• <tr id="yyy80"></tr>
  • <sup id="yyy80"></sup>
  • <tfoot id="yyy80"><noscript id="yyy80"></noscript></tfoot>
  • 99热精品在线国产_美女午夜性视频免费_国产精品国产高清国产av_av欧美777_自拍偷自拍亚洲精品老妇_亚洲熟女精品中文字幕_www日本黄色视频网_国产精品野战在线观看 ?

    Generating A New Shilling Attack for Recommendation Systems

    2022-08-24 03:28:00PradeepKumarSinghPijushKantiDuttaPramanikMadhumitaSardarAnandNayyarMehediMasudandPrasenjitChoudhury
    Computers Materials&Continua 2022年5期

    Pradeep Kumar Singh,Pijush Kanti Dutta Pramanik,Madhumita Sardar,Anand Nayyar,Mehedi Masud and Prasenjit Choudhury

    1Department of Computer Science&Engineering,National Institute of Technology,Durgapur,India

    2Graduate School,Duy Tan University,Da Nang,Vietnam

    3Faculty of Information Technology,Duy Tan University,Da Nang,Vietnam

    4Department of Computer Science,College of Computers and Information Technology,Taif University,Taif,21944,Saudi Arabia

    Abstract:A collaborative filtering-based recommendation system has been an integral part of e-commerce and e-servicing.To keep the recommendation systems reliable,authentic,and superior,the security of these systems is very crucial.Though the existing shilling attack detection methods in collaborative filtering are able to detect the standard attacks, in this paper, we prove that they fail to detect a new or unknown attack.We develop a new attack model,named Obscure attack,with unknown features and observed that it has been successful in biasing the overall top-N list of the target users as intended.The Obscure attack is able to push target items to the top-N list as well as remove the actual rated items from the list.Our proposed attack is more effective at a smaller number of k in top-k similar user as compared to other existing attacks.The effectivity of the proposed attack model is tested on the MovieLens dataset, where various classifiers like SVM, J48, random forest,and na?ve Bayes are utilized.

    Keywords: Shilling attack; recommendation system; collaborative filtering;top-N recommendation;biasing;shuffling;hit ratio

    1 Introduction

    Recommendation systems are used by e-commerce companies to provide the best services to their customers by recommending items that they would like [1].Appropriate recommendations have become a challenging task in the presence of overwhelmed data.In such a scenario, the recommendation systems employ a variety of filtering techniques to retrieve useful information from a huge amount of data.A recommendation system identifies a set ofnspecific items which are supposed to be the most appealing to the user and is termed as the top-N recommendation for that user [2–4].Collaborative filtering is frequently used for recommending top-N items by considering the preferences of top-k similar users to the target user.User-based collaborative filtering techniques adopt similarity calculation to find the top-k similar users,and then the ratings given by these top-k similar users are utilized in the rating prediction for an unrated item[5].In item-based collaborative filtering techniques,several item-based top-N recommendation algorithms are proposed,which utilize the rating information of users and similarity values between items[6].The overall top-N list assures the most suitable products as it includes the best items across all the items in the system.However,the generated top-N lists by the predicted rating may be vulnerable in the presence of shilling attackers.A shilling attack involves inserting fake user profiles into a database to change the recommended top-N list of items [7].The general objective of the attacker is to bias the overall top-N list as well as the top-N recommendation of a user.

    1.1 Effects of Shilling Attacks in Collaborative Filtering Based Recommendation Systems

    Attackers may change the list of the target users’nearest neighbors.Since,in collaborative filtering based recommendation system, users get item recommendation that very much depends on their nearest neighbors.Therefore,if the neighbor list is changed by a shilling attack,the recommendation is also affected accordingly.Due to this, the non-desirable items may be recommended to the users,and the loyalty of the recommendation system may decrease significantly.To elaborate on the effect of shilling attacks in the recommendation system,let us consider the following two scenarios.

    Scenario 1:Let us assume there are four users and their rating vectors for ten items are as shown in Tab.1.Here, 0 denotes that a user did not rate the particular item, the sets of Authentic users ={U1,U2,U3,U4,U5,U6},Target users={U1,U2,U3,U4},and Attackers={U7,U8,U9,U10}.We applied the existing shilling attacks(discussed in detail in Section 2.1)on the considered dataset of Tab.1.From Tab.2,we observe that the Random,Average,and Bandwagon attacks have changed the top-3 nearest neighbors of the userU3whereas in case of the Obfuscated attack, all users’neighbors are changed exceptU2.

    Table 1:User-item rating dataset

    Table 2:Top-3 similar neighbors of the target users before and after various shilling attacks

    Scenario 2:Suppose we want to change the authentic item recommendation list of the target users.For example,let’s say,from Tab.3,the attackers aim to removeI10,insertI9,and change the preference ofI7in the recommendation list of target users.Tab.3 shows that the recommended item lists of the target users after shilling attacks.Here,we considered those items that had a predicted rating greater than or equal to 3.

    Table 3:Recommended items to the target users before and after shilling attacks

    1.2 Purpose of Developing a New Shilling Attack

    From Tab.2,it can be concluded that though the existing shilling attacks can change the target users’nearest neighbors to some extent they are not successful in every case.Here, the Obfuscated attack,proposed by Chad et al.[8],seems to have the best performance,though not optimal.Similarly,from Tabs.2 and 3,we can note that all other shilling attacks achieve the target to some extent,except Segment attack,but no attacks fulfill all the targets in the computed scenario.This opens up the scope for a new attack which can disrupt the list of nearest neighbors of any target user to the intended extent.

    1.3 Implications of a New Shilling Attack

    Attacking a system is not always ill-purposed.Attacks may be generated to test and make the system more robust and attack-proof.The positive implications and take away of a shilling attack on a recommendation system include:

    ·Although there are numerous works in the field of collaborative filtering based recommendation systems to detect shilling attacks,existing feature-based detection schemes may fail in the case of unknown attacks.An authorized person can use a new attack model as ethical hacking to reveal vulnerabilities in the collaborative filtering based recommendation system.

    ·A new shilling attack model may suggest how to protect the recommendation system,what are the attack entry points,and what can be done to improve the performance of the recommendation system from this type of attack.

    ·If a suitable item that meets the quality of Top-N recommended items is initially poorly rated or not rated at all by the users, then over time, it would eventually be removed from the recommended list.In this case,good or niche products may invisible to the consumers as they have never been reviewed or did not get a chance to get into the Top-N list for recommendation.A new shilling attack model may be used to mitigate the aforesaid condition, i.e., a long-tail problem.

