Deep Forest-Based E-Commerce Recommendation Attack Detection Model

Mingxun, Zhu; Jiewu, Yin; Zhigang, Meng; Yanping, Wang

doi:https://doi.org/10.1155/2023/8413247

Security and Communication Networks

On this page

Abstract Introduction Literature Review Experimental Results Conclusion Data Availability Conflicts of Interest Acknowledgments References Copyright Related Articles

Research Article | Open Access

Volume 2023 | Article ID 8413247 | https://doi.org/10.1155/2023/8413247

Deep Forest-Based E-Commerce Recommendation Attack Detection Model

Zhu Mingxun,¹Yin Jiewu,¹Meng Zhigang,²and Wang Yanping¹

Academic Editor: Leandros Maglaras

Received20 Feb 2023

Revised18 Oct 2023

Accepted02 Nov 2023

Published21 Nov 2023

Abstract

With the advancement of Internet, recommendation systems have become an indispensable component for every e-commerce platform, playing an increasingly pivotal role in product recommendations. However, due to the recommendation mechanisms of these systems, numerous new attack patterns have emerged. A novel attack pattern targeting e-commerce recommendation systems, termed the “Ride Item’s Coattails” attack, fabricates false click information to deceitfully establish associations between popular products and low-quality products, intending to mislead the e-commerce platform’s recommendation system and promote the sales of substandard products. This article presents a recommendation system attack detection method based on the Deep Forest algorithm to address the challenges of these novel recommendation system attacks. Random forests are used for feature selection, aiming to filter crucial features and reduce feature redundancy. To tackle the issue of extreme class imbalance, a symmetric sampling technique based on k-means centroids is introduced. This approach addresses the incomplete noise filtering and sampling data comprehensiveness issues commonly found in undersampling algorithms. Considering the potential for even more imbalanced data in real-world scenarios, a combined strategy of undersampling and SMOTE resampling is used to handle imbalanced data. The proposed algorithm was trained on e-commerce “Ride Item’s Coattails” attack identification data from Alibaba Cloud’s Tianchi, which originates from genuine recommendation system attack data. The proposed method was compared with various deep learning and machine learning algorithms, such as DLMP and deep neural networks (DNN), for extensive validation. Experiments demonstrate that the proposed technique effectively meets the demands for attack detection.

1. Introduction

With the rapid growth of the Internet, the volume of network information and data has increased exponentially. Consequently, users are facing a significant challenge in obtaining the desired information, commonly referred to as “information overload.” In order to address this issue and cater to the personalized needs of individual users, personalized recommendation systems have emerged. These systems analyze users’ historical data to determine their preferences, guiding them from actively seeking interesting information to facilitating the discovery of relevant areas of interest. Moreover, personalized recommendation systems provide tailored recommendations for individual users, effectively meeting the diverse needs of a large user base.

The introduction of recommendation systems has greatly facilitated users’ daily information retrieval and mitigated the problem of information fatigue caused by information overload [1]. These systems are not only extensively used in various e-commerce platforms but are also pervasive across the entire Internet industry.

In recommendation systems, there are common recall paths, namely, user-to-item (U2I) and item-to-item (I2I). In order to enhance the timeliness and accuracy of recommendations, platforms continuously update U2I and I2I in real time based on user behavior information gathered from the entire network. Recommendations are made by considering the relevance to users’ recent behavioral data. However, this unique recommendation mechanism can be exploited by unscrupulous merchants who seek to establish an artificial connection between their own products and popular items. These merchants may hire users to click on both popular items and their own products, in an attack commonly known as “Ride Item’s Coattails” or “Coattail Attack.” This deceptive behavior is characterized by its high level of concealment and its potential to cause significant damage to e-commerce recommendation systems, ultimately affecting the usability and shopping experience of users [2].

E-commerce recommendation systems play a critical role in the functionality of e-commerce platforms. They offer personalized product recommendations based on users’ browsing preferences, purchase history, and various other factors. By optimizing the shopping experience and customer satisfaction, these systems contribute to increased sales and profits for e-commerce platforms. However, as recommendation systems continue to advance, new forms of attacks have emerged. These malicious attacks not only negatively impact user experience but also result in substantial economic losses and reputational damage to e-commerce platforms.

Thus, it is crucial to develop an effective model for detecting e-commerce recommendation attacks. This is essential for ensuring platform security, enhancing trustworthiness, and improving user satisfaction. In response to the recent emergence of the “Ride Item’s Coattails” or “Coattail Attack” behavior, this paper proposes a recommendation attack detection model based on the deep forest algorithm. The model uses feature selection through random forests to reduce redundancy and select important features. To address the challenge of extreme class imbalance, a symmetric sampling method based on k-means centroids is introduced. This method overcomes the issues of incomplete noise filtering and information loss commonly associated with undersampling algorithms. The proposed algorithm is trained using real recommendation system attack data obtained from Alibaba Cloud Tianchi, specifically the “Coattail Attack” identification dataset. A comparative analysis is conducted between the proposed algorithm and commonly used detection models in the industry. Experimental results demonstrate the superiority of the proposed method in detecting attacks, surpassing the performance of commonly used attack detection algorithms.

