Revisiting Data Poisoning Attacks on Deep Learning Based Recommender Systems

2023 IEEE Symposium on Computers and Communications (ISCC) Pub Date : 2023-07-09 DOI:10.1109/ISCC58397.2023.10218302

Zhiye Wang, Baisong Liu, Chennan Lin, Xueyuan Zhang, Ce Hu, Jiangcheng Qin, Linze Luo

{"title":"Revisiting Data Poisoning Attacks on Deep Learning Based Recommender Systems","authors":"Zhiye Wang, Baisong Liu, Chennan Lin, Xueyuan Zhang, Ce Hu, Jiangcheng Qin, Linze Luo","doi":"10.1109/ISCC58397.2023.10218302","DOIUrl":null,"url":null,"abstract":"Deep learning based recommender systems(DLRS) as one of the up-and-coming recommender systems, and their robustness is crucial for building trustworthy recommender systems. However, recent studies have demonstrated that DLRS are vulnerable to data poisoning attacks. Specifically, an unpopular item can be promoted to regular users by injecting well-crafted fake user profiles into the victim recommender systems. In this paper, we revisit the data poisoning attacks on DLRS and find that state-of-the-art attacks suffer from two issues: user-agnostic and fake-user-unitary or target-item-agnostic, reducing the effectiveness of promotion attacks. To gap these two limitations, we proposed our improved method Generate Targeted Attacks(GTA), to implement targeted attacks on vulnerable users defined by user intent and sensitivity. We initialize the fake users by adding seed items to address the cold start problems of fake users so that we can implement targeted attacks. Our extensive experiments on two real-world datasets demonstrate the effectiveness of GTA.","PeriodicalId":265337,"journal":{"name":"2023 IEEE Symposium on Computers and Communications (ISCC)","volume":"62 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-07-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 IEEE Symposium on Computers and Communications (ISCC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISCC58397.2023.10218302","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Deep learning based recommender systems(DLRS) as one of the up-and-coming recommender systems, and their robustness is crucial for building trustworthy recommender systems. However, recent studies have demonstrated that DLRS are vulnerable to data poisoning attacks. Specifically, an unpopular item can be promoted to regular users by injecting well-crafted fake user profiles into the victim recommender systems. In this paper, we revisit the data poisoning attacks on DLRS and find that state-of-the-art attacks suffer from two issues: user-agnostic and fake-user-unitary or target-item-agnostic, reducing the effectiveness of promotion attacks. To gap these two limitations, we proposed our improved method Generate Targeted Attacks(GTA), to implement targeted attacks on vulnerable users defined by user intent and sensitivity. We initialize the fake users by adding seed items to address the cold start problems of fake users so that we can implement targeted attacks. Our extensive experiments on two real-world datasets demonstrate the effectiveness of GTA.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

回顾基于深度学习的推荐系统的数据中毒攻击

基于深度学习的推荐系统(DLRS)是一个很有发展前途的推荐系统，其鲁棒性对于构建值得信赖的推荐系统至关重要。然而，最近的研究表明，DLRS很容易受到数据中毒攻击。具体来说，一个不受欢迎的项目可以通过向受害者推荐系统中注入精心制作的虚假用户资料来推广给普通用户。在本文中，我们重新审视了针对DLRS的数据中毒攻击，发现最先进的攻击存在两个问题:用户不可知和假用户单一或目标项目不可知，从而降低了促销攻击的有效性。为了突破这两方面的限制，我们提出了改进的生成目标攻击(GTA)方法，根据用户意图和敏感性对易受攻击的用户进行针对性攻击。我们通过添加种子项来初始化假用户，以解决假用户的冷启动问题，以便我们可以实现有针对性的攻击。我们在两个真实世界数据集上的大量实验证明了GTA的有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

2023 IEEE Symposium on Computers and Communications (ISCC)

自引率

0.00%

发文量