    Therefore,despite the fact that the term“attack”often refers to a negative operation,a new shilling attack can be used to increase the consistency and quality of the recommendation systems.

    1.4 Contribution of This Paper

    In this paper,we generate a new attack model with unknown features and prove the failure of the known feature-based detection techniques in identifying them.The major contributions of this paper are as below:

    ·Design and generate a new shilling attack for recommender systems.

    ·Compare the biasing,shuffling,and hit ratio of different attacks on the top-N list to find the attack size.

    ·Apply feature-based attack detection schemes to the known and proposed attacks on the calculated attack size and compare the results.

    1.5 Organisation of the Paper

    The requisite theoretical backgrounds that include the basic terms related to shilling attacks,attributes/features of attackers,and the metrics for assessing the effectiveness of shilling attacks,are discussed in Section 2.Section 3 includes the related work.Section 4 represents the proposed attack model with its validation.In Section 5,an experimental analysis of the effect of the proposed attack on the recommendation system is discussed.And finally,the conclusion and future work is presented in Section 6.

    2 Theoretical Background

    The basic structure of the collaborative filtering based recommendation system is depicted in Fig.1.Data Collection,rating prediction using computed similarity,and top-N recommendation are the key components of this framework[9].

    Figure 1:Conceptual framework of collaborative filtering

    2.1 Basic Terms Related to Shilling Attacks

    An attack is launched by creating a number of fake profiles.Based on the intent,an attack could either be a push or a nuke[10].The target items are accordingly rated higher or lower than their average rating in order to have a strong impact on the weighted sum[11].The target item is usually assigned the highest(for a push attack)or the lowest rating(for a nuke attack).The attackers must mimic the behavior of the authentic users to look normal and become the nearest neighbors of the target users.The attacker’s profiles have to be designed in such a way that meets the above-mentioned requirements.

    2.1.1 Components of an Attacker’s Profile

    Every attacker’s profile is comprised of the following four parts[12]:

    Target items(IT):A singleton item whose recommendation is to be biased and is rated abnormally high(push)or low(nuke).

    Selected items(IS):A set of items whose rating is determined by a function based on the type of attack.

    Filler items (IF):A set of items randomly picked up and assigned random ratings so that the attacker apparently looks like a genuine user.

    Unrated items(IN):A set of unrated items.

    2.1.2 Standard Shilling Attacks

    Different attack models exist due to the differences in the rating functions and selection ofIFandIS.The following attacks are considered as the standard attack models in the literature[13–15].

    Random attack:IS=? andρ(i)=N(ˉr,σ2),Lam and Riedl[16]introduced this attack.Here,ISis empty, the ratings ofIFare selected randomly, and the function N(r,σ2) produces random ratings centered on the overall average rating in the rating matrix.Here,σ2represents the variance and ˉrdenotes the average rating over all items and users.N(r,σ2) denotes the Gaussian distribution, andρ(i)is the function that determines the ratings of theIF.

    Average attack:In the average attackIS=? andρ(i))=N(,σi2).The average attack is very much similar to random attack except that the ratings forIFare generated by a function of N(,σi2),and centered around the average rating of each item in the database[16].Here,σiis the standard deviation of ratings of itemiover all those users who have rated this item andis the average rating of items i over all the users who have rated this item.

    Bandwagon attack:IScontains some popular items which are assigned high ratings andρ(i) =N(,σi2).The bandwagon attack is quite similar to the random attack,except that it needs to identify a set of most popular items in a particular domain.

    Segment attack:IScontains items similar to target items andρ(i)=N(,σi2).The attack aims to increase the similarity between the target item and the items inIS.TheIScomprises of those items which are liked by the target set of users [17].They are rated with high values so that they become similar to the target items,as the target items are also given high ratings in a push attack.On the other hand,theIFare assigned low ratings to make them different from the target item.

    2.2 Attacker’s Features

    The attack profiles are usually created based on the standard attack models and hence tend to show some kind of similarity between them.Many researchers have already mentioned that it is impossible for an attacker to have complete knowledge of the rating database.

    Consequently,the attack profiles will differ statistically from those of genuine users.These differences and similarities can be expressed in terms of the attributes/features.Several attributes prevalent in the user profiles have been derived.The most common attack features generally used for detection are Rating Deviation from Mean Agreement(RDMA)[10],Weighted Deviation from Mean Agreement(WDMA)[18],Weighted Deviation from Agreement(WDA)[18],Length Variance(LENVAR)[19],Degree of Similarity (DEGSIM) [18], Filler Mean Target Difference (FMTD) [18], Filler Mean Difference (FMD), Mean-Variance (MEANVAR) [18], and Target Model Focus (TMF) [18].These attributes tend to show different patterns in the case of genuine users and attackers.Thus,they have been successfully utilized in identifying whether a profile belongs to an authentic user or an attacker.Tab.4 represents the notations used in the equations of the attribute that can be categorized into generic attributes and model-specific attributes,as shown in Tab.5.

    Table 4:Notations and their descriptions

    Table 5:Rating-based attributes and their corresponding equations

    Table 5:Continued

    2.3 Metrics Used to Check the Effectiveness of Shilling Attacks on Top-N Recommendations

    Typically,three parameters are used to assess the effect of the attacks on the top-N recommendation of the target users,as discussed below.

    Hit ratio:The hit ratio metric measures the average likelihood of a pushed item to be present in the top-N recommendation of a user[12].Let,Ru=top-N list and t={t1,t2,..,tk}be the set of target items to be pushed,and U=set of users;then for every itemti,hit ratio is calculated by Eq.(1).

    where,Hu,ti=1,ifti∈RuandHu,ti=0,otherwise.

    Biasing:In the context of the overall top-N list,a push attacker would want theITto be injected into the list,whereas a nuke attacker would like theITto be pulled down from the list.Let,t={t1,t2,..,tk}be the set of target item to push/nuke andTa=overall top-N list after an attack is generated;then the biasing value is calculated using Eq.(2).A biasing value of 1 in a push attack means the entire target items have reached the top-N list,while in a nuke attack,it denotes that all the target items have been pulled down from the list.

    where,Bi=1,ifti∈TaandBi=0,otherwise.

    Shuffling:Some attacks do not intend to push or nuke items but simply destroy the integrity of the recommendations.In the case of the overall top-N list, interchanging the positions of the items without injecting a target item deteriorates the accuracy of a recommendation system.The item ranked 1 is undoubtedly better and more preferred than the item ranked 3rdor 4th,even if they constitute the overall top-N list.Let,T be the overall top-N list before the attack andTabe the top-N list generated after an attack is launched;then,shuffling can be calculated by Eq.(3).A shuffling value of 1 denotes that all positions and hence rankings of the overall top-N items have been interchanged.

    where,Si=0,ifTi==TaiandSi=1,Ti≠Tai.