In summary, the development of an effective e-commerce recommendation attack detection model holds significant importance in safeguarding platform security, enhancing platform credibility, and improving user satisfaction. The contributions of this paper can be summarized as follows:(1)Presented a novel recommendation attack detection model for e-commerce platforms, leveraging the deep forest algorithm specifically tailored to identify the “Ride Item’s Coattails” attack in e-commerce recommendation systems.(2)Introduced a symmetric undersampling method based on k-means centroids, effectively addressing the issues commonly encountered in undersampling algorithms, such as incomplete noise filtering and information loss. This method significantly enhances the model’s performance.(3)Empirically evaluated the proposed model using a real-world dataset comprising attacks in e-commerce recommendation systems and conducted comparative analysis against other relevant models. The experimental results validate the efficacy and efficiency of the proposed attack detection algorithm.

2. Literature Review

Attack detection has always been a critical research area in the field of network security, which aimed at identifying network attacks by monitoring network traffic and user behavior to ensure network security and stability. In recent years, the increasing stealthiness of attack behaviors and the emergence of artificial counter-detection techniques have posed increasingly severe network security threats. In response to different types of attacks, the academic community has conducted extensive research, focusing on the following key aspects:

Feature selection and extraction algorithms: Wang et al. [3], 4] have utilized methods such as Bayesian networks and voting mechanisms to select features, yielding favorable results in specific attack scenarios. Hu et al. [5] have proposed a two-stage deep feature selection algorithm for selecting feature subsets, which effectively extracts optimal feature subsets and enhances classification accuracy.

Anomaly detection algorithms: Anton et al. [6] have applied classical machine learning methods to anomaly detection, but these approaches are not effective in detecting new attack types. Cheng et al. [7] have introduced a tuned random forest algorithm for anomaly detection, which exhibits high data requirements and is significantly affected by noise values. He et al. [8–10] have conducted dimensionality reduction and anomaly detection on data using feature clustering methods and support vector machines. These methods demonstrate good detection performance for small-sample datasets but may not be ideal for large sample datasets.

Deep learning algorithms: Lin et al. [11] proposed a deep learning-based intrusion detection model that incorporates both spatial and temporal features of network intrusions, achieving notable performance on the dataset. Kumar and Sniha [12, 13] proposed a novel unified intrusion detection algorithm that uses information gain for feature selection but is limited in identifying a specific number of intrusion types. Wang et al. [14, 15] applied convolutional neural networks to network intrusion detection, demonstrating higher accuracy compared to traditional machine learning techniques. Tran et al. [16, 17] utilized DNN for fault detection in instant messaging and proposed an integrated IoT architecture based on deep neural networks, showcasing superior performance and ease of implementation compared to state-of-the-art algorithms. Additionally, statistical methods have been used to establish equivalence between Kalman filters and specific least squares regression problems, enabling the construction of robust Kalman filters for solving state estimation problems caused by various network attacks such as pulse, ramp, and DoS attacks [18].

Attack detection in e-commerce recommendation systems also falls under the domain of network attack detection. Its primary objective is to ensure fairness and stability within recommendation systems. With the widespread adoption of recommendation systems in e-commerce platforms, detecting attacks has become a prominent research issue for scholars [19]. Notable attacks that significantly impact recommendation systems include shilling attacks, group attacks, and the recently emerged “Ride Item’s Coattails” attack.

Shilling attacks refer to deceptive behavior within recommendation systems, where users create fake accounts or manipulate user preferences to obtain favorable recommendations and deceive the system. These fabricated users or preference data can result in inaccurate recommendations. In shilling attack detection, Zhou [20, 21] used neural networks that consider centrality features, user rating history, and latent features, demonstrating effective detection capabilities. Jia et al. [22] constructed a classification model based on rating distribution and select different features as classification attributes based on information gain, achieving effectiveness in shilling attack detection, albeit with increased processing time. Wang et al. [23] proposed a shilling attack detection algorithm based on supervised prototype variational autoencoders (SP-VAE), which performs well even in the cold start scenario of shilling attacks. Zayed et al. [24] proposed an enhanced technique using supervised learning in collaborative recommendation systems to detect shilling attacks, requiring high-quality data but yielding average classification performance when labeled data is limited.

Group attacks involve malicious users or organizations collaborating to deceive recommendation systems for their own gain. These attacks use collective activities, shared interests, and other means to manipulate recommendation results, leading to incorrect recommendations or interference with normal users’ recommendations. In group attack detection, Wu et al. [25] constructed features from multiple data sources for group attack detection, which performs well on synthetic datasets. Wu [26, 27] detected group attacks by building a graph neural network attack detection model and a semisupervised model based on clustering and graph convolutional networks. These methods exhibit good timeliness in detecting mixed attacks.

