Privacy-Preserving Representation Learning with Gradient Obfuscation against Attribute Inference for Recommendation

Modern and effective recommender systems leverage not only user-item interactions but also private attributes of users to bring promising performance. Protecting private attributes from being inferred by the adversary has become a vital issue in recommender systems. In this work, we formulate the problem of privacy-preserving representation learning for recommendation (PrP-Rec). The design of PrP-Rec is to generate embeddings of users and items so that two inference attacks can be effectively defended. One is item-based attribute inference attack (IAI-Attack), and the other is embedding-based attribute retrieval attack (EAR-Attack). To tackle the PrP-Rec problem, we present a novel framework, privacy-preserving Bayesian personalized ranking (PBPR). The key is to create a learnable gradient obfuscation vector and have it injected into the embedding learning of users and items. The objective of gradient obfuscation is devised to optimize with recommendation and privacy protection. Extensive experiments conducted on three benchmark datasets exhibit that PBPR can outperform competing methods of privacy-preserving recommendation in the top-K recommendation and effectively defending IAI-Attack and EAR-Attack.