ReOP: Generating Transferable Fake Users for Recommendation Systems via Reverse Optimization

IF 4.5 2区计算机科学 Q1 COMPUTER SCIENCE, CYBERNETICS IEEE Transactions on Computational Social Systems Pub Date : 2024-09-17 DOI:10.1109/TCSS.2024.3451452

Fulan Qian;Yan Cui;Hai Chen;Wenbin Chen;Yuanting Yan;Shu Zhao

{"title":"ReOP: Generating Transferable Fake Users for Recommendation Systems via Reverse Optimization","authors":"Fulan Qian;Yan Cui;Hai Chen;Wenbin Chen;Yuanting Yan;Shu Zhao","doi":"10.1109/TCSS.2024.3451452","DOIUrl":null,"url":null,"abstract":"Recent research has demonstrated that recommendation systems exhibit vulnerability under data poisoning attacks. The primary process of data poisoning attacks involves generating malicious data (i.e., fake users) through surrogate models and injecting the malicious data into the target models’ datasets, thereby manipulating the output results of the target models. However, current methods generating fake users based on gradient descent may cause them to fall into undesired local minimum in the loss landscape and overfitting to the surrogate model, thus limiting the performance of attacking other recommendation models. To address this problem, we propose the reverse optimization algorithm (ReOP), which utilizes the reverse direction of optimization to update fake users, enabling them to steer clear of sharp local minimum in loss landscape and navigate towards the flat local minimum. ReOP makes fake users less sensitive to model changes, alleviates their overfitting to the surrogate model, and thus significantly improves the transferability of fake users. Experimental results demonstrate that ReOP surpasses the state-of-the-art baseline methods, effectively generating fake users with significant attack effects on various target models.","PeriodicalId":13044,"journal":{"name":"IEEE Transactions on Computational Social Systems","volume":"11 6","pages":"7830-7845"},"PeriodicalIF":4.5000,"publicationDate":"2024-09-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Computational Social Systems","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10681321/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, CYBERNETICS","Score":null,"Total":0}

引用次数: 0

Abstract

Recent research has demonstrated that recommendation systems exhibit vulnerability under data poisoning attacks. The primary process of data poisoning attacks involves generating malicious data (i.e., fake users) through surrogate models and injecting the malicious data into the target models’ datasets, thereby manipulating the output results of the target models. However, current methods generating fake users based on gradient descent may cause them to fall into undesired local minimum in the loss landscape and overfitting to the surrogate model, thus limiting the performance of attacking other recommendation models. To address this problem, we propose the reverse optimization algorithm (ReOP), which utilizes the reverse direction of optimization to update fake users, enabling them to steer clear of sharp local minimum in loss landscape and navigate towards the flat local minimum. ReOP makes fake users less sensitive to model changes, alleviates their overfitting to the surrogate model, and thus significantly improves the transferability of fake users. Experimental results demonstrate that ReOP surpasses the state-of-the-art baseline methods, effectively generating fake users with significant attack effects on various target models.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

ReOP：通过反向优化为推荐系统生成可转移的假用户

最近的研究表明，在数据中毒攻击下，推荐系统表现出脆弱性。数据中毒攻击的主要过程包括通过代理模型生成恶意数据（即假用户），并将恶意数据注入目标模型的数据集中，从而操纵目标模型的输出结果。然而，目前基于梯度下降生成假用户的方法可能会导致他们在损失情况下陷入不希望的局部最小值，并过度拟合代理模型，从而限制了攻击其他推荐模型的性能。为了解决这个问题，我们提出了反向优化算法（ReOP），该算法利用反向优化方向来更新假用户，使他们能够避开损失景观中的尖锐局部最小值，并导航到平坦局部最小值。ReOP降低了假用户对模型变化的敏感性，缓解了假用户对代理模型的过度拟合，从而显著提高了假用户的可转移性。实验结果表明，ReOP超越了最先进的基线方法，可以有效地生成对各种目标模型具有显著攻击效果的假用户。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

IEEE Transactions on Computational Social Systems Social Sciences-Social Sciences (miscellaneous)

CiteScore

10.00

自引率

20.00%

发文量

316

期刊介绍： IEEE Transactions on Computational Social Systems focuses on such topics as modeling, simulation, analysis and understanding of social systems from the quantitative and/or computational perspective. "Systems" include man-man, man-machine and machine-machine organizations and adversarial situations as well as social media structures and their dynamics. More specifically, the proposed transactions publishes articles on modeling the dynamics of social systems, methodologies for incorporating and representing socio-cultural and behavioral aspects in computational modeling, analysis of social system behavior and structure, and paradigms for social systems modeling and simulation. The journal also features articles on social network dynamics, social intelligence and cognition, social systems design and architectures, socio-cultural modeling and representation, and computational behavior modeling, and their applications.

期刊最新文献

2024 Index IEEE Transactions on Computational Social Systems Vol. 11 Table of Contents Guest Editorial: Special Issue on Social Manufacturing After ChatGPT Metacracy: A New Governance Paradigm Beyond Bounded Intelligence IEEE Transactions on Computational Social Systems Publication Information