Revisiting injective attacks on recommender systems
AUTHORs: 
Haoyang Li, Shimin Di, Lei ChenAuthors Info & Claims
Haoyang Li, Shimin Di, Lei ChenAuthors Info & ClaimsArticle No.: 2174, Pages 29989 - 30002
Abstract
Recent studies have demonstrated that recommender systems (RecSys) are vulnerable to injective attacks. Given a limited fake user budget, attackers can inject fake users with carefully designed behaviors into the open platforms, making RecSys recommend a target item to more real users for profits. In this paper, we first revisit existing attackers and reveal that they suffer from the difficulty-agnostic and diversity-deficit issues. Existing attackers concentrate their efforts on difficult users who have low tendencies toward the target item, thus reducing their effectiveness. Moreover, they are incapable of affecting the target RecSys to recommend the target item to real users in a diverse manner, because their generated fake user behaviors are dominated by large communities. To alleviate these two issues, we propose a difficulty and diversity aware attacker, namely DADA. We design the difficulty-aware and diversity-aware objectives to enable easy users from various communities to contribute more weights when optimizing attackers. By incorporating these two objectives, the proposed attacker DADA can concentrate on easy users while also affecting a broader range of real users simultaneously, thereby boosting the effectiveness. Extensive experiments on three real-world datasets demonstrate the effectiveness of our proposed attacker.
Supplementary Material
Supplemental material.
- Download
- 1.36 MB
References
[1]
Hervé Abdi and Lynne J Williams. Principal component analysis. Wiley interdisciplinary reviews: computational statistics, 2(4):433-459, 2010.
[2]
Ofer Arazy, Nanda Kumar, and Bracha Shapira. Improving social recommender systems. IT professional, 11(4):38-44, 2009.
[3]
Atilim Gunes Baydin et al. Automatic differentiation in machine learning: a survey. JMLR, 18:1-43, 2018.
[4]
Robin Burke et al. Limited knowledge shilling attacks in collaborative filtering systems. In IJCAI), pages 17-24, 2005.
[5]
Eunjoon Cho et al. Friendship and mobility: user movement in location-based social networks. In SIGKDD, pages 1082-1090, 2011.
[6]
Konstantina Christakopoulou and Arindam Banerjee. Adversarial attacks on an oblivious recommender. In RecSys, pages 322-330, 2019.
[7]
Anahita Davoudi and Mainak Chatterjee. Detection of profile injection attacks in social recommender systems using outlier analysis. In 2017 IEEE International Conference on Big Data (Big Data), pages 2714-2719. IEEE, 2017.
[8]
Yashar Deldjoo, Tommaso Di Noia, and Felice Antonio Merra. A survey on adversarial recommender systems: from attack/defense strategies to generative adversarial networks. ACM Computing Surveys (CSUR), 54(2):1-38, 2021.
[9]
Shimin Di, Yanyan Shen, and Lei Chen. Relation extraction via domain-aware transfer learning. In Proceedings of the 25th ACM SIGKDD international conference on knowledge discovery & Data Mining, pages 1348-1357, 2019.
[10]
Wenqi Fan et al. Attacking black-box recommendations via copying cross-domain user profiles. In ICDE, pages 1583-1594. IEEE, 2021.
[11]
Minghong Fang, Neil Zhenqiang Gong, and Jia Liu. Influence function based data poisoning attacks to top-n recommender systems. In WWW, pages 3019-3025, 2020.
[12]
Minghong Fang, Guolei Yang, Neil Zhenqiang Gong, and Jia Liu. Poisoning attacks to graph-based recommender systems. In ACSAC, pages 381-392, 2018.
[13]
Matthias Fey, Jan E Lenssen, Frank Weichert, and Jure Leskovec. Gnnautoscale: Scalable and expressive graph neural networks via historical embeddings. In International Conference on Machine Learning, pages 3294-3304. PMLR, 2021.
[14]
F Maxwell Harper et al. The movielens datasets: History and context. TIIS, 5(4):1-19, 2015.
[15]
Xiangnan He, Kuan Deng, Xiang Wang, Yan Li, Yongdong Zhang, and Meng Wang. Lightgcn: Simplifying and powering graph convolution network for recommendation. In SIGIR, pages 639-648, 2020.
[16]
Xiangnan He et al. Neural collaborative filtering. In WWW, pages 173-182, 2017.
[17]
Hai Huang, Jiaming Mu, Neil Zhenqiang Gong, Qi Li, Bin Liu, and Mingwei Xu. Data poisoning attacks to deep learning based recommender systems. arXiv preprint arXiv:2101.02644, 2021.