    3 Related Work

    The objective of our designed model is to create attacks that bias the overall top-N list as well as the personalized top-N recommendation of every target user and escape from the feature-based detection.The attacks described are prone to detection due to their highly correlated nature[11–20].Our model aims to reduce the DEGSIM.Instead of dropping the similarity value to-1,we just reduce it by rating the selected items with the least correlated ratings.The correlation between any two attackers based on these ratings is minimal.Hence,the combined effect of filler and selected items diminish the high correlation,i.e.,rendering low DEGSIM values.

    Paul et al.[21]mentioned that RDMA values for attackers would be high for attacks of small size,but once the attack size increases,several normal users show bigger RDMA values than the attackers.This is partly because an attack of such a large size is enough to radically increase the average rating for the target items(push)so that regular users who rated these items with the minimum rating would get an increased RDMA.Paul et al.also used the strategy of calculating DEGSIM first and segregating a set of users whose average similarity is less than half of the highest average similarity among users.The ratings of this set of users participate in calculating the average rating of each item.As the DEGSIM has been reduced in our model, the attack profiles also participate in calculating the average rating leading to a biased average value for the target items.The attack profiles do not deviate much from the average ratings rendering low RDMA values while computing.The variants of RDMA,WDMA,and WDA also give low values on account of this.

    LENVAR has been considered a critical attribute in distinguishing real users from fake ones since very few real users would rate anything close to all the items available [19].Since attackers hold no knowledge about the average length of a profile, they create lengthy profiles.It is highly anomalous that an authentic user would rate so many items manually.Attackers can still derive the number of items that are present in the system.We exploit this information to create profiles whose length is less than half the number of items in the system.This significantly reduces the LENVAR.We observe that reducing the filler items below a certain level reduces the attack effect,which means the attackers fail to become the nearest neighbors of the target users.Therefore,we constrain the number of filler items up to that level where the profile length is considerably less than the number of items,but it renders a good hit ratio at the same time.If the attack was only intended to bias the overall top-N items list,the profile length could be reduced to any length without a constraint as filler items do not play a major role in this context.

    The attack feature called MEANVAR and its variant FMTD help to detect average attacks where the filler items are rated with a normal distribution centred around the mean rating of each filler item leading to very little difference between their ratings and the average ratings of the corresponding items.

    For MEANVAR, every profile is searched for items with extreme ratings, which are labeled as target items for that profile.The remaining ones constitute the filler items.As target items in our model do not have extreme ratings,they will be labeled as filler items along with the selected items.The ratings of target and selected items will exhibit a greater deviation from their corresponding average ratings.Though the filler items will have less variance from their average ratings,the overall MEANVAR will increase due to the presence of the target and the selected items in the group.

    For FMTD, every profile will be partitioned intoPu,TandPu,F(xiàn)[18].The difference between the target and filler items will be reduced since the target items in our model are not given extreme values,rendering low FMTD values for the attackers.

    TMF works on the insight that an attack cannot be launched using a single attack profile.To push or nuke an item,several attack profiles are needed to rate the target item as a group.As already mentioned,the target items in our model will escape suspicion due to non-extreme ratings.In addition,the disguised items will play their part.Owing to their peak ratings,they get wrongly suspected and labeled as target items.The policy that two attackers can share disguised items,but no three attackers can share any,yields uncommon target items between attackers.This disrupts the effectiveness of this attribute.

    Zhou et al.[22] suggested a method for detecting shilling attacks based on the assumption of a negative correlation among group users at various time periods.Lam and Riedl[16]investigated the answers to a few questions that could be useful in detecting attacks.The following are the questions:what algorithm is utilized to implement the recommendation system? Where is it utilized as an application?How can recommender system operators identify attacks?What properties do things with attackable properties have?Shriver et al.[23]developed a fuzzy-based model to test the recommender system’s stability.For the evaluation of the recommendation system,Bansal and Baliyan[24]employed only segment attacks.

    Our research differs significantly from the previously stated works.Instead of giving a method to detect existing shilling attacks,it provides a future opportunity to improve the efficacy or discover the limitations of the recommendation system by proposing a new shilling attack.Furthermore,unlike the aforementioned works that only use some of the attacks;this study examines feature-based shilling attacks as well as the unknown attack.

    The closest to the presented work in this paper is of the Obfuscating attack where attackers inject their fallacious profiles into the recommendation system.These camouflaged profiles impersonate as genuine profiles, which confuse the attack detection schemes and are difficult to detect.Though the Obfuscating attack is very much effective to bias the recommendation process by disrupting the recommendation system,it is not so effective in a targeted attack.

    4 Experimental Design of the Proposed Obscure Attack Model

    Following the direction obtained from the concluding observations in Section 3, we designed a new attack model,where the popularly known attack features,as discussed in Section 2.2,lose their effectiveness in detecting it.We named the attack as the Obscure attack.In this section, we present the theoretical concepts and step-by-step procedure for generating the proposed Obscure attack,and afterward,we validate the effectivity of it.

    4.1 Theoretical Consideration of the Obscure Attack

    An Obscure attack consists of an additional set of items called the disguised items (ID).The selection and ratings of theIFand theISfollow a different methodology from that of the standard attacks and the Obfuscated attack.Although our designed attack model hides the known attack features as the Obfuscated model does,it has a different design that aims to bias the overall top-N list of the target users.Tab.6 identifies the notations used in the generation of Obscure attack, whereas Tab.7 shows the structure of an Obscure attack model.

    Table 6:List of notations

    Table 7:An attack profile of an Obscure attack model

    The algorithm for generating the Obscure attack is divided into the following steps:

    1) Target item and target user selection:Our aim is to bias the overall top-N list.For this,some high-ranked items from the overall top-N list are selected as the target items in a nuke attack,and some low-ranked items are selected in a push attack.Unlike the standard attack profiles,which assign peak ratings to target items, we rate the target items randomly with 3 or 4 in a push attack,and similarly,the target items are rated randomly with 2 or 3 in a nuke attack.This strategy is followed as users assigning peak ratings are most likely to be suspected as attackers.In contrast,in the Obfuscated attack,the target shifting is done by reducing the rating of the target item by one step from the maximum rating in a push attack and raising the rating of the target item by one step in a nuke attack.