“Ride Item’s Coattails” refers to the deceptive correlation established between popular products and low-quality products through the creation of false click information. Its aim is to mislead e-commerce platform recommendation systems and promote the sale of low-quality products. To address large-scale fraudulent deception, Zhao et al. [28] proposed the fraud awareness impression regulation (FAIR) system, a data-driven approach that effectively regulates users’ fraudulent behavior in real-time on large e-commerce platforms. Li et al. [2] analyzed and summarized the characteristics of false click information generated by attackers in “Ride Item’s Coattails” attacks. Xu et al. [29] proposed a group shilling attack detection solution based on multidimensional user features and collusion behavior analysis. They design a set of indicators to measure abnormal user behavior and identify anomalous users using a feature similarity matrix. This method is suitable for detecting multistrategy group attacks.

This paper introduces an e-commerce recommendation attack detection model based on an enhanced deep forest algorithm. It validates and analyzes the model using a large-scale dataset of real false click data, demonstrating the feasibility of the proposed approach.

3.1. Random Forest for Evaluating Feature Importance

Random forest is an ensemble classifier based on the bagging technique, which combines multiple fully grown decision trees. In classification prediction, the class label of a sample is determined by taking a majority vote of the class labels produced by these decision trees [30].

The feature importance evaluation in random forest can be achieved through various methods, one of which is based on the Gini coefficient. The calculation method for the Gini coefficient is as follows:where k represents the k classes, p_k represents the weight of the sample in classk. The importance of a feature at node m, which is the change in the Gini coefficient before and after the branching of node m, can be calculated as follows:where GI_l and GI_r represent the Gini coefficients of the two new nodes after branching.

If a feature appears in the nodes of tree i in the set M, then its importance in the i-th tree is as follows:

Assuming that there are n trees in the random forest, then

The obtained importance scores are normalized as follows:where the denominator is the sum of all feature gains and the numerator is the Gini coefficient of feature j.

Based on the feature importance ranking of random forest, further analysis and optimization of data features can be conducted. This includes selecting important features and eliminating redundant ones, which can enhance the training effectiveness and prediction accuracy of the model.

In the e-commerce environment, different online retail platforms place varying emphasis on specific features. Consequently, during the actual feature selection process for a model, the platform’s significant features are weighted before conducting feature importance analysis and selection.

3.2. Centroid Symmetric Sampling

The centroid is the mean of all data in a cluster and it represents the characteristic value of the data in the cluster. However, the centroid is not necessarily a sample in the cluster and cannot fully reflect the overall distribution characteristics of the cluster. Therefore, we propose centroid symmetric sampling based on the centroid-centered distance to preprocess imbalanced datasets with positive and negative classes.

Centroid sampling first extracts the positive and negative class data from the dataset. For the negative class data, k-means algorithm is used to cluster and obtain the centroids of each cluster. Then, sampling is performed based on the centroid-centered distance. This method can preserve the data distribution of each cluster to the maximum extent and ensure the effectiveness of sampling. The functionality simulation of centroid symmetric sampling is shown in Figure 1 (Algorithm 1).

(1)	Extract majority class data from the dataset.
(2)	Apply the k-means algorithm to cluster the majority class data.
(3)	Output: Set of cluster divisions.
(4)	Data within each cluster.
(5)	Number of clusters, k.
(6)	for i = 1, 2, 3, …, k do
(7)	Compute the distance from each sample in the cluster to the centroid using Algorithm 1.

	Where represents a sample point in the cluster, represents the cluster centroid.
(8)	Sort the samples within the cluster in descending order based on their distances.
	for j = 1, 2, 3, …, do
	If

	Sigma represents the mean of the sample distances, represents the total number of samples sampled within each cluster.
(9)	Identify and remove outliers.
(10)	Select the first sample based on Algorithm 1.

	Represents the i-th farthest distance midpoint.
	if exit
(11)	end for
(12)	end for

The centroid symmetric undersampling algorithm effectively handles the problem of extreme class imbalance in the data. It selects samples based on the distribution of the majority class data, preserving the original data distribution while optimizing it by removing outliers.

3.3. SMOTE Resampling

SMOTE resampling is a prevalent resampling algorithm. Its fundamental idea revolves around balancing the dataset by generating new synthetic samples through interpolating between the minority class samples, thereby enhancing the model’s performance.

The specific formula for the SMOTE algorithm is as follows:(1)Suppose there is a minority class sample . The k nearest neighboring samples for this sample are denoted as (2)For each sample , select a random number r, where (3)For each feature j, (a)Compute the difference (b)Generate the synthetic sample Repeat step 2 until an adequate number of synthetic samples are generated. Considering the severe imbalances that might arise in real-world scenarios, this study uses a combined data processing approach of centroid undersampling and SMOTE resampling. The balance ratio between them is dynamically determined based on the specific dataset, ensuring that the model maintains commendable performance even under extremely imbalanced conditions.

