TY - JOUR
T1 - Adversarial Attacks for Black-Box Recommender Systems via Copying Transferable Cross-Domain User Profiles
AU - Fan, Wenqi
AU - Zhao, Xiangyu
AU - Li, Qing
AU - Derr, Tyler
AU - Ma, Yao
AU - Liu, Hui
AU - Wang, Jianping
AU - Tang, Jiliang
N1 - Publisher Copyright:
© 1989-2012 IEEE.
PY - 2023/12/1
Y1 - 2023/12/1
N2 - As widely used in data-driven decision-making, recommender systems have been recognized for their capabilities to provide users with personalized services in many user-oriented online services, such as E-commerce (e.g., Amazon, Taobao, etc.) and Social Media sites (e.g., Facebook and Twitter). Recent works have shown that deep neural networks-based recommender systems are highly vulnerable to adversarial attacks, where adversaries can inject carefully crafted fake user profiles (i.e., a set of items that fake users have interacted with) into a target recommender system to promote or demote a set of target items. Instead of generating users with fake profiles from scratch, in this article, we introduce a novel strategy to obtain 'fake' user profiles via copying cross-domain user profiles, where a reinforcement learning based black-box attacking framework (CopyAttack+) is developed to effectively and efficiently select cross-domain user profiles from the source domain to attack the target system. Moreover, we propose to train a local surrogate system for mimicking adversarial black-box attacks in the source domain, so as to provide transferable signals with the purpose of enhancing the attacking strategy in the target black-box recommender system. Comprehensive experiments on three real-world datasets are conducted to demonstrate the effectiveness of the proposed attacking framework.
AB - As widely used in data-driven decision-making, recommender systems have been recognized for their capabilities to provide users with personalized services in many user-oriented online services, such as E-commerce (e.g., Amazon, Taobao, etc.) and Social Media sites (e.g., Facebook and Twitter). Recent works have shown that deep neural networks-based recommender systems are highly vulnerable to adversarial attacks, where adversaries can inject carefully crafted fake user profiles (i.e., a set of items that fake users have interacted with) into a target recommender system to promote or demote a set of target items. Instead of generating users with fake profiles from scratch, in this article, we introduce a novel strategy to obtain 'fake' user profiles via copying cross-domain user profiles, where a reinforcement learning based black-box attacking framework (CopyAttack+) is developed to effectively and efficiently select cross-domain user profiles from the source domain to attack the target system. Moreover, we propose to train a local surrogate system for mimicking adversarial black-box attacks in the source domain, so as to provide transferable signals with the purpose of enhancing the attacking strategy in the target black-box recommender system. Comprehensive experiments on three real-world datasets are conducted to demonstrate the effectiveness of the proposed attacking framework.
KW - Recommender systems
KW - adversarial attacks
KW - black-box attacks
KW - cross-domain recommendations
KW - trustworthy recommender systems
UR - https://www.scopus.com/pages/publications/85159808935
U2 - 10.1109/TKDE.2023.3272652
DO - 10.1109/TKDE.2023.3272652
M3 - 文章
AN - SCOPUS:85159808935
SN - 1041-4347
VL - 35
SP - 12415
EP - 12429
JO - IEEE Transactions on Knowledge and Data Engineering
JF - IEEE Transactions on Knowledge and Data Engineering
IS - 12
ER -