33 research outputs found
Practical Cross-system Shilling Attacks with Limited Access to Data
In shilling attacks, an adversarial party injects a few fake user profiles
into a Recommender System (RS) so that the target item can be promoted or
demoted. Although much effort has been devoted to developing shilling attack
methods, we find that existing approaches are still far from practical. In this
paper, we analyze the properties a practical shilling attack method should have
and propose a new concept of Cross-system Attack. With the idea of Cross-system
Attack, we design a Practical Cross-system Shilling Attack (PC-Attack)
framework that requires little information about the victim RS model and the
target RS data for conducting attacks. PC-Attack is trained to capture graph
topology knowledge from public RS data in a self-supervised manner. Then, it is
fine-tuned on a small portion of target data that is easy to access to
construct fake profiles. Extensive experiments have demonstrated the
superiority of PC-Attack over state-of-the-art baselines. Our implementation of
PC-Attack is available at https://github.com/KDEGroup/PC-Attack.Comment: Accepted by AAAI 202
The Majority Rule: A General Protection on Recommender System
Recommender systems are widely used in a variety of scenarios, including online shopping, social network, and contents distribution. As users rely more on recommender systems for information retrieval, they also become attractive targets for cyber-attacks. The high-level idea of attacking a recommender system is straightforward. An adversary selects a strategy to inject manipulated data into the database of the recommender system to influence the recommendation results, which is also known as a profile injection attack. Most existing works treat attacking and protection in a static manner, i.e., they only consider the adversary’s behavior when analyzing the influence without considering normal users’ activities. However, most recommender systems have a large number of normal users who also add data to the database, the effects of which are largely ignored when considering the protection of a recommender system. We take normal users’ contributions into consideration and analyze popular attacks against a recommender system. We also propose a general protection framework under this dynamic setting
RecAD: Towards A Unified Library for Recommender Attack and Defense
In recent years, recommender systems have become a ubiquitous part of our
daily lives, while they suffer from a high risk of being attacked due to the
growing commercial and social values. Despite significant research progress in
recommender attack and defense, there is a lack of a widely-recognized
benchmarking standard in the field, leading to unfair performance comparison
and limited credibility of experiments. To address this, we propose RecAD, a
unified library aiming at establishing an open benchmark for recommender attack
and defense. RecAD takes an initial step to set up a unified benchmarking
pipeline for reproducible research by integrating diverse datasets, standard
source codes, hyper-parameter settings, running logs, attack knowledge, attack
budget, and evaluation results. The benchmark is designed to be comprehensive
and sustainable, covering both attack, defense, and evaluation tasks, enabling
more researchers to easily follow and contribute to this promising field. RecAD
will drive more solid and reproducible research on recommender systems attack
and defense, reduce the redundant efforts of researchers, and ultimately
increase the credibility and practical value of recommender attack and defense.
The project is released at https://github.com/gusye1234/recad
Attacking Recommender Systems with Augmented User Profiles
Recommendation Systems (RS) have become an essential part of many online
services. Due to its pivotal role in guiding customers towards purchasing,
there is a natural motivation for unscrupulous parties to spoof RS for profits.
In this paper, we study the shilling attack: a subsistent and profitable attack
where an adversarial party injects a number of user profiles to promote or
demote a target item. Conventional shilling attack models are based on simple
heuristics that can be easily detected, or directly adopt adversarial attack
methods without a special design for RS. Moreover, the study on the attack
impact on deep learning based RS is missing in the literature, making the
effects of shilling attack against real RS doubtful. We present a novel
Augmented Shilling Attack framework (AUSH) and implement it with the idea of
Generative Adversarial Network. AUSH is capable of tailoring attacks against RS
according to budget and complex attack goals, such as targeting a specific user
group. We experimentally show that the attack impact of AUSH is noticeable on a
wide range of RS including both classic and modern deep learning based RS,
while it is virtually undetectable by the state-of-the-art attack detection
model.Comment: CIKM 2020. 10 pages, 2 figure