3.4. Deep Forest Algorithm

The deep forest algorithm, proposed by Zhou et al. [31], is a deep learning model that distinguishes itself from traditional deep neural networks (DNNs). Structurally, deep forest can be described as a multigranularity cascading forest. It resembles convolutional neural networks (CNNs) which uses multiple scanning windows of various granularities to sample input data and extract features. This approach enhances its capability to learn data features effectively. The multigranularity scanning algorithm further strengthens the feature extraction capability of deep forest for input data. Each layer in deep forest performs feature extraction and dimensionality reduction on the input data, transmitting the extracted features to the subsequent layer. By utilizing the multigranularity scanning algorithm, the input data can undergo feature extraction and dimensionality reduction at different scales, thereby enhancing the model’s robustness and generalization ability. The overall architecture of deep forest is depicted in Figure 2.

From Figure 2, it can be observed that the depth structure of the deep forest refers to a tree structure composed of multiple depth levels. This tree structure enhances the expressive power of the model, where each level can capture different features. Deeper levels enable the model to learn more complex features. In another sense, this hierarchical learning aids the model in identifying more significant features since each level extracts higher-level features based on the preceding level. Additionally, this depth structure effectively enhances the model’s robustness. Each depth structure in the deep forest is independently trained, reducing the risk of overfitting to the training data. The ensemble of multiple depth structures provides better generalization performance and robustness while reducing the model’s variance.

In the deep forest algorithm, the design of the depth structure is a crucial task. This study primarily focuses on designing the depth structure of the model by setting the number of levels in the deep forest, incorporating dropout functions for each level, and selecting the base classifiers for ensemble. Additionally, adjustments and optimizations of the depth structure can be made by tuning the number of nodes in the model, modifying the feature selection methods within the levels, and selecting different depth ensemble techniques. These steps aim to achieve optimal performance and effectiveness in the model.

The deep forest algorithm exhibits powerful computational capabilities, high accuracy, a reduced number of hyperparameters and excels in small-sample datasets. It has been extensively applied in various domains such as computer vision, natural language processing, and medical image processing. Moreover, it is well-suited for diverse attack detection environments. Hence, in this study, the deep forest algorithm is selected as the foundational classification model to enhance the performance of attack detection. This improvement is achieved through feature processing, undersampling, data augmentation, and other relevant methods.

3.5. Deep Reinforcement Learning

Given the diverse array of attacks a model may face, it is imperative that the model can continually learn and adapt to varying external attacks. Reinforcement learning, with its capacity to learn and optimize models based on environmental changes through reward functions, can effectively adapt to a multitude of attacks, offering significant benefits for attack detection. Reinforcement learning is predicated on the Markov decision process (MDP) theory, represented by the quadruple (S, A, T, and R). Here, S denotes the set of all states, A represents a finite set of actions, T signifies the mapping of actions to state transitions, and R indicates the rewards garnered from executing actions. Through MDP, an optimal strategy is provided for every state to achieve rewards and derive the best solution.

Building upon the MDP theory, reinforcement learning can use various algorithms to decipher the optimal strategy, including value iteration, policy iteration, Q-learning, and SARSA. In reinforcement learning, agents garner experiential data through interactions with the environment, progressively refining the decision-making process. By incessantly interacting with the environment and adjusting strategies and value functions based on acquired reward signals, agents master making advantageous decisions in intricate settings.

The specific steps to apply reinforcement learning in a deep forest attack detection model are as follows:

3.5.1. Reward Function Design

(1)True positive (TP): Assign a positive reward when an attack is correctly identified by the model.(2)True negative (TN): Bestow a smaller positive reward when the model accurately recognizes nonattack events.(3)False positive (FP): Impose a penalty when the model erroneously labels nonattack events as attacks.(4)False negative (FN): Administer a substantial penalty when the model fails to detect genuine attacks.

The reward function is expressed as follows:

Here, , , are the reward values for respective cases.

3.5.2. Policy Design Method Based on Q-Learning

Initialization: Initialize the action-value function to zero. Choose an initial state s and an initial action a.

Loop: Execute action a and observe the reward r and new state .

Update Q value:

Using the ε-greedy policy, select the next action a′.

Update state and action: and

Termination: If a certain condition is met (e.g., the model’s performance reaches a predetermined threshold), then terminate the loop.

Using this method, the model can iteratively learn how to adjust its structure and parameters based on different states and received rewards, optimizing its attack detection performance.

4. Experimental Results

4.1. Dataset

In this study, we utilized the “embrace the leg” attack detection dataset from Alibaba Cloud Tianchi. The dataset consists of 1 million offline training data samples and 100,000 test data samples. It includes fields such as UUID, user’s product access time, user ID, product ID, product and user attribute features, and labels. The descriptions of each field are presented in Table 1:

4.2. Data Analysis and Preprocessing

4.2.1. Removing Duplicate Values

Duplicate samples with the same user ID and product ID are removed. In the negative class data, duplicate user IDs are deleted. The results after processing are shown in Figure 3.

In Figure 3, it is evident that the training set contains a notable proportion of duplicate samples, approximately 28.7% in total. This finding highlights the significant presence of duplicated data within the dataset.

4.2.2. Feature Correlation Analysis

The given dataset consists of 152 anonymous features representing product and user attributes. The first 72 dimensions correspond to product features, while the remaining 80 dimensions represent user features. These features are named based on alphabetical prefixes and numerical indices. Visualizations of feature correlation matrices for product features and user features are presented in Figures 4 and 5, respectively.

From Figures 4 and 5, it can be observed that the feature correlation coefficient matrices exhibit several dark-colored blocks, indicating the presence of multicollinear features and a significant amount of feature redundancy. The colors in the heatmap of product features (Figure 4) are generally darker compared to Figure 5, indicating a stronger correlation between product features and the target variable. In the heatmap of user features, three noticeable blank areas can be observed, indicating the presence of three ineffective features: u148, u149, and u150.

4.2.3. Extracting Important Features with Random Forest

The random forest algorithm is utilized to evaluate the importance of features in the training set and rank them. The top 10 important features selected are shown in Figure 6.

The density distribution curves of these 10 important features are shown in Figures 7–16:

From the density distribution plots of the ten important features selected by random forest on the training set and test set, it can be observed that there are significant feature differences between the two sets. The substantial feature differences indicate a higher requirement for the model’s generalization ability.

4.2.4. Data Augmentation

Based on the dataset description provided, it is noted that the label is defined as malicious (label = 1) only when both the user and the product are malicious. In all other cases, it is considered a nonmalicious behavior. The relationship between normal and malicious behaviors is illustrated in Figure 17.

As shown in the relationship graph between normal and malicious users, even if a user is malicious, clicking on a normal product is still considered a normal behavior and vice versa. Following this rule, relevant labels can be assigned to some unlabeled data (label = −1), thereby increasing the training data. Labeling the unlabeled data is primarily accomplished by establishing a blacklist and whitelist rule. The process is depicted in Figure 18, with the specific steps outlined as follows:(1)For samples with label = 1, indicating positive samples where both the user and the product are malicious, mark the user ID and product ID as blacklist IDs.(2)For samples with label = 0, in conjunction with the blacklist user and product IDs from the positive samples, two scenarios can be derived: the first scenario consists of a blacklist user ID with an unknown product ID, and the second scenario consists of an unknown user ID with a blacklist product ID. Based on the data interpretation of the labeled samples, one attribute is the blacklist ID, and the other attribute is considered normal, resulting in two whitelist scenarios.(3)For samples with label = −1, check if they meet the blacklist and whitelist rules. If both the user and product IDs are blacklist IDs, assign label = 1. If either the user or product ID is a whitelist ID, assign label = 0.

The data changes after processing based on the black and white list rule are shown in Figure 19. The data augmentation based on black and white list rules has shown excellent results. A total of 51,113 valid data samples were added to the train dataset through this method. Among them, the positive class data increased by 2,796 samples, accounting for a 28.9% increase, while the negative class data increased by 48,336 samples, which corresponds to a 119% increase. The data augmentation technique has significantly increased the number of effective data samples, alleviating the issue of insufficient training data.

4.3. Evaluation Metrics

For e-commerce attack detection models, the primary objective is to correctly distinguish between malicious and benign activities. Among the plethora of model evaluation metrics, two stand out as particularly relevant. The first is the true positive rate, also known as recall. Recall measures the model’s capability to correctly identify attacks. In the context of thwarting e-commerce attacks, a high recall implies the model’s proficiency in capturing a vast majority of malicious activities, thus safeguarding the system from potential threats. The second metric is precision. Precision gauges the fraction of instances labeled as attacks by the model that are genuinely malicious. A high precision denotes a lower false alarm rate, minimizing undue interruptions to legitimate users and operations.

The F1-score is the harmonic mean of precision and recall, providing a consolidated metric to assess the model’s balance between these two parameters. Maintaining a harmonious balance between precision and recall is pivotal when combating e-commerce attacks. Hence, the F1-score serves as a robust representation of the model’s actual detection efficacy. Additionally, the area under the receiver operating characteristic curve (AUC-ROC) is noteworthy. AUC-ROC quantifies the model’s performance across all conceivable classification thresholds. It offers a holistic perspective on the model’s differentiation capacity between positive and negative instances, which is paramount for e-commerce attack detection models.

4.3.1. Summation Average (F1)

F1-score is the summed average of precision and recall and is an important measure for classification problems, which is calculated as follows:

4.3.2. AUC-ROC

The area under the receiver operating characteristic curve (AUC-ROC) quantifies the area beneath the ROC curve. The ROC curve is plotted with the false positive rate (FPR) on the x-axis and the true positive rate (TPR) on the y-axis. The formulae for these rates are as follows:

4.4. Model Design

In the model training process, dropout functions are applied at the exit of each layer to prevent overfitting and improve the model’s generalization ability. Dropout is a commonly used regularization technique in neural networks that eliminates the interdependence of features, making the learned features more independent and effectively reducing overfitting. Deep forest can be considered as a neural network structure, and dropout can be used to enhance its generalization ability. The addition of dropout functions in the deep forest model is shown in Figure 20.

The chosen deep forest model for this study is the DF21 model, as described in “A Practical Deep Forest for Tabular Datasets.” This model is a well-packaged version that has undergone extensive optimization. When trained on tabular datasets with tens of millions of records, it significantly reduces the memory footprint. Utilizing this encapsulated model addresses, to some extent, inherent issues of deep forests, such as memory consumption and CPU-only training capabilities. Given that e-commerce attack detection data primarily consists of character-type data, and the multigranularity scanning algorithm exhibits superior performance with image processing, only the cascading forest component of the deep forest was used in the constructed model.

4.4.1. Algorithm Optimization Hyperparameter Tuning

In the DF21 model, the primary hyperparameters that need adjustment include those of the cascading forest, with each cascading layer comprising multiple random forests and completely random forests. The size and configuration parameters of each random forest and completely random forest influence the model’s performance and complexity.

The structure of the cascade is also a crucial hyperparameter. Increasing the number of layers may enhance the model’s complexity and performance but might also lead to overfitting. However, the number of layers in the cascading structure can be determined adaptively, ensuring that the model’s complexity does not have to be a manually set hyperparameter. Instead, it becomes an automatically determined parameter based on the data. In our configuration, if there is no improvement in the F1 score within three layers, the building process stops, with a maximum cap set at 100 layers.

For hyperparameter tuning within the cascading forest’s random forests and completely random forests, we used grid search to obtain the optimal parameters.

The optimal hyperparameters are presented in Table 2.

(1) Optimal Threshold Selection. To enable the model to distinguish attack data more accurately, a threshold search method can be used, allowing the model to identify a threshold that yields a higher F1 score.

The specific steps are as follows:

First, train and save a deep forest model that outputs using a sigmoid function.

Load the saved model and conduct a threshold search on the validation set to identify the optimal threshold where the F1-score is maximized.

Append the optimal threshold to the final layer of the model, converting the sigmoid output into 0/1 labels.

Save and freeze the model.

(2) Distributed Computing. The complex structure of the deep forest model necessitates significant computational resources, resulting in extended inference times. To reduce these inference times, the “ForestLayer” distributed by deep forest system is used, wherein each forest is divided into multiple subforests, with each subforest corresponding to a computational task. “ForestLayer” is an efficient and scalable system specifically designed for training deep forest models on distributed task-parallel platforms. It outperforms both gcForest and tfForest, achieving speed-ups of 7 to 20.9 times on various datasets. Additionally, it boasts near-linear scalability and excellent load balancing.

By leveraging “ForestLayer,” multiple trees can be trained and predicted simultaneously. This not only reduces the model’s training time but, when applied in real-world scenarios, also allows for the distribution of the model’s computational demands across idle computing resources. This distribution, in turn, minimizes the model’s resource consumption. A schematic representation of distributed computing is shown in Figure 21.

The figure illustrates three cascading layers, where each cascading layer encompasses two random forests and two completely random forests. Data partitioning: Within each learner box, the small rectangles represent data partitions processed by each learner across three distinct computing nodes. Model Training: Each node independently undertakes model training, facilitating parallel execution. Early Stopping Check: After each cascading layer, there’s an early stopping check to determine the necessity of adding additional cascading layers.

4.5. Result Comparison

Based on the prepared training and test datasets, deep forest models were constructed for detecting attack behavior. The selected base classifiers are extremely forest and random forest with default hyperparameters. In addition, the training process includes dropout techniques to mitigate the overfitting problem and improve the performance of the proposed deep forest model. The performance of the deep forest algorithm is evaluated by comparing it with other machine learning models (DLMP and DNN). All models were compared fairly using the same training and test datasets with default hyperparameters. Figure 22 shows the accuracy of each algorithm.

From Figure 22, it can be observed that the performance of the three algorithms is relatively close on the test set. GCF exhibits slightly better overall performance than DLMP and DNN models. GCF has the highest accuracy, and the F1-scores of the three models are comparable. In terms of precision, GCF model slightly outperforms DLMP and DNN models, with DLMP model having the lowest score.

To verify whether the model’s accuracy improves with an increase in the training dataset, we augmented the dataset with additional training data from an online source. The results showed a slight improvement compared to the model before augmentation, indicating that the overall scores of the model tend to increase with an increase in the training dataset.

5. Conclusion

In this paper, a deep forest-based model for detecting e-commerce recommendation attacks has been proposed. Feature correlation analysis using random forests has been used to identify and remove irrelevant features. In the feature processing stage, data augmentation was performed on positive class data using the black-white list rule, greatly increasing the effective training data. A centroid undersampling method was proposed to handle severely imbalanced data, along with outlier removal. Furthermore, a comparative analysis with commonly used anomaly detection and classification algorithms in the industry was conducted, demonstrating that the proposed model can be used for detecting e-commerce recommendation attacks. Future work can involve applying this model to real-world recommendation systems for real-time detection of network attack behaviors.

5.1. Online Implementation Approach

To genuinely deploy this model online, a series of engineering challenges must be addressed. As a result, the model has not yet been fully implemented online. Key issues to address for online implementation include as follows:

Technical component aspect: AI flow can be utilized to define the entire workflow, with Flink used as the real-time computing engine. The core prediction process is accomplished using Cluster Serving.