[18]
Yehuda Koren, Robert Bell, and Chris Volinsky. Matrix factorization techniques for recommender systems. Computer, 42(8):30-37, 2009.
[19]
K Krishna et al. Genetic k-means algorithm. Cybernetics, 29(3):433-439, 1999.
[20]
Bo Li et al. Data poisoning attacks on factorization-based collaborative filtering. NeurIPS, 29:1885-1893, 2016.
[21]
Haoyang Li and Lei Chen. Cache-based gnn system for dynamic graphs. In Proceedings of the 30th ACM International Conference on Information & Knowledge Management, pages 937-946, 2021.
[22]
Haoyang Li, Shimin Di, Zijian Li, Lei Chen, and Jiannong Cao. Black-box adversarial attack and defense on graph neural networks. In ICDE, pages 1017-1030. IEEE, 2022.
[23]
Haoyang Li, Xueling Lin, and Lei Chen. Fine-grained entity typing via label noise reduction and data augmentation. In International Conference on Database Systems for Advanced Applications, pages 356-374. Springer, 2021.
[24]
Chen Lin, Si Chen, Hui Li, Yanghua Xiao, Lianyun Li, and Qian Yang. Attacking recommender systems with augmented user profiles. In Proceedings of the 29th ACM international conference on information & knowledge management, pages 855-864, 2020.
[25]
Xueling Lin, Lei Chen, and Chaorui Zhang. Tenet: Joint entity and relation linking with coherence relaxation. In Proceedings of the 2021 International Conference on Management of Data, pages 1142-1155, 2021.
[26]
Xueling Lin, Haoyang Li, Hao Xin, Zijian Li, and Lei Chen. Kbpearl: a knowledge base population system supported by joint entity and relation linking. Proceedings of the VLDB Endowment, 13(7):1035-1049, 2020.
[27]
Greg Linden et al. Amazon. com recommendations: Item-to-item collaborative filtering. IEEE Internet computing, 7(1):76-80, 2003.
[28]
Jiaqi Ma, Zhe Zhao, Xinyang Yi, Ji Yang, Minmin Chen, Jiaxi Tang, Lichan Hong, and Ed H Chi. Off-policy learning in two-stage recommender systems. In Proceedings of The Web Conference 2020, pages 463-473, 2020.
[29]
Bamshad Mobasher et al. Toward trustworthy recommender systems: An analysis of attack models and algorithm robustness. TOIT, 7(4):23-es, 2007.
[30]
Michael P O'Mahony, Neil J Hurley, and Guénolé CM Silvestre. Recommender systems: Attack types and strategies. In AAAI, pages 334-339, 2005.
[31]
Steffen Rendle et al. Bpr: Bayesian personalized ranking from implicit feedback. arXiv preprint arXiv:1205.2618, 2012.
[32]
Steffen Rendle, Walid Krichene, Li Zhang, and John Anderson. Neural collaborative filtering vs. matrix factorization revisited. In RecSys, pages 240-248, 2020.
[33]
Dazhong Rong, Shuai Ye, Ruoyan Zhao, Hon Ning Yuen, Jianhai Chen, and Qinming He. Fedrecattack: Model poisoning attack to federated recommendation. arXiv preprint arXiv:2204.01499, 2022.
[34]
Sebastian Ruder. An overview of gradient descent optimization algorithms. arXiv preprint arXiv:1609.04747, 2016.
[35]
Badrul Sarwar, George Karypis, Joseph Konstan, and John Riedl. Item-based collaborative filtering recommendation algorithms. In Proceedings of the 10th international conference on World Wide Web, pages 285-295, 2001.
[36]
Lalita Sharma and Anju Gera. A survey of recommendation system: Research challenges. IJETT, 4(5):1989-1992, 2013.
[37]
DI Shimin, YAO Quanming, Yongqi ZHANG, and CHEN Lei. Efficient relation-aware scoring function search for knowledge graph embedding. In 2021 IEEE 37th International Conference on Data Engineering (ICDE), pages 1104-1115. IEEE, 2021.
[38]
Junshuai Song et al. Poisonrec: an adaptive data poisoning framework for attacking black-box recommender systems. In ICDE, pages 157-168. IEEE, 2020.
[39]
Jiaxi Tang, Francois Belletti, Sagar Jain, Minmin Chen, Alex Beutel, Can Xu, and Ed H. Chi. Towards neural mixture recommender for long range dependent user sequences. In The World Wide Web Conference, pages 1782-1793, 2019.
