Review-incorporated model-agnostic injection attacks on recommender systems

Shiyi Yang; Lina Yao; Chen Wang; Xiwei Xu; Liming Zhu

doi:10.1109/ICDM58522.2023.00195

Review-incorporated model-agnostic injection attacks on recommender systems

Shiyi Yang^*, Lina Yao, Chen Wang, Xiwei Xu, Liming Zhu

^*Corresponding author for this work

School of Computing

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution › peer-review

7 Citations (Scopus)

Abstract

Recent studies have shown that recommender systems (RSs) are highly vulnerable to data poisoning attacks. Understanding attack tactics helps improve the robustness of RSs. We intend to develop efficient attack methods that use limited resources to generate high-quality fake user profiles to achieve 1) transferability among black-box RSs 2) and imperceptibility among detectors. In order to achieve these goals, we introduce textual reviews of products to enhance the generation quality of the profiles. Specifically, we propose a novel attack framework named R-Trojan, which formulates the attack objectives as an optimization problem and adopts a tailored transformer-based generative adversarial network (GAN) to solve it so that high-quality attack profiles can be produced. Comprehensive experiments on real-world datasets demonstrate that R-Trojan greatly outperforms state-of-the-art attack methods on various victim RSs under black-box settings and show its good imperceptibility.

Original language	English
Title of host publication	23rd IEEE International Conference on Data Mining ICDM 2023
Subtitle of host publication	proceedings
Editors	Guihai Chen, Latifur Khan, Xiaofeng Gao, Meikang Qiu, Witold Pedrycz, Xindong Wu
Place of Publication	Piscataway, NJ
Publisher	Institute of Electrical and Electronics Engineers (IEEE)
Pages	1481-1486
Number of pages	6
ISBN (Electronic)	9798350307887
ISBN (Print)	9798350307894
DOIs	https://doi.org/10.1109/ICDM58522.2023.00195
Publication status	Published - 2023
Event	23rd IEEE International Conference on Data Mining, ICDM 2023 - Shanghai, China Duration: 1 Dec 2023 → 4 Dec 2023

Publication series

Name
ISSN (Print)	1550-4786
ISSN (Electronic)	2374-8486

Conference

Conference	23rd IEEE International Conference on Data Mining, ICDM 2023
Country/Territory	China
City	Shanghai
Period	1/12/23 → 4/12/23

Access to Document

10.1109/ICDM58522.2023.00195

Cite this

Yang, S., Yao, L., Wang, C., Xu, X., & Zhu, L. (2023). Review-incorporated model-agnostic injection attacks on recommender systems. In G. Chen, L. Khan, X. Gao, M. Qiu, W. Pedrycz, & X. Wu (Eds.), 23rd IEEE International Conference on Data Mining ICDM 2023: proceedings (pp. 1481-1486). Institute of Electrical and Electronics Engineers (IEEE). https://doi.org/10.1109/ICDM58522.2023.00195

Yang, Shiyi ; Yao, Lina ; Wang, Chen et al. / Review-incorporated model-agnostic injection attacks on recommender systems. 23rd IEEE International Conference on Data Mining ICDM 2023: proceedings. editor / Guihai Chen ; Latifur Khan ; Xiaofeng Gao ; Meikang Qiu ; Witold Pedrycz ; Xindong Wu. Piscataway, NJ : Institute of Electrical and Electronics Engineers (IEEE), 2023. pp. 1481-1486

@inproceedings{a4aeeafd98da4d90a98874a6341a2c12,

title = "Review-incorporated model-agnostic injection attacks on recommender systems",

abstract = "Recent studies have shown that recommender systems (RSs) are highly vulnerable to data poisoning attacks. Understanding attack tactics helps improve the robustness of RSs. We intend to develop efficient attack methods that use limited resources to generate high-quality fake user profiles to achieve 1) transferability among black-box RSs 2) and imperceptibility among detectors. In order to achieve these goals, we introduce textual reviews of products to enhance the generation quality of the profiles. Specifically, we propose a novel attack framework named R-Trojan, which formulates the attack objectives as an optimization problem and adopts a tailored transformer-based generative adversarial network (GAN) to solve it so that high-quality attack profiles can be produced. Comprehensive experiments on real-world datasets demonstrate that R-Trojan greatly outperforms state-of-the-art attack methods on various victim RSs under black-box settings and show its good imperceptibility.",

author = "Shiyi Yang and Lina Yao and Chen Wang and Xiwei Xu and Liming Zhu",

year = "2023",

doi = "10.1109/ICDM58522.2023.00195",

language = "English",

isbn = "9798350307894",

publisher = "Institute of Electrical and Electronics Engineers (IEEE)",

pages = "1481--1486",

editor = "Guihai Chen and Latifur Khan and Xiaofeng Gao and Meikang Qiu and Witold Pedrycz and Xindong Wu",

booktitle = "23rd IEEE International Conference on Data Mining ICDM 2023",

address = "United States",

note = "23rd IEEE International Conference on Data Mining, ICDM 2023 ; Conference date: 01-12-2023 Through 04-12-2023",

