Skip to main content
SpringerLink
Log in

PATR: A Novel Poisoning Attack Based on Triangle Relations Against Deep Learning-Based Recommender Systems

  • Conference paper
  • First Online:
Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom 2021)

  • 805 Accesses

Abstract

Recommender systems (RSs) have emerged as an effective way to deal with information overload and are very popular in e-commerce. However, because of the open nature of collaborative characteristics of the systems, RSs are susceptible to poisoning attacks, which inject fake user profiles into RSs to increase or decrease the recommended frequency of the target item. The traditional poisoning attack methods (such as random attack and average attack) are easy to be detected and lack of generality since they usually use global statistics, e.g., the number of each user’s ratings and the average rating for filler items. Moreover, as deep learning (DL) becomes more widely used in RSs, attackers are likely to use related techniques to attack RSs. To explore the robustness of DL-based RSs under the possible attacks, we propose a novel poisoning attack with triangle relations (PATR). The triangle relations refer to the balance among a fake user and two real users, aiming to improve attack performance. We also present a novel fake & real sampling strategy, i.e., sampling a set of fake users from the real users, to decrease the possibility of being detected. Comprehensive experiments on three public datasets show that PATR outperforms traditional poisoning attacks on attack effectiveness and anti-detection capability.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://www.librec.net/datasets/filmtrust.zip.

  2. 2.

    https://guoguibing.github.io/librec/datasets/CiaoDVD.zip.

  3. 3.

    https://grouplens.org/datasets/movielens/100k/.

References

  1. Resnick, P., Varian, H.R.: Recommender systems. Commun. ACM 40(3), 56–58 (1997)

    Article  Google Scholar 

  2. Koren, Y., Bell, R., Volinsky, C.: Matrix factorization techniques for recommender systems. Computer 42(8), 30–37 (2009)

    Article  Google Scholar 

  3. Ricci, F., Rokach, L., Shapira, B.: Introduction to Recommender Systems Handbook. In: Ricci, F., Rokach, L., Shapira, B., Kantor, P.B. (eds.) Recommender Systems Handbook, pp. 1–35. Springer, Boston (2011). https://doi.org/10.1007/978-0-387-85820-3_1

    Chapter  MATH  Google Scholar 

  4. O’Mahony, M., Hurley, N., Kushmerick, N., et al.: Collaborative recommendation: a robustness analysis. ACM Trans. Internet Technol. (TOIT) 4(4), 344–377 (2004)

    Article  Google Scholar 

  5. Hurley, N.J.: Robustness of recommender systems. In: Proceedings of the fifth ACM Conference on Recommender Systems, pp. 9–10 (2011)

    Google Scholar 

  6. Douceur, J.R.: The Sybil attack. In: Druschel, P., Kaashoek, F., Rowstron, A. (eds.) IPTPS 2002. LNCS, vol. 2429, pp. 251–260. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45748-8_24

    Chapter  Google Scholar 

  7. Wilson, D.C., Seminario, C.E.: When power users attack: assessing impacts in collaborative recommender systems. In: Proceedings of the 7th ACM Conference on Recommender Systems, pp. 427–430 (2013)

    Google Scholar 

  8. Li, B., Wang, Y., Singh, A., et al.: Data poisoning attacks on factorization-based collaborative filtering. In: Proceedings of the 30th International Conference on Neural Information Processing Systems, pp. 1893–1901 (2016)

    Google Scholar 

  9. Pang, M., Gao, W., Tao, M., et al.: Unorganized malicious attacks detection. In: Proceedings of the 32nd International Conference on Neural Information Processing Systems, pp. 6976–6985 (2018)

    Google Scholar 

  10. Gunes, I., Kaleli, C., Bilge, A., et al.: Shilling attacks against recommender systems: a comprehensive survey. Artif. Intell. Rev. 42(4), 767–799 (2014)

    Article  Google Scholar 

  11. Lam, S.K., Riedl, J.: Shilling recommender systems for fun and profit. In: Proceedings of the 13th International Conference on World Wide Web, pp. 393–402 (2004)

    Google Scholar 

  12. Si, M., Li, Q.: Shilling attacks against collaborative recommender systems: a review. Artif. Intell. Rev. 53(1), 291–319 (2020)

    Article  MathSciNet  Google Scholar 

  13. Williams, C.A., Mobasher, B., Burke, R.: Defending recommender systems: detection of profile injection attacks. Serv. Oriented Comput. Appl. 1(3), 157–170 (2007)

    Article  Google Scholar 

  14. Meng, W., Xing, X., Sheth, A., et al.: Your online interests: Pwned! A pollution attack against targeted advertising. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, vol. 2014, pp. 129–140 (2014)

    Google Scholar 

  15. Lin, C., Chen, S., Li, H., et al.: Attacking recommender systems with augmented user profiles. In: Proceedings of the 29th ACM International Conference on Information & Knowledge Management, pp. 855–864 (2020)

    Google Scholar 

  16. Brendel, W., Rauber, J., Bethge, M.: Decision-based adversarial attacks: reliable attacks against black-box machine learning models. In: International Conference on Learning Representations (2018)

    Google Scholar 

  17. Zhang, S., Yao, L., Sun, A., et al.: Deep learning based recommender system: a survey and new perspectives. ACM Comput. Surv. (CSUR) 52(1), 1–38 (2019)