    2) Generation of filler items:In order to become the nearest neighbors of the target users(UT),the attackers need to mimic their behavior in rating theTsimitems.Hence,Tsimforms theIF.TheIFfor each attacker are selected and rated randomly from a normal distribution centered on the mean rating of each item.TheTsimitems make the attackers appeared to be genuine users.The generation of target and filler item ratings is shown in Algorithm 1.

    Algorithm 1:Generation of target and filler item ratings Input:User-item rating dataset.(Continued)

    Output:List of target and filler item and ratings.1.for i=1 to n do 2.for j=1 to|T|do 3.if attacktype==PUSH 4.ri,tj =randomly selected from[3,4]//Rating the target item for a push attack 5.else 6.ri,tj =randomly selected from[2,3]//Rating the target item for a nuke attack 7.IF =randomly selected from Tsim//Rating the filler items 8.for k=1 to|IF|do 9.ri,IFk =randomly generated from N(rIFk ,σIFk 2)

    3) Generation of selected items:The selected items play a significant role in our designed attack model.SinceTDsimare dissimilar items,the attackers do not require to copy the behavior ofUTusers in rating these items.Therefore, these items are utilized to create dissimilarity among the attackers.These items are rated in such a way so that the attackers have a minimum correlation between them based on the ratings ofTDsimitems.We use the Cholesky factorization to generate such least correlated ratings,as shown in Algorithm 2[4].

    Algorithm 2:Cholesky Factorization of the identity matrix Input:Identity matrix of size(n)Output:A lower triangular matrix L 1.Initialize l11=■a11 2.for k=2,3,...,n do 3.for i=1 to k-1 do 4.lki =aki-images/BZ_732_579_1627_605_1652.pngi-1 j=1 lijlkjimages/BZ_732_481_1715_519_1761.pngimages/BZ_732_519_1728_550_1774.pnglii akk-k-1images/BZ_732_670_1758_718_1804.pngimages/BZ_732_778_1728_809_1774.png5.lkk =j=1l2kj

    The purpose of the selected items was to reduce the similarity between the attackers.The attackers will have a zero correlation based on their ratings of selected items.Hence,the correlation matrix of attackers based on selected items will be an identity matrix I,denoting that every attacker has a zero correlation with other attackers and a correlation of 1 with itself.Every attacker has to rate all selected items;hence,the ratings of selected items will be generated as a matrix of size|IS|x n.

    Let,n be the number of attackers andISbe the set of items apart from the target and filler items whose average rating falls in the range of 2 and 3.It forms the set of selected items.The correlation matrix I of size n x n is a positive definite matrix and defined by Eq.(4).

    A matrix,Selecteditemsof size ISx n is generated,where all ratings are randomly picked up from 2 and 3.Here,uncorrelated ratings of selected items,S=Selecteditems×L.

    4)Generation of disguised items:To conceal the identity of the attackers,we create a set of disguised items to which the attackers assign extreme ratings.This set consists of some high-rated items and some least rated items apart from the target items.The high-rated items are rated with 5,while the least rated items are rated with 1.Every attacker rates not more than two or three disguised items.A strategy is followed where two attackers can share the disguised items,but no three attackers can share any such item.The procedure for generating the disguised items is given in Algorithm 3.

    Algorithm 3:Generation of disguised items Input:User-item rating dataset Output:List of disguised item and rating 1.for i=1 to n do 2.di ={}3.x=randomly pick up one value from{1,2,3}4.for j=1 to x do 5.d=randomly select one item from D 6.di = di ∪d 7.if i>2 then 8.for k=1 to i do 9.for s=1 to i do 10.if(di ∩dk ∩ds)≠? then 11.Goto step 10

    4.2 Generating the Obscure Attack

    To generate the proposed Obscure attack, we used the dataset given in Tab.1.To attain the assumption of Section 1(Scenario 2),we assume IT={I1,I2},IF={I5,I6, I7},IS={I8,I9},ID={I3,I4},and IN={I10}.The following steps are followed to generate an Obscure attack.

    Step 1:All attackers give 2 or 3 ratings randomly to IT.Tab.8 shows the ratings of attackers on IT.

    Table 8:Ratings of target items

    Step 2:Here, I8and I9are considered as the selected items.The following steps were follwed to generate the ratings of selected items.

    a) Calculate the Correlation matrix(C),as shown in Tab.9.

    b) Generate a 2x4 matrix (no.of selected items=2 and no.of attackers=4) whose values are randomly in between the interval(1,4).

    c) Multiply the Cholesky factorization of C with the matrix generated in step(b).

    d) Take the transpose of the resultant matrix,which is obtained in step(c).After that,we get the final ratings of selected items,as shown in Tab.10.

    Table 9:Correlation matrix of attackers

    Table 10:Ratings of selected items

    Step 3:Here,we consider I5,I6,and I7as the filler items.For item I5,mean=4,σ=0.57,and the Gaussian distribution generates the ratings of attackers for I5,as shown in Tab.11.Similarly,we can compute the ratings of attackers for items I6and I7.

    Table 11:Ratings of filler items

    Step 4:For the ratings of disguised items I3and I4,we have to notice that no three attackers rate the same items.Attackers give a high rating to I3and low ratings to I4because based on the ratings,I3gets a greater number of high ratings than I4.The resultant ratings of disguised items are shown in Tab.12.

    Table 12:Rating of disguised items

    Step 5:However,I10is considered in an INset;therefore,no attackers rate I10.

    After applying all steps(steps 1 to 5),the resultant ratings of all attackers for all items are shown in Tab.13.

    Table 13:Ratings of the attackers using Obscure attack

    4.3 Validation of the Proposed Obscure Attack

    To show the efficacy of the Obscure attack, Tab.14 shows the top-3 similar users of the target items,and the recommended items,before and after the attack.From the table,we note that all target users have modified their top-3 similar neighbors after using Obscure attacks, while other shilling attacks fail.Other than that,in the Obscure attack,our predefined assumption is fulfilled.

    Table 14:Top-3 similar neighbors of the target users and the recommended items before and after the Obscure attack

    5 Experimental Analysis of the Effect of the Proposed Attack on Recommendation System

    We collected the MovieLens dataset to provide a generalized solution that detects all types of attacks.The collected dataset is found to be attack-free due to the non-existence of any standard attack features.Therefore, it can be concluded that the MovieLens dataset contains only the ratings of the authentic users.This dataset consists of 943 users, 1682 movies, and 1,00,000 ratings [25–27].These ratings are integer values between 1 and 5,where 1 denotes the lowest rating and 5 denotes the highest rating.Every user has given ratings to at least 20 movies.

