Building robust deep recommender systems: Utilizing a weighted adversarial noise propagation framework with robust fine-tuning modules

The performance of deep recommendation algorithms decreases significantly under adversarial attacks. While some approaches improve the recommender system robustness via adversarial training, they primarily target shallow models or rely on coarse-grained noise, so that deep models remain vulnerable. This study proposes a new adversarial training framework, the Random Adversarial Weight Perturbation Framework Equipped with Robust Fine-Tuning (RAWP-FT). Specifically, RAWP-FT first performs adversarial training of deep models by introducing more fine-grained adversarial noise into the hidden layer weight parameters. Subsequently, RAWP-FT identifies and targets the modules or layers with the lowest robustness after adversarial training and performs specialized adversarial training and fine-tuning to improve the model robustness further. Experiments demonstrate that RAWP-FT significantly enhances the robustness of deep recommendation models. We apply RAWP-FT to MLP and other deep models, highlighting its ability to strengthen vulnerable components through robust critical fine-tuning. Experiments on four publicly available datasets confirm that RAWP-FT-trained models can withstand adversarial noise while maintaining performance.