Existing membership inference attacks (MIAs) are designed for multi-algorithm hybrid recommender systems and fail to adapt to mainstream single-algorithm hybrid recommenders that jointly model user-item interactions and attribute information. Method: This paper proposes the first reference-based, metric-learning-driven MIA tailored to such models: it generates personalized reference recommendations from the target user’s historical interactions, constructs a relative membership metric, and integrates metric learning with theoretical security analysis. Contribution/Results: The approach decouples MIA from system-architecture assumptions, achieving an average 12.7% improvement in inference accuracy across multiple real-world hybrid recommendation models. It provides a rigorous theoretical upper bound on inference error, ensuring provable robustness guarantees.

Recommender systems have been widely deployed across various domains such as e-commerce and social media, and intelligently suggest items like products and potential friends to users based on their preferences and interaction history, which are often privacy-sensitive. Recent studies have revealed that recommender systems are prone to membership inference attacks (MIAs), where an attacker aims to infer whether or not a user's data has been used for training a target recommender system. However, existing MIAs fail to exploit the unique characteristic of recommender systems, and therefore are only applicable to mixed recommender systems consisting of two recommendation algorithms. This leaves a gap in investigating MIAs against hybrid-based recommender systems where the same algorithm utilizing user-item historical interactions and attributes of users and items serves and produces personalised recommendations. To investigate how the personalisation in hybrid-based recommender systems influences MIA, we propose a novel metric-based MIA. Specifically, we leverage the characteristic of personalisation to obtain reference recommendation for any target users. Then, a relative membership metric is proposed to exploit a target user's historical interactions, target recommendation, and reference recommendation to infer the membership of the target user's data. Finally, we theoretically and empirically demonstrate the efficacy of the proposed metric-based MIA on hybrid-based recommender systems.