Abstract
Recommender systems (RSs) have emerged as an effective way to deal with information overload and are very popular in e-commerce. However, because of the open nature of collaborative characteristics of the systems, RSs are susceptible to poisoning attacks, which inject fake user profiles into RSs to increase or decrease the recommended frequency of the target item. The traditional poisoning attack methods (such as random attack and average attack) are easy to be detected and lack of generality since they usually use global statistics, e.g., the number of each user’s ratings and the average rating for filler items. Moreover, as deep learning (DL) becomes more widely used in RSs, attackers are likely to use related techniques to attack RSs. To explore the robustness of DL-based RSs under the possible attacks, we propose a novel poisoning attack with triangle relations (PATR). The triangle relations refer to the balance among a fake user and two real users, aiming to improve attack performance. We also present a novel fake & real sampling strategy, i.e., sampling a set of fake users from the real users, to decrease the possibility of being detected. Comprehensive experiments on three public datasets show that PATR outperforms traditional poisoning attacks on attack effectiveness and anti-detection capability.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Resnick, P., Varian, H.R.: Recommender systems. Commun. ACM 40(3), 56–58 (1997)
Koren, Y., Bell, R., Volinsky, C.: Matrix factorization techniques for recommender systems. Computer 42(8), 30–37 (2009)
Ricci, F., Rokach, L., Shapira, B.: Introduction to Recommender Systems Handbook. In: Ricci, F., Rokach, L., Shapira, B., Kantor, P.B. (eds.) Recommender Systems Handbook, pp. 1–35. Springer, Boston (2011). https://doi.org/10.1007/978-0-387-85820-3_1
O’Mahony, M., Hurley, N., Kushmerick, N., et al.: Collaborative recommendation: a robustness analysis. ACM Trans. Internet Technol. (TOIT) 4(4), 344–377 (2004)
Hurley, N.J.: Robustness of recommender systems. In: Proceedings of the fifth ACM Conference on Recommender Systems, pp. 9–10 (2011)
Douceur, J.R.: The Sybil attack. In: Druschel, P., Kaashoek, F., Rowstron, A. (eds.) IPTPS 2002. LNCS, vol. 2429, pp. 251–260. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45748-8_24
Wilson, D.C., Seminario, C.E.: When power users attack: assessing impacts in collaborative recommender systems. In: Proceedings of the 7th ACM Conference on Recommender Systems, pp. 427–430 (2013)
Li, B., Wang, Y., Singh, A., et al.: Data poisoning attacks on factorization-based collaborative filtering. In: Proceedings of the 30th International Conference on Neural Information Processing Systems, pp. 1893–1901 (2016)
Pang, M., Gao, W., Tao, M., et al.: Unorganized malicious attacks detection. In: Proceedings of the 32nd International Conference on Neural Information Processing Systems, pp. 6976–6985 (2018)
Gunes, I., Kaleli, C., Bilge, A., et al.: Shilling attacks against recommender systems: a comprehensive survey. Artif. Intell. Rev. 42(4), 767–799 (2014)
Lam, S.K., Riedl, J.: Shilling recommender systems for fun and profit. In: Proceedings of the 13th International Conference on World Wide Web, pp. 393–402 (2004)
Si, M., Li, Q.: Shilling attacks against collaborative recommender systems: a review. Artif. Intell. Rev. 53(1), 291–319 (2020)
Williams, C.A., Mobasher, B., Burke, R.: Defending recommender systems: detection of profile injection attacks. Serv. Oriented Comput. Appl. 1(3), 157–170 (2007)
Meng, W., Xing, X., Sheth, A., et al.: Your online interests: Pwned! A pollution attack against targeted advertising. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, vol. 2014, pp. 129–140 (2014)
Lin, C., Chen, S., Li, H., et al.: Attacking recommender systems with augmented user profiles. In: Proceedings of the 29th ACM International Conference on Information & Knowledge Management, pp. 855–864 (2020)