    The experimental results are divided into the following two phases:

    a) Phase 1:In this phase,we show the biasing and shuffling effects of the standard attack model(such as random,average,bandwagon,and segment attack)and the new attacks(Obfuscated attack and our designed Obscure attack).

    b) Phase 2:In this phase, we use the same attack size as like as phase 1 and compare the experimental results using Binary classifiers, trained with known attacks and tested with the known and unknown attacks.

    The standard metrics such as precision and recall have been used to measure the performance of different attacks.These metrics are calculated using Eqs.(2)and(3).

    where, TP (true positive) is the number of attack profiles correctly classified as attackers, FP (false positive)is the number of authentic profiles wrongly classified as attackers,and FN(false negative)is the number of attack profiles wrongly classified as authentic users[13].

    In addition to that, we computed the hit ratio values after the detection process has been performed.

    5.1 Comparison of the Biasing,Shuffling,and Hit Ratio of Different Attacks on the Overall Top-N List

    We generated different sizes of standard attacks of the push type.The biasing and shuffling effect of these different sizes of attacks create changes in the overall top-N list for recommendation.The attack sizes are gradually incremented to obtain the threshold tswhere the values of biasing,shuffling,and hit ratio become 1.

    Fig.2 compares the biasing,shuffling,and hit ratio of standard attacks on the overall top-N list.The biasing value and shuffling value of all standard attacks reach 1, at 25% and 20% attack sizes,respectively.We use a maximum 25%attack size for plotting the results of hit ratio and different filler sizes of standard attack because biasing and shuffling both values will reach 1.Hence,F(xiàn)ig.2 represents the hit ratio of all attacks at different attack sizes across various filler sizes.

    5.2 Comparative Analysis of Obscure Attack with Other Shilling Attacks

    For training and testing,the dataset is divided into 60%-40%,respectively.In the training process,the binary classifiers are trained with the ratings given by authentic users and known attackers,which are labeled as authentic and attacker, respectively.The testing process contains the test set, which comprises ratings given by the authentic users and the known and unknown attackers.

    The classifier detects the authentic users,attackers,and the effect of attacks on the top-N list of recommendations,on the test dataset using precision,recall,and hit ratio.Tab.15 shows the precision,recall,and hit ratio of different classifiers on the detection of various attacks across four different filler sizes(such as 15%,20%,25%,and 40%).All classifiers provide a decent result in feature-based attack detection due to high precision,high recall values,and low hit ratio across four different filler sizes.But for the unknown attacks,all the classifiers attained low recall value and high hit ratio.Low recall value denotes the low detection rate of attackers from the test dataset, and high hit ratio represents the more effect on the top-N recommendation list.From Tab.15,it can be observed that the Obscure attack provides more effect on the top-N list than the Obfuscated attack at 40%filler size for all the classifiers.The Obscure attack works better than the Obfuscated attack in escaping attack detection.

    Figure 2:Biasing and Shuffling effects and the hit ratio of the standard attacks across various filler sizes on the overall top-N list

    Table 15:Comparing detectability of Obscure attack with other attacks at different attack size across various filler sizes based on precision(P),recall(R),and hit ratio(H)

    Table 15:Continued

    For further evaluation, we computed the accuracy of the attack detection when the models are trained and tested with the ratings of users under various scenarios.The accuracy (%) of attack detection is defined by Eq.(7).

    Fig.3 portrays the accuracy of four different classifiers on the feature-based detection of different known and unknown attacks.It can be clearly observed that all classifiers obtain high detection accuracy on feature-based detection schemes at different filler sizes,whereas the detection accuracy is significantly decreased in case of unknown attacks.It can be observed that the detection accuracy of the Obscure attack is lowest compared to all other attacks.

    Figure 3:Detection accuracy of different attacks(known and unknown)

    6 Conclusion and Future Work

    Due to their effectiveness and popularity, recommendation systems have been the target of the attackers.They use shilling attacks to disrupt the list of recommendable items.The malicious user profiles created by the attackers closely match with the real users.To keep the recommendation systems reliable,the authenticity and security of these systems are very crucial.

    In this paper,we generated a new attack model with unknown features and proved that though the existing shilling attack detection methods can detect the standard shilling attacks,they fail to detect the new attacks with unknown features.Our proposed attack is more effective compared to other existing attacks.

    This paper measures the rating pattern of the attackers and the authentic users based on standard attack features.We considered only three attackers with the same ratings for a particular item.Due to this,our proposed Obscure attack may have little more computational complexity compared to other standard shilling attacks.However,this should not be a serious issue because the attacker’s profiles are usually generated offline.

    In future,two possible solutions to improve the detection of unknown attacks can be thought of.The first is to train the classifier with the ratings of the trustworthy users,which can be obtained by applying different attack features on the rating dataset.A user profile will be considered malicious if it does not belong to the class of trustworthy users.The second is to use rated item correlation as a feature in attack detection.In this case, a user may be considered as the attacker if its rated item correlation is different from the real users.

    Funding Statement:Funding is provided by Taif University Researchers Supporting Project number(TURSP-2020/10),Taif University,Taif,Saudi Arabia.

    Conflicts of Interest:The authors declare that they have no conflicts of interest to report regarding the present study.