    Google Scholar 

  18. Sahoo, A.K., Pradhan, C., Barik, R.K., et al.: DeepReco: deep learning based health recommender system using collaborative filtering. Computation 7(2), 25 (2019)

    Article  Google Scholar 

  19. van den Berg, R., Kipf, T.N., Welling, M.: Graph convolutional matrix completion (2017)

    Google Scholar 

  20. Masci, J., Meier, U., Cireşan, D., Schmidhuber, J.: Stacked convolutional auto-encoders for hierarchical feature extraction. In: Honkela, T., Duch, W., Girolami, M., Kaski, S. (eds.) ICANN 2011. LNCS, vol. 6791, pp. 52–59. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-21735-7_7

    Chapter  Google Scholar 

  21. Herlocker, J.L., Konstan, J.A., Riedl, J.: Explaining collaborative filtering recommendations. In: Proceedings of the ACM Conference on Computer Supported Cooperative Work, vol. 2000, pp. 241–250 (2000)

    Google Scholar 

  22. Burke, R., Mobasher, B., Bhaumik, R., et al.: Segment-based injection attacks against collaborative filtering recommender systems. In: Fifth IEEE International Conference on Data Mining (ICDM’05). IEEE (2005)

    Google Scholar 

  23. Mobasher, B., Burke, R., Bhaumik, R., et al.: Toward trustworthy recommender systems: an analysis of attack models and algorithm robustness. ACM Trans. Internet Technol. (TOIT) 7, 23-es (2007)

    Google Scholar 

  24. Fang, M., Yang, G., Gong, N.Z., et al.: Poisoning attacks to graph-based recommender systems. In: Proceedings of the 34th Annual Computer Security Applications Conference, pp. 381–392 (2018)

    Google Scholar 

  25. Zhang, H., Li, Y., Ding, B., et al.: Practical data poisoning attack against next-item recommendation. In: Proceedings of The Web Conference 2020, pp. 2458–2464 (2020)

    Google Scholar 

  26. Mescheder, L., Geiger, A., Nowozin, S.: Which training methods for GANs do actually converge? In: International Conference on Machine Learning, PMLR, pp. 3481–3490 (2018)

    Google Scholar 

  27. Hong, Y., Hwang, U., Yoo, J., et al.: How generative adversarial networks and their variants work: an overview. ACM Comput. Surv. (CSUR) 52(1), 1–43 (2019)

    Article  Google Scholar 

  28. He, X., Liao, L., Zhang, H., et al.: Neural collaborative filtering. In: Proceedings of the 26th International Conference on World Wide Web, pp. 173–182 (2017)

    Google Scholar 

  29. Xue, H.J., Dai, X., Zhang, J., et al.: Deep matrix factorization models for recommender systems. In: International Joint Conference on Artificial Intelligence, vol. 17, pp. 3203–3209 (2017)

    Google Scholar 

  30. Zhou, Q., Wu, J., Duan, L.: Recommendation attack detection based on deep learning. J. Inf. Secur. Appl. 52, 102493 (2020)

    Google Scholar 

  31. Li, W., Gao, M., Li, H., et al.: Shilling attack detection in recommender systems via selecting patterns analysis. IEICE Trans. Inf. Syst. 99(10), 2600–2611 (2016)

    Article  Google Scholar 

Download references

Acknowledgments

This study was supported by the National Key R&D Program of China (2018YFB1403602), Natural Science Foundation of Chongqing, China (cstc2020jcyj-msxmX0690), the Technological Innovation and Application Program of Chongqing (cstc2019jscx-mbdxX0008), the Fundamental Research Funds for the Central Universities of Chongqing University (2020CDJ-LHZZ-039), and the Overseas Returnees Innovation and Entrepreneurship Support Program of Chongqing (cx2020097).

Author information

Authors and Affiliations

  1. School of Big Data and Software Engineering, Chongqing University, Chongqing, China

    Meiling Chao, Min Gao, Junwei Zhang & Zongwei Wang

  2. School of Economics and Business Administration, Chongqing University, Chongqing, China

    Quanwu Zhao

  3. Chongqing Aerospace Polytechnic, Chongqing, China

    Meiling Chao, Min Gao, Junwei Zhang, Zongwei Wang, Quanwu Zhao & Yulin He

Authors
  1. Meiling Chao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Min Gao
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Junwei Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Zongwei Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Quanwu Zhao
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Yulin He
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Min Gao .

Editor information

Editors and Affiliations

  1. Shanghai University, Shanghai, China

    Honghao Gao

  2. Xi’an Jiaotong-Liverpool University, Suzhou, China

    Xinheng Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2021 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Chao, M., Gao, M., Zhang, J., Wang, Z., Zhao, Q., He, Y. (2021). PATR: A Novel Poisoning Attack Based on Triangle Relations Against Deep Learning-Based Recommender Systems. In: Gao, H., Wang, X. (eds) Collaborative Computing: Networking, Applications and Worksharing. CollaborateCom 2021. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 407. Springer, Cham. https://doi.org/10.1007/978-3-030-92638-0_26

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-92638-0_26

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-92637-3

  • Online ISBN: 978-3-030-92638-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation