Combining Autoencoder with Adaptive Differential Privacy for Federated Collaborative Filtering

Recommender systems provide users personalized services by collecting and analyzing interaction data, undermining user privacy to a certain extent. In federated recommender systems, users can train models on local devices without uploading raw data. Nevertheless, model updates transmitted between the user and the server are still vulnerable to privacy inference attacks. Several studies adopt differential privacy to obfuscate transmitted updates, but they ignore the privacy sensitivity of recommender model components. The problem is that components closer to the original data are more susceptible to privacy leakage. To address this point, we propose a novel adaptive privacy-preserving method combining autoencoder for federated collaborative filtering, which guarantees privacy meanwhile maintaining high model performance. First, we extend the variational autoencoder (VAE) to federated settings for privacy-preserving recommendations. Additionally, we analyze the privacy risks of the variational autoencoder model in federated collaborative filtering. Subsequently, we propose an adaptive differential privacy method to enhance user privacy further. The key is to allocate less privacy budget for sensitive layers. We apply a metric based on model weights to determine the privacy sensitivity of each layer in the autoencoder. Then we adaptively allocate the privacy budget to the corresponding model layer. Extensive experiments and analysis demonstrate that our method can achieve competitive performance to non-private recommender models meanwhile providing fine-grained privacy protection.