    80岁老熟妇乱子伦牲交| 日日摸夜夜添夜夜爱| 久久久久久久精品精品| 黄色视频在线播放观看不卡| av在线老鸭窝| 全区人妻精品视频| 人人妻人人澡人人看| 国产男女内射视频| 下体分泌物呈黄色| av黄色大香蕉| 欧美日韩综合久久久久久| 男人舔奶头视频| 亚洲av男天堂| 美女福利国产在线| 久久久久久久大尺度免费视频| 国产av一区二区精品久久| 全区人妻精品视频| 亚洲自偷自拍三级| 日韩免费高清中文字幕av| 极品教师在线视频| 精品人妻熟女毛片av久久网站| 亚洲精品aⅴ在线观看| 日本wwww免费看| 亚洲国产精品一区三区| 韩国高清视频一区二区三区| 午夜福利,免费看| 大陆偷拍与自拍| 亚洲天堂av无毛| 亚洲精品国产色婷婷电影| 国产亚洲精品久久久com| 亚洲国产成人一精品久久久| 岛国毛片在线播放| 国产欧美日韩综合在线一区二区 | 国语对白做爰xxxⅹ性视频网站| 欧美成人精品欧美一级黄| 久久毛片免费看一区二区三区| 国产亚洲5aaaaa淫片| 欧美亚洲 丝袜 人妻 在线| 五月玫瑰六月丁香| 一本久久精品| 久久久久久久亚洲中文字幕| 三级国产精品欧美在线观看| 又粗又硬又长又爽又黄的视频| 人妻人人澡人人爽人人| 日本91视频免费播放| 女人久久www免费人成看片| 在线观看免费日韩欧美大片 | 国产精品久久久久成人av| 另类精品久久| 亚洲美女搞黄在线观看| 最黄视频免费看| av国产久精品久网站免费入址| 亚洲精品国产色婷婷电影| 国产一区亚洲一区在线观看| 少妇被粗大猛烈的视频| 观看av在线不卡| 国产精品偷伦视频观看了| 国产亚洲5aaaaa淫片| 亚洲熟女精品中文字幕| 在线观看免费日韩欧美大片 | 欧美最新免费一区二区三区| 精品久久久久久久久亚洲| 国产精品一区二区在线不卡| 欧美3d第一页| 国产在线视频一区二区| 免费播放大片免费观看视频在线观看| 好男人视频免费观看在线| 中文字幕免费在线视频6| 内射极品少妇av片p| 国产极品天堂在线| 国产在视频线精品| 中文在线观看免费www的网站| 久久国产精品大桥未久av | 涩涩av久久男人的天堂| 大话2 男鬼变身卡| 欧美另类一区| 亚洲精品第二区| 久久这里有精品视频免费| 亚洲精品aⅴ在线观看| 又粗又硬又长又爽又黄的视频| 99久久精品国产国产毛片| 免费黄频网站在线观看国产| 亚洲第一区二区三区不卡| 亚洲av.av天堂| videossex国产| 高清毛片免费看| 黄色配什么色好看| www.色视频.com| 亚洲高清免费不卡视频| 在线观看一区二区三区激情| 男女啪啪激烈高潮av片| 99九九线精品视频在线观看视频| 欧美xxxx性猛交bbbb| av线在线观看网站| 精品国产乱码久久久久久小说| 丝袜喷水一区| 老司机影院成人| 精品99又大又爽又粗少妇毛片| 国产在线男女| 最近中文字幕2019免费版| 日产精品乱码卡一卡2卡三| 国产成人精品婷婷| 亚洲婷婷狠狠爱综合网| av女优亚洲男人天堂| 在线亚洲精品国产二区图片欧美 | 天美传媒精品一区二区| 综合色丁香网| 午夜福利影视在线免费观看| 一级av片app| 久久久国产欧美日韩av| 久久婷婷青草| 中文字幕久久专区| 午夜免费男女啪啪视频观看| 久久精品国产亚洲av涩爱| 久久鲁丝午夜福利片| 99视频精品全部免费 在线| 国产精品久久久久久久电影| 国产黄色免费在线视频| 亚洲天堂av无毛| 最新中文字幕久久久久| 一级毛片 在线播放| 天堂8中文在线网| 亚洲欧美中文字幕日韩二区| 欧美精品亚洲一区二区| 如何舔出高潮| 欧美老熟妇乱子伦牲交| 欧美日韩综合久久久久久| 精品国产乱码久久久久久小说| 男女边吃奶边做爰视频| 性色avwww在线观看| 亚洲欧美日韩另类电影网站| 国产日韩欧美亚洲二区| 成人免费观看视频高清| 国产午夜精品久久久久久一区二区三区| 国产极品粉嫩免费观看在线 | 日韩欧美 国产精品| 欧美bdsm另类| 精品久久久久久久久av| 久久国产亚洲av麻豆专区| 久久久久久久国产电影| 熟女电影av网| 精品午夜福利在线看| 亚洲,一卡二卡三卡| 国产美女午夜福利| 老女人水多毛片| 亚洲第一区二区三区不卡| 午夜久久久在线观看| av女优亚洲男人天堂| 国产乱人偷精品视频| 免费看光身美女| 内射极品少妇av片p| 国产成人免费无遮挡视频| 一二三四中文在线观看免费高清| 亚洲人与动物交配视频| 亚洲国产精品国产精品| 乱码一卡2卡4卡精品| 久久精品熟女亚洲av麻豆精品| 夜夜爽夜夜爽视频| 午夜视频国产福利| 看免费成人av毛片| 日韩欧美 国产精品| 成人国产麻豆网| 午夜久久久在线观看| 国产成人免费无遮挡视频| 国产精品嫩草影院av在线观看| 性色av一级| 国产色爽女视频免费观看| 欧美老熟妇乱子伦牲交| 亚洲成人av在线免费| 汤姆久久久久久久影院中文字幕| 亚洲在久久综合| 秋霞在线观看毛片| 久热久热在线精品观看| 欧美一级a爱片免费观看看| 成人免费观看视频高清| 亚洲美女视频黄频| 色婷婷久久久亚洲欧美| 精品亚洲成a人片在线观看| 精品一品国产午夜福利视频| 日韩亚洲欧美综合| 免费少妇av软件| 国产av精品麻豆| 国产免费一级a男人的天堂| 99热国产这里只有精品6| av在线播放精品| 丁香六月天网| 丰满饥渴人妻一区二区三| 在线观看一区二区三区激情| 岛国毛片在线播放| 色网站视频免费| 女人精品久久久久毛片| √禁漫天堂资源中文www| 在线观看免费高清a一片| 丝袜在线中文字幕| 午夜免费男女啪啪视频观看| 午夜福利网站1000一区二区三区| 国产精品国产三级国产av玫瑰| av国产精品久久久久影院| 一区二区三区乱码不卡18| 欧美xxxx性猛交bbbb| 国产淫片久久久久久久久| 丁香六月天网| a级毛片在线看网站| 色视频在线一区二区三区| 亚洲av在线观看美女高潮| 欧美精品一区二区大全| 91久久精品国产一区二区成人| 