[40]
Jiaxi Tang and Ke Wang. Personalized top-n sequential recommendation via convolutional sequence embedding. In WSDM, pages 565-573, 2018.
[41]
Jiaxi Tang, Hongyi Wen, and Ke Wang. Revisiting adversarially learned injection attacks against recommender systems. In RecSys, pages 318-327, 2020.
[42]
Xin Wang, Ziwei Zhang, and Wenwu Zhu. Automated graph machine learning: Approaches, libraries and directions. arXiv preprint arXiv:2201.01288, 2022.
[43]
Zhili Wang, Shimin Di, and Lei Chen. Autogel: An automated graph neural network with explicit link information. Advances in Neural Information Processing Systems, 34:24509-24522, 2021.
[44]
Chenwang Wu, Defu Lian, et al. Fight fire with fire: Towards robust recommender systems via adversarial poisoning training. In SIGIR, pages 1074-1083, 2021.
[45]
Chenwang Wu, Defu Lian, et al. Triple adversarial learning for influence based poisoning attack in recommender systems. In SIGKDD, pages 1830-1840, 2021.
[46]
Huijun Wu, Chen Wang, Yuriy Tyshetskiy, et al. Adversarial examples for graph data: deep insights into attack and defense. In IJCAI, pages 4816-4823, 2019.
[47]
Le Wu et al. A survey on neural recommendation: From collaborative filtering to content and context enriched recommendation. arXiv preprint arXiv:2104.13030, 2021.
[48]
Shiwen Wu, Fei Sun, Wentao Zhang, and Bin Cui. Graph neural networks in recommender systems: a survey. arXiv preprint arXiv:2011.02260, 2020.
[49]
Guolei Yang, Neil Zhenqiang Gong, and Ying Cai. Fake co-visitation injection attacks to recommender systems. In NDSS, 2017.
[50]
Rex Ying et al. Graph convolutional neural networks for web-scale recommender systems. In SIGKDD, pages 974-983, 2018.
[51]
Hengtong Zhang et al. Data poisoning attack against recommender system using incomplete and perturbed data. In SIGKDD, pages 2154-2164, 2021.
[52]
Hengtong Zhang, Yaliang Li, Bolin Ding, and Jing Gao. Practical data poisoning attack against next-item recommendation. In WWW, pages 2458-2464, 2020.
[53]
Shuai Zhang, Lina Yao, Aixin Sun, and Yi Tay. Deep learning based recommender system: A survey and new perspectives. CSUR, 52(1):1-38, 2019.
[54]
Ziwei Zhang, Xin Wang, and Wenwu Zhu. Automated machine learning on graphs: A survey. arXiv preprint arXiv:2103.00742, 2021.
[55]
Huan Zhao, Lanning Wei, and Quanming Yao. Simplifying architecture search for graph neural network. arXiv preprint arXiv:2008.11652, 2020.
Index Terms
- Revisiting injective attacks on recommender systems
Index terms have been assigned to the content through auto-classification.
Recommendations
Poisoning Attacks to Graph-Based Recommender Systems
ACSAC '18: Proceedings of the 34th Annual Computer Security Applications ConferenceRecommender system is an important component of many web services to help users locate items that match their interests. Several studies showed that recommender systems are vulnerable to poisoning attacks, in which an attacker injects fake data to a ...
Preventing shilling attacks in online recommender systems
WIDM '05: Proceedings of the 7th annual ACM international workshop on Web information and data managementCollaborative filtering techniques have been successfully employed in recommender systems in order to help users deal with information overload by making high quality personalized recommendations. However, such systems have been shown to be vulnerable ...
Revisiting Adversarially Learned Injection Attacks Against Recommender Systems
RecSys '20: Proceedings of the 14th ACM Conference on Recommender SystemsRecommender systems play an important role in modern information and e-commerce applications. While increasing research is dedicated to improving the relevance and diversity of the recommendations, the potential risks of state-of-the-art recommendation ...
Comments
Information & Contributors
Information
Published In
November 2022
39114 pages
ISBN:9781713871088
- Editors:
- S. Koyejo,
- S. Mohamed,
- A. Agarwal,
- D. Belgrave,
- K. Cho,
- A. Oh
Copyright © 2022 Neural Information Processing Systems Foundation, Inc.
Publisher
Curran Associates Inc.
Red Hook, NY, United States
Publication History
Published: 28 November 2022
Qualifiers
- Research-article
- Research
- Refereed limited
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 30 Jan 2025