RAID: An In-Training Defense against Attribute Inference Attacks in Recommender Systems

In various networks and mobile applications, users are highly susceptible to attribute inference attacks, with particularly prevalent occurrences in recommender systems. Attackers exploit partially exposed user profiles in recommendation models, such as user embeddings, to infer private attributes of target users, such as gender and political views. The goal of defenders is to mitigate the effectiveness of these attacks while maintaining recommendation performance. Most existing defense methods, such as differential privacy and attribute unlearning, focus on post-training settings, which limits their capability of utilizing training data to preserve recommendation performance. Although adversarial training extends defenses to in-training settings, it often struggles with convergence due to unstable training processes. In this paper, we propose RAID, an in-training defense method against attribute inference attacks in recommender systems. In addition to the recommendation objective, we define a defensive objective to ensure that the distribution of protected attributes becomes independent of class labels, making users indistinguishable from attribute inference attacks. Specifically, this defensive objective aims to solve a constrained Wasserstein barycenter problem to identify the centroid distribution that makes the attribute indistinguishable while complying with recommendation performance constraints. To optimize our proposed objective, we use optimal transport to align users with the centroid distribution. We conduct extensive experiments on four real-world datasets to evaluate RAID. The experimental results validate the effectiveness of RAID and demonstrate its significant superiority over existing methods in multiple aspects.

Energy Consumption Minimization in Secure Multi-antenna UAV-assisted MEC Networks with Channel Uncertainty

This paper investigates the robust and secure task transmission and computation scheme in multi-antenna unmanned aerial vehicle (UAV)-assisted mobile edge computing (MEC) networks, where the UAV is dual-function, i.e., aerial MEC and aerial relay. The channel uncertainty is considered during information offloading and downloading. An energy consumption minimization problem is formulated under some constraints including users' quality of service and information security requirements and the UAV's trajectory's causality, by jointly optimizing the CPU frequency, the offloading time, the beamforming vectors, the artificial noise and the trajectory of the UAV, as well as the CPU frequency, the offloading time and the transmission power of each user. To solve the non-convex problem, a reformulated problem is first derived by a series of convex reformation methods, i.e., semi-definite relaxation, S-Procedure and first-order approximation, and then, solved by a proposed successive convex approximation (SCA)-based algorithm. The convergence performance and computational complexity of the proposed algorithm are analyzed. Numerical results demonstrate that the proposed scheme outperform existing benchmark schemes. Besides, the proposed SCA-based algorithm is superior to traditional alternative optimization-based algorithm.