欧美一级a爱片免费观看看| 自拍偷自拍亚洲精品老妇| 久久国产亚洲av麻豆专区| 夜夜爽夜夜爽视频| 街头女战士在线观看网站| 毛片一级片免费看久久久久| 成人美女网站在线观看视频| 精品国产乱码久久久久久小说| 国产精品熟女久久久久浪| 日韩欧美一区视频在线观看 | 老司机亚洲免费影院| 亚洲欧美成人精品一区二区| 五月玫瑰六月丁香| 极品教师在线视频| 亚洲一区二区三区欧美精品| 久久97久久精品| 亚洲av成人精品一区久久| 蜜臀久久99精品久久宅男| 大片免费播放器 马上看| a级一级毛片免费在线观看| 看非洲黑人一级黄片| 亚洲精品日本国产第一区| 久久精品国产亚洲av涩爱| 久久久久视频综合| 中文字幕免费在线视频6| 三级国产精品欧美在线观看| 精品少妇内射三级| 国产伦精品一区二区三区四那| 久久精品国产自在天天线| 久久久久网色| 亚洲,欧美,日韩| 免费不卡的大黄色大毛片视频在线观看| 日韩一区二区三区影片| 亚洲av日韩在线播放| 免费观看性生交大片5| 国产无遮挡羞羞视频在线观看| 国产精品人妻久久久久久| 22中文网久久字幕| 精品午夜福利在线看| 一级毛片我不卡| 91成人精品电影| 亚洲精品日韩在线中文字幕| 国产精品久久久久成人av| 国产精品99久久久久久久久| 国产男女内射视频| videos熟女内射| 在线观看av片永久免费下载| 国产精品免费大片| 国内揄拍国产精品人妻在线| 久久久亚洲精品成人影院| 国产精品熟女久久久久浪| 亚洲情色 制服丝袜| 国产视频内射| 夜夜爽夜夜爽视频| 久久久久久久久久成人| 亚洲精品亚洲一区二区| 一级毛片久久久久久久久女| 成人二区视频| 国产高清不卡午夜福利| 国产国拍精品亚洲av在线观看| 大香蕉97超碰在线| 亚洲图色成人| 亚洲欧美精品自产自拍| 一本—道久久a久久精品蜜桃钙片| 国产免费视频播放在线视频| 亚洲国产成人一精品久久久| 麻豆成人av视频| 亚洲精品乱码久久久久久按摩| 亚洲欧洲精品一区二区精品久久久 | 亚洲成色77777| 在线观看免费日韩欧美大片 | 一级二级三级毛片免费看| 国产精品国产三级国产专区5o| 夜夜爽夜夜爽视频| 欧美最新免费一区二区三区| 成年av动漫网址| 欧美人与善性xxx| 亚洲欧美精品自产自拍| 哪个播放器可以免费观看大片| 久久99热这里只频精品6学生| 啦啦啦啦在线视频资源| 看免费成人av毛片| 色吧在线观看| 欧美xxxx性猛交bbbb| 欧美+日韩+精品| 亚洲美女视频黄频| 国产成人a∨麻豆精品| 亚洲欧美中文字幕日韩二区| 欧美一级a爱片免费观看看| 日韩熟女老妇一区二区性免费视频| 男女啪啪激烈高潮av片| 中国三级夫妇交换| 久久影院123| 99久久精品国产国产毛片| 熟妇人妻不卡中文字幕| 国产毛片在线视频| 在线观看av片永久免费下载| 女人精品久久久久毛片| 丰满迷人的少妇在线观看| 高清欧美精品videossex| 亚洲人成网站在线播| 国产精品人妻久久久久久| 免费观看av网站的网址| 草草在线视频免费看| 丰满迷人的少妇在线观看| 简卡轻食公司| av在线老鸭窝| 女人久久www免费人成看片| 最新的欧美精品一区二区| 爱豆传媒免费全集在线观看| 99re6热这里在线精品视频| 久久鲁丝午夜福利片| 伊人亚洲综合成人网| www.色视频.com| 国产日韩一区二区三区精品不卡 | 少妇高潮的动态图| 日本午夜av视频| 国产精品女同一区二区软件| 人妻少妇偷人精品九色| 国产av一区二区精品久久| 精品人妻偷拍中文字幕| 伦理电影免费视频| 在线观看www视频免费| 免费看不卡的av| 日日啪夜夜撸| 精品久久久久久久久av| 女性被躁到高潮视频| 又黄又爽又刺激的免费视频.| 精品熟女少妇av免费看| 伦理电影免费视频| 久久精品国产亚洲av天美| 日本黄大片高清| 中国国产av一级| 丝袜在线中文字幕| 制服丝袜香蕉在线| 日韩成人av中文字幕在线观看| 日本91视频免费播放| 黄片无遮挡物在线观看| 国产成人免费无遮挡视频| 又黄又爽又刺激的免费视频.| 免费观看av网站的网址| 日韩av免费高清视频| 丰满饥渴人妻一区二区三| 青春草视频在线免费观看| 最黄视频免费看| 啦啦啦视频在线资源免费观看| 欧美丝袜亚洲另类| h日本视频在线播放| 亚洲av男天堂| 99久久精品国产国产毛片| 成年女人在线观看亚洲视频| 久久av网站| 最新的欧美精品一区二区| 久久午夜综合久久蜜桃| 国产爽快片一区二区三区| 国产精品偷伦视频观看了| 在线免费观看不下载黄p国产| 两个人的视频大全免费| 欧美日韩av久久| 三级国产精品欧美在线观看| 亚洲国产色片| 纵有疾风起免费观看全集完整版| 曰老女人黄片| 高清黄色对白视频在线免费看 | 天堂中文最新版在线下载| 午夜老司机福利剧场| 久久久国产精品麻豆| 视频中文字幕在线观看| 精品少妇黑人巨大在线播放| 搡老乐熟女国产| 成人美女网站在线观看视频| 久久人人爽人人爽人人片va| 日韩精品免费视频一区二区三区 | 国产伦理片在线播放av一区| 久久99精品国语久久久| 在线天堂最新版资源| 精华霜和精华液先用哪个| 久久韩国三级中文字幕| 午夜免费观看性视频| 日韩人妻高清精品专区| 一级a做视频免费观看| 亚洲国产色片| 九草在线视频观看| 国产亚洲91精品色在线| 国产乱来视频区| 亚洲性久久影院| 我的女老师完整版在线观看| 少妇 在线观看| 女人久久www免费人成看片| av又黄又爽大尺度在线免费看| 啦啦啦啦在线视频资源| 欧美日韩一区二区视频在线观看视频在线| 美女内射精品一级片tv| 美女脱内裤让男人舔精品视频| 欧美日韩国产mv在线观看视频| 夫妻性生交免费视频一级片| 99久久精品国产国产毛片| 亚洲欧美精品自产自拍| 水蜜桃什么品种好| 国产精品偷伦视频观看了| 欧美丝袜亚洲另类| 久久精品国产自在天天线| 成年av动漫网址| 九九久久精品国产亚洲av麻豆| 十八禁高潮呻吟视频 | 久久精品久久久久久久性| 深夜a级毛片| 嘟嘟电影网在线观看| 看非洲黑人一级黄片| 高清毛片免费看| 色婷婷av一区二区三区视频| 99热这里只有是精品50| 免费av中文字幕在线| 国产精品人妻久久久久久| 9色porny在线观看| 久久鲁丝午夜福利片| 91精品伊人久久大香线蕉| 人人妻人人澡人人爽人人夜夜| 午夜老司机福利剧场| 欧美xxⅹ黑人| 97精品久久久久久久久久精品| 久久免费观看电影| 日韩 亚洲 欧美在线| av网站免费在线观看视频| 国产成人aa在线观看| 日韩欧美 国产精品| 国产精品一区www在线观看| 男的添女的下面高潮视频| 国产黄色视频一区二区在线观看| 只有这里有精品99| 亚洲人成网站在线播| 免费播放大片免费观看视频在线观看| 亚洲精品一区蜜桃| 国产男人的电影天堂91| 蜜桃在线观看..