}

Yang, S, Yao, L, Wang, C, Xu, X & Zhu, L 2023, Review-incorporated model-agnostic injection attacks on recommender systems. in G Chen, L Khan, X Gao, M Qiu, W Pedrycz & X Wu (eds), 23rd IEEE International Conference on Data Mining ICDM 2023: proceedings. Institute of Electrical and Electronics Engineers (IEEE), Piscataway, NJ, pp. 1481-1486, 23rd IEEE International Conference on Data Mining, ICDM 2023, Shanghai, China, 1/12/23. https://doi.org/10.1109/ICDM58522.2023.00195

Review-incorporated model-agnostic injection attacks on recommender systems. / Yang, Shiyi; Yao, Lina; Wang, Chen et al.
23rd IEEE International Conference on Data Mining ICDM 2023: proceedings. ed. / Guihai Chen; Latifur Khan; Xiaofeng Gao; Meikang Qiu; Witold Pedrycz; Xindong Wu. Piscataway, NJ: Institute of Electrical and Electronics Engineers (IEEE), 2023. p. 1481-1486.

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution › peer-review

TY - GEN

T1 - Review-incorporated model-agnostic injection attacks on recommender systems

AU - Yang, Shiyi

AU - Yao, Lina

AU - Wang, Chen

AU - Xu, Xiwei

AU - Zhu, Liming

PY - 2023

Y1 - 2023

N2 - Recent studies have shown that recommender systems (RSs) are highly vulnerable to data poisoning attacks. Understanding attack tactics helps improve the robustness of RSs. We intend to develop efficient attack methods that use limited resources to generate high-quality fake user profiles to achieve 1) transferability among black-box RSs 2) and imperceptibility among detectors. In order to achieve these goals, we introduce textual reviews of products to enhance the generation quality of the profiles. Specifically, we propose a novel attack framework named R-Trojan, which formulates the attack objectives as an optimization problem and adopts a tailored transformer-based generative adversarial network (GAN) to solve it so that high-quality attack profiles can be produced. Comprehensive experiments on real-world datasets demonstrate that R-Trojan greatly outperforms state-of-the-art attack methods on various victim RSs under black-box settings and show its good imperceptibility.

AB - Recent studies have shown that recommender systems (RSs) are highly vulnerable to data poisoning attacks. Understanding attack tactics helps improve the robustness of RSs. We intend to develop efficient attack methods that use limited resources to generate high-quality fake user profiles to achieve 1) transferability among black-box RSs 2) and imperceptibility among detectors. In order to achieve these goals, we introduce textual reviews of products to enhance the generation quality of the profiles. Specifically, we propose a novel attack framework named R-Trojan, which formulates the attack objectives as an optimization problem and adopts a tailored transformer-based generative adversarial network (GAN) to solve it so that high-quality attack profiles can be produced. Comprehensive experiments on real-world datasets demonstrate that R-Trojan greatly outperforms state-of-the-art attack methods on various victim RSs under black-box settings and show its good imperceptibility.

UR - https://www.scopus.com/pages/publications/85185394227

U2 - 10.1109/ICDM58522.2023.00195

DO - 10.1109/ICDM58522.2023.00195

M3 - Conference proceeding contribution

AN - SCOPUS:85185394227

SN - 9798350307894

SP - 1481

EP - 1486

BT - 23rd IEEE International Conference on Data Mining ICDM 2023

A2 - Chen, Guihai

A2 - Khan, Latifur

A2 - Gao, Xiaofeng

A2 - Qiu, Meikang

A2 - Pedrycz, Witold

A2 - Wu, Xindong

PB - Institute of Electrical and Electronics Engineers (IEEE)

CY - Piscataway, NJ

T2 - 23rd IEEE International Conference on Data Mining, ICDM 2023

Y2 - 1 December 2023 through 4 December 2023

ER -

Yang S, Yao L, Wang C, Xu X, Zhu L. Review-incorporated model-agnostic injection attacks on recommender systems. In Chen G, Khan L, Gao X, Qiu M, Pedrycz W, Wu X, editors, 23rd IEEE International Conference on Data Mining ICDM 2023: proceedings. Piscataway, NJ: Institute of Electrical and Electronics Engineers (IEEE). 2023. p. 1481-1486 doi: 10.1109/ICDM58522.2023.00195

Review-incorporated model-agnostic injection attacks on recommender systems

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this