Brendel, W., Rauber, J., Bethge, M.: Decision-based adversarial attacks: reliable attacks against black-box machine learning models. In: International Conference on Learning Representations (2018)
Zhang, S., Yao, L., Sun, A., et al.: Deep learning based recommender system: a survey and new perspectives. ACM Comput. Surv. (CSUR) 52(1), 1–38 (2019)
Sahoo, A.K., Pradhan, C., Barik, R.K., et al.: DeepReco: deep learning based health recommender system using collaborative filtering. Computation 7(2), 25 (2019)
van den Berg, R., Kipf, T.N., Welling, M.: Graph convolutional matrix completion (2017)
Masci, J., Meier, U., Cireşan, D., Schmidhuber, J.: Stacked convolutional auto-encoders for hierarchical feature extraction. In: Honkela, T., Duch, W., Girolami, M., Kaski, S. (eds.) ICANN 2011. LNCS, vol. 6791, pp. 52–59. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-21735-7_7
Herlocker, J.L., Konstan, J.A., Riedl, J.: Explaining collaborative filtering recommendations. In: Proceedings of the ACM Conference on Computer Supported Cooperative Work, vol. 2000, pp. 241–250 (2000)
Burke, R., Mobasher, B., Bhaumik, R., et al.: Segment-based injection attacks against collaborative filtering recommender systems. In: Fifth IEEE International Conference on Data Mining (ICDM’05). IEEE (2005)
Mobasher, B., Burke, R., Bhaumik, R., et al.: Toward trustworthy recommender systems: an analysis of attack models and algorithm robustness. ACM Trans. Internet Technol. (TOIT) 7, 23-es (2007)
Fang, M., Yang, G., Gong, N.Z., et al.: Poisoning attacks to graph-based recommender systems. In: Proceedings of the 34th Annual Computer Security Applications Conference, pp. 381–392 (2018)
Zhang, H., Li, Y., Ding, B., et al.: Practical data poisoning attack against next-item recommendation. In: Proceedings of The Web Conference 2020, pp. 2458–2464 (2020)
Mescheder, L., Geiger, A., Nowozin, S.: Which training methods for GANs do actually converge? In: International Conference on Machine Learning, PMLR, pp. 3481–3490 (2018)
Hong, Y., Hwang, U., Yoo, J., et al.: How generative adversarial networks and their variants work: an overview. ACM Comput. Surv. (CSUR) 52(1), 1–43 (2019)
He, X., Liao, L., Zhang, H., et al.: Neural collaborative filtering. In: Proceedings of the 26th International Conference on World Wide Web, pp. 173–182 (2017)
Xue, H.J., Dai, X., Zhang, J., et al.: Deep matrix factorization models for recommender systems. In: International Joint Conference on Artificial Intelligence, vol. 17, pp. 3203–3209 (2017)
Zhou, Q., Wu, J., Duan, L.: Recommendation attack detection based on deep learning. J. Inf. Secur. Appl. 52, 102493 (2020)
Li, W., Gao, M., Li, H., et al.: Shilling attack detection in recommender systems via selecting patterns analysis. IEICE Trans. Inf. Syst. 99(10), 2600–2611 (2016)
Acknowledgments
This study was supported by the National Key R&D Program of China (2018YFB1403602), Natural Science Foundation of Chongqing, China (cstc2020jcyj-msxmX0690), the Technological Innovation and Application Program of Chongqing (cstc2019jscx-mbdxX0008), the Fundamental Research Funds for the Central Universities of Chongqing University (2020CDJ-LHZZ-039), and the Overseas Returnees Innovation and Entrepreneurship Support Program of Chongqing (cx2020097).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Chao, M., Gao, M., Zhang, J., Wang, Z., Zhao, Q., He, Y. (2021). PATR: A Novel Poisoning Attack Based on Triangle Relations Against Deep Learning-Based Recommender Systems. In: Gao, H., Wang, X. (eds) Collaborative Computing: Networking, Applications and Worksharing. CollaborateCom 2021. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 407. Springer, Cham. https://doi.org/10.1007/978-3-030-92638-0_26
Download citation
DOI: https://doi.org/10.1007/978-3-030-92638-0_26
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-92637-3
Online ISBN: 978-3-030-92638-0
eBook Packages: Computer ScienceComputer Science (R0)