| 校园人妻丝袜中文字幕| 欧美激情极品国产一区二区三区 | 国产精品一区二区在线不卡| 久久鲁丝午夜福利片| 好男人视频免费观看在线| av.在线天堂| 人妻少妇偷人精品九色| 亚洲美女黄色视频免费看| 久久久久久久大尺度免费视频| 一本色道久久久久久精品综合| 人妻系列 视频| 只有这里有精品99| 蜜桃久久精品国产亚洲av| 我的女老师完整版在线观看| 大又大粗又爽又黄少妇毛片口| 国产亚洲最大av| 十八禁网站网址无遮挡 | 国产成人精品久久久久久| 国精品久久久久久国模美| 国产毛片在线视频| 午夜福利,免费看| 最黄视频免费看| 麻豆乱淫一区二区| 精品国产乱码久久久久久小说| 嫩草影院入口| 成年女人在线观看亚洲视频| 人人妻人人澡人人看| 久久99热6这里只有精品| 国产有黄有色有爽视频| 久久人人爽av亚洲精品天堂| 国产一区有黄有色的免费视频| 九九久久精品国产亚洲av麻豆| 久久久久久久亚洲中文字幕| 国产高清国产精品国产三级| 精品酒店卫生间| 春色校园在线视频观看| 天天躁夜夜躁狠狠久久av| 另类精品久久| 一级毛片 在线播放| 99久久精品一区二区三区| 综合色丁香网| 最近中文字幕2019免费版| 夜夜骑夜夜射夜夜干| 国产男女超爽视频在线观看| 亚洲av成人精品一二三区| 免费av中文字幕在线| 国产日韩欧美视频二区| 国产av码专区亚洲av| 日本av手机在线免费观看| 国产精品不卡视频一区二区| 日韩中文字幕视频在线看片| 乱人伦中国视频| 国产成人免费观看mmmm| 高清毛片免费看| 国产欧美日韩综合在线一区二区 | 亚洲av综合色区一区| 欧美日韩一区二区视频在线观看视频在线| 久久久久久久精品精品| av视频免费观看在线观看| 九色成人免费人妻av| tube8黄色片| 亚洲伊人久久精品综合| 亚洲av不卡在线观看| 美女主播在线视频| 亚洲国产毛片av蜜桃av| 久久ye,这里只有精品| 性高湖久久久久久久久免费观看| 亚洲欧美清纯卡通| 精品国产一区二区三区久久久樱花| 国产淫片久久久久久久久| 免费人妻精品一区二区三区视频| 蜜桃久久精品国产亚洲av| 又粗又硬又长又爽又黄的视频| 麻豆成人av视频| 精品久久久精品久久久| 午夜日本视频在线| 中文字幕免费在线视频6| 免费不卡的大黄色大毛片视频在线观看| 国产精品国产av在线观看| 亚洲色图综合在线观看| 亚洲欧美一区二区三区黑人 | 久久免费观看电影| 国产中年淑女户外野战色| 看非洲黑人一级黄片| 日韩视频在线欧美| 日本爱情动作片www.在线观看| 久久人妻熟女aⅴ| 国产亚洲一区二区精品| 成人国产av品久久久| 在线观看国产h片| 日韩,欧美,国产一区二区三区| 亚洲va在线va天堂va国产| 日韩av不卡免费在线播放| 免费黄网站久久成人精品| 国产精品免费大片| 亚洲中文av在线| a 毛片基地| 国内揄拍国产精品人妻在线| a级一级毛片免费在线观看| 91久久精品国产一区二区成人| 欧美精品一区二区大全| 精品99又大又爽又粗少妇毛片| 国产亚洲欧美精品永久| 高清视频免费观看一区二区| 欧美 亚洲 国产 日韩一| 欧美日韩在线观看h| 丝袜喷水一区| 一级毛片电影观看| 国产白丝娇喘喷水9色精品| videossex国产| 高清午夜精品一区二区三区| 欧美精品亚洲一区二区| 99久久精品热视频| 97超碰精品成人国产| 欧美日韩国产mv在线观看视频| 男人舔奶头视频| 高清在线视频一区二区三区| av天堂久久9| 九九在线视频观看精品| 人妻系列 视频| 18禁裸乳无遮挡动漫免费视频| 久久久久久久久久成人| 国产老妇伦熟女老妇高清| 国产一区二区在线观看日韩| 久热这里只有精品99| 精品卡一卡二卡四卡免费| 国产精品国产三级专区第一集| 老女人水多毛片| 午夜免费鲁丝| 午夜福利网站1000一区二区三区| 国产爽快片一区二区三区| a级毛片免费高清观看在线播放| 国产高清不卡午夜福利| 久久精品久久久久久久性| xxx大片免费视频| 大香蕉久久网| 亚洲精品第二区| 桃花免费在线播放| 久久精品国产亚洲av涩爱| 亚洲丝袜综合中文字幕| 日本wwww免费看| 亚洲欧美成人精品一区二区| 99久久精品国产国产毛片| 免费观看a级毛片全部| av专区在线播放| 毛片一级片免费看久久久久| 日产精品乱码卡一卡2卡三| 国产精品麻豆人妻色哟哟久久| 综合色丁香网| 美女大奶头黄色视频| 国产在线一区二区三区精| 亚洲情色 制服丝袜| 高清黄色对白视频在线免费看 | 中文精品一卡2卡3卡4更新| av有码第一页| 免费在线观看成人毛片| 色吧在线观看| 久久鲁丝午夜福利片| 最近的中文字幕免费完整| 成人国产av品久久久| 国产高清不卡午夜福利| 妹子高潮喷水视频| 中文精品一卡2卡3卡4更新| 久久久久久久久久久免费av| a级毛色黄片| 欧美精品国产亚洲| 国产黄片美女视频| 性色av一级| 亚洲内射少妇av| 精品国产一区二区三区久久久樱花| 国产精品伦人一区二区| 国产精品三级大全| 精品国产一区二区三区久久久樱花|