the only thing stored by the retailer. The first AI will be the recommender system which attempts to predict future spending and watching habits of the user based on the stored preference embedding. The competing AI will be a spy system, which will attempt to recognise which user is being served, or to unpick past spending habits, based on their embedded preference epresentation. By jointly training a system which satisfies the first AI and confounds the second, we ensure that a user's embedded preferential representation remains effective, while remaining unobtrusive. The stages of this project will be to: (1) Develop a basic anonymized recommender system from which identity cannot be retrieved. (2) Develop a non-invertible variant, where it specifically becomes impossible to unpick previous spending habits from the stored preference data. (3) Develop a compositional/online variant, where preferences can be updated on the fly as users continue to interact with the system, without a need to revisit historical data in order to rebuild the preference embedding.
Organisations
Studentship Projects
| Project Reference | Relationship | Related To | Start | End | Student Name |
|---|---|---|---|---|---|
| EP/R513350/1 | 01/10/2018 | 30/09/2023 | |||
| 2754539 | Studentship | EP/R513350/1 | 01/10/2022 | 31/03/2026 | Bucher Sahyouni |