Data poisoning attacks on neighborhood‐based recommender systems

Citations Over TimeTop 10% of 2020 papers

Abstract

Abstract Nowadays, collaborative filtering recommender systems have been widely deployed in many commercial companies to make profit. Neighborhood‐based collaborative filtering (CF) is common and effective. To date, despite its effectiveness, there has been little effort to explore their robustness and the impact of data poisoning attacks on their performance. Can the neighborhood‐based recommender systems be easily fooled? To this end, we shed light on the robustness of neighborhood‐based recommender systems and propose a novel data poisoning attack framework, encoding the purpose of attack and constraint against them. We first illustrate how to calculate the optimal data poisoning attack, namely, UNAttack. We inject a few well‐designed fake users into the recommender systems such that target items will be recommended to as many normal users as possible. Extensive experiments are conducted on three real‐world datasets to validate the effectiveness and the transferability of our proposed method. In addition, some interesting phenomena can be found. For example, (i) neighborhood‐based recommender systems with Euclidean distance‐based similarity have strong robustness and (ii) the fake users can be transferred to attack the state‐of‐the‐art CF recommender systems such as neural CF and Bayesian personalized ranking matrix factorization.

Related Papers

• → Design of Garment Style Recommendation System Based on Interactive Genetic Algorithm(2022)8 cited
• → Weighted hybrid technique for recommender system(2017)18 cited
• → Comparing Pre-filtering and Post-filtering Approach in a Collaborative Contextual Recommender System: An Application to E-Commerce(2009)13 cited
• → Facebook Based Choice Filtering(2017)5 cited
• A Comparison of Collaborative Filtering-based Recommender Systems(2018)