Walmart Inc.
METHODS AND APPARATUSES FOR DEFENDING AGAINST DATA POISONING ATTACKS IN RECOMMENDER SYSTEMS

Abstract:

A recommender system can include a defender computing device that is configured to obtain customer interaction data characterizing customer interactions with an ecommerce marketplace. The defender computing device can also be configured to determine an item recommendation based on the customer interaction data using a trained differentially private recommendation model and send the item recommendation to the customer. The trained differentially private recommendation model is more likely to determine the same item recommendation after poisoned data is injected into the customer interaction data than a recommendation model that is not privately trained.