Defending Against Membership Inference Attack for Counterfactual Federated Recommendation With Differentially Private Representation Learning

When it comes to the marriage of federated learning and personalized recommendation services (FedRec), characterizing user-item interaction behaviors is a long-standing and unresolved issue, highlighting the growing data privacy concerns due to the inherent openness of recommender systems. As the new interaction-level membership inference attacks on FedRecs have recently surfaced, quite possibly such adversarial attacks act as the hidden confounders lying behind the interactive recommendation, resulting in the obstruction of the causal effect disentanglement on long-term user satisfaction. As such, tailored to the specifics of private learning, we propose a counterfactual interactive recommendation system that builds a differentially private representation learning based defender (CIRDP) to capture and mitigate the adversarial threats, augmenting causal inference-based interactive recommendation of FedRecs. When characterizing interaction-level membership inference attacks of the hidden eavesdropping adversary as the primary cause of adversarial effect on user satisfaction, CIRDP incorporates causal inference-augmented offline reinforcement learning (offline RL) into FedRecs. CIRDP innovatively provides counterfactual satisfaction by optimizing a sensitivity-guided disentangled representation module with an innovative two-fold mutual information objective. As such, CIRDP introduces a differentially private representation learning based defender, guaranteeing interaction behavior-level differential privacy (DP) with a significant reduction in privacy costs. Extensive comparisons demonstrate CIRDP's superiority over the state-of-the-art baselines in reducing inference attack threats and improving long-term success in the interactive recommendation.