5.2. Future Work

Although the experiments described in this article have demonstrated that using the deep forest algorithm offers commendable performance for e-commerce recommendation attack detection, it is vital to recognize that in a real e-commerce environment, the real-time detection efficiency of the model is equally crucial. While distributed computing can enhance the prediction efficiency of the model, the significant computational resource consumption remains a challenge to overcome. In this context, as part of future work, this study can be further expanded to reduce the model’s resource consumption.

Lastly, the “No Free Lunch” theorem suggests that there is no universally superior learning algorithm. Every algorithm requires continuous learning and refinement. Future work aims to further enhance attack detection accuracy and efficiency by combining larger models and applying them genuinely in real-world scenarios.

Data Availability

Most of the data, models, and code generated or used in the course of the study are included within the article. Copies are also available from the corresponding author upon request for use (mzg541@126.com).

Conflicts of Interest

The authors declare that they have no conflicts of interest.

Acknowledgments

This research was supported by the Humanities and Social Sciences Fund of the Ministry of Education Project (21YJAZH051), Hunan Provincial Social Science Foundation Project (22YBA302 and 21YBA265), and Hunan Provincial Social Science Achievements Evaluation Committee (XSP2023JJC043 and XSP2023GLC021).

References

C. Duan, “Research on collaborative filtering recommendation system tor attack detection algorithm,” Northwest Normal University, Lanzhou, China, 2021, Dissertation.
View at: Publisher Site | Google Scholar
J. Li, L. Zhao, J. Huang et al., “Large-scale fake click detection for e-commerce recommendation systems,” in Proceedings of the 2021 IEEE 37th International Conference on Data Engineering (ICDE), Chania, Greece, April 2021.
View at: Google Scholar
P. Wang, J. Zhou, Z. Cheng, and W. Zhang, “XSS attack detection based on bayesian networks,” Journal of University of Science and Technology of China, vol. 49, no. 2, pp. 166–172, 2019.
View at: Google Scholar
Q. Huang, L. Li, F. Shen, and W. Tongquan, “Network anomaly traffic detection based on ensemble feature selection,” Journal of East China Normal University, vol. 220, no. 6, pp. 100–111, 2021.
View at: Google Scholar
Y. Hu, L. Zhao, and X. Dong, “A two-stage deep feature selection extraction algorithm for cancer classification,” Computer Science, vol. 49, no. 7, pp. 73–78, 2022.
View at: Google Scholar
S. D. Anton, S. Kanoor, and D. Fraunholz, “E-valuation of machine learning-based anmaly detection, algorithms on an industrial Modbus/TCP data set,” in Proceedings of the 13th International Conference on Availability, Reliability and Security, vol. 41, no. 1, pp. 1–9, Hamburg, Germany, August 2018.
View at: Google Scholar
H. Cheng, Y. Wang, H. Shan, W. Gao, and H. Wu, “Application and optimization of random forest algorithm in intrusion detection system,” Industrial Control Computer, vol. 32, no. 6, pp. 118–120, 2019.
View at: Google Scholar
Y. He, Q. Zhou, T. Cheng, and Q. Wang, “Research on combination clustering algorithm based on improved K-medoids and outlier detection,” Journal of Dalian University of Technolgy, vol. 62, no. 4, pp. 403–410, 2022.
View at: Google Scholar
F. He, H. Ma, X. Wang, and F. Anran, “Research on intrusion detection system based on feature group clustering,” Computer Engineering, vol. 46, no. 10, pp. 194–198, 2020.
View at: Google Scholar
Y. Chi, Z. Ling, and Z. Wang, “intrusion detection system based on support vector machine and adaboost,” Computer Engineering, vol. 45, no. 10, pp. 183–188, 2019.
View at: Google Scholar
S. Lin, F. Shang, Z. Gao, D. Shan, and W. Shang, “Intrusion detection model based on deep learning,” Control Engineering, vol. 28, no. 9, pp. 1873–1878, 2021.
View at: Google Scholar
D. A. Kumar and U. I. D. S. Sinha, “A unified intrusion detection system for IoT environment,” Evolutionary Intelligence, vol. 14, p. 4759, 2021.
View at: Google Scholar
A. Agarwal, P. Sharma, M. Alshehri, A. A. Mohamed, and O. Alfarraj, “Classification model foraccuracy and intrusion detection using machine learning approach,” Peer Journal of Computer Science, vol. 7, no. 3, p. e437, 2021.
View at: Publisher Site | Google Scholar
M. Wang and L. Jian, “Network intrusion detection system based on convolutional neural network,” Information Security Research, vol. 3, no. 11, pp. 990–994, 2017.
View at: Google Scholar
S. Guan and Y. Zhou, “Split and downsampling convolutional neural network for intrusion detection,” Science Technology and Engineering, vol. 22, no. 36, pp. 16108–16115, 2022.
View at: Google Scholar
M.-Q. Tran, M. Amer, A. Dababat et al., “Robust fault recognition and correction scheme for induction motors using an effective IoT with deep learning approach,” Measurement, vol. 207, Article ID 112398, 2023.
View at: Publisher Site | Google Scholar
M. Elsisi and M.-Q. Tran, “Development of an IoT architecture based on a deep neural network against cyber attacks for automated guided vehicles,” Sensors, vol. 21, no. 24, p. 8467, 2021.
View at: Publisher Site | Google Scholar
M. Elsisi, M. Altius, S.-F. Su, and C.-L. Su, “Robust kalman filter for position estimation of automated guided vehicles under cyberattacks,” IEEE Transactions on Instrumentation and Measurement, vol. 72, Article ID 1002612, 12 pages, 2023.
View at: Publisher Site | Google Scholar
L. Yan, “Group attack detection algorithm based on target item recognition in recommender systems,” Yanshan University, Qinhuangdao, China, 2019, Dissertation.
View at: Google Scholar
T. Zhou, “Research and implementation of trust attack detection based on graph node centrality features,” Chongqing University, Chongqing, China, 2018, Dissertation.
View at: Google Scholar
W. Yuan, “Research on trust attack detection method based on time series,” Tianjin University of Technology, Tianjin, China, 2020, Dissertation.
View at: Google Scholar
J. Jia and C. Duan, “Trust attack detection algorithm based on score discrepancy,” Journal of Computer Engineering and Science, vol. 44, no. 3, pp. 554–562, 2022.
View at: Google Scholar
X. Wang, H. Zhao, Y. Wang, H. Tao, and J. Cao, “Supervised prototypical variational autoencoder for shilling attack detection in recommender systems,” in Data Mining and Big Data. DMBD 2022, Y. Tan and Y. Shi, Eds., vol. 1745, Springer, Singapore, 2022.
View at: Google Scholar
R. A. Zayed, H. A. Hefny, L. F. Ibrahim, and H. A. Salman, “An enhanced method for detecting attack in collaborative recommender system,” in Proceedings of the 2023 1st International Conference on Advanced Innovations in Smart Cities (ICAISC), pp. 1–5, Jeddah, Saudi Arabia, May 2023.
View at: Google Scholar
Z. Wu, “Group Fraud attack detection based on multiple data sources,” Yanshan University, Qinhuangdao, China, 2021, Dissertation.
View at: Google Scholar
Y. Hao, G. Meng, J. Wang, and C. Zong, “A detection method for hybrid attacks in recommender systems,” Information Systems, vol. 114, Article ID 102154, 2023.
View at: Publisher Site | Google Scholar
H. Cai, J. Ren, J. Zhao, S. Yuan, and J. Meng, “KC-GCN: a semi-supervised detection model against various group shilling attacks in recommender systems,” Wireless Communications and Mobile Computing, vol. 2023, Article ID 2854874, 15 pages, 2023.
View at: Publisher Site | Google Scholar
L. Zhao, J. Song, S. Hu et al., “FAIR: Fraud aware impression regulation system in large-scale real-time E-commerce search platform,” in Proceedings of the 2019 IEEE 35th International Conference on Data Engineering (ICDE), pp. 1898–1903, Macao, Macao, April 2019.
View at: Google Scholar
Y. Xu, P. Zhang, H. Yu, and F. Zhang, “Detecting group shilling attacks in recommender systems based on user multi-dimensional features and collusive behaviour analysis,” The Computer Journal, vol. 122, 2023.
View at: Publisher Site | Google Scholar
W. Fang, X. Liang, S. Li, L. Chiaraviglio, and N. Xiong, “Vmplanner: optimizing virtual machine placement and traffic flow routing to reduce network power costs in cloud data centers,” Computer Networks, vol. 57, no. 1, p. 179, 2013.
View at: Google Scholar
Z. H. Zhou and J. Feng, “Deep forest,” National Science Review, vol. 6, no. 1, pp. 74–86, 2018.
View at: Publisher Site | Google Scholar

Copyright

Copyright © 2023 Zhu Mingxun et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Security and Communication Networks

Deep Forest-Based E-Commerce Recommendation Attack Detection Model

Abstract

1. Introduction

2. Literature Review

3. Related Methods

3.1. Random Forest for Evaluating Feature Importance

3.2. Centroid Symmetric Sampling

3.3. SMOTE Resampling

3.4. Deep Forest Algorithm

3.5. Deep Reinforcement Learning

3.5.1. Reward Function Design

3.5.2. Policy Design Method Based on Q-Learning

4. Experimental Results

4.1. Dataset

4.2. Data Analysis and Preprocessing

4.2.1. Removing Duplicate Values

4.2.2. Feature Correlation Analysis

4.2.3. Extracting Important Features with Random Forest

4.2.4. Data Augmentation

4.3. Evaluation Metrics

4.3.1. Summation Average (F1)

4.3.2. AUC-ROC

4.4. Model Design

4.4.1. Algorithm Optimization Hyperparameter Tuning

4.5. Result Comparison

5. Conclusion

5.1. Online Implementation Approach

5.2. Future Work

Data Availability

Conflicts of Interest

Acknowledgments

References

Copyright