Data Poisoning Attacks on Factorization-Based Collaborative Filtering
This addresses a security problem for recommendation systems in e-commerce, highlighting vulnerabilities to adversarial manipulation, though it is incremental in focusing on specific factorization methods.
The paper tackles the vulnerability of factorization-based collaborative filtering systems to data poisoning attacks, demonstrating that an attacker with full knowledge can generate malicious data to compromise system integrity while evading detection, and presents efficient attack algorithms for two popular methods.
Recommendation and collaborative filtering systems are important in modern information and e-commerce applications. As these systems are becoming increasingly popular in the industry, their outputs could affect business decision making, introducing incentives for an adversarial party to compromise the availability or integrity of such systems. We introduce a data poisoning attack on collaborative filtering systems. We demonstrate how a powerful attacker with full knowledge of the learner can generate malicious data so as to maximize his/her malicious objectives, while at the same time mimicking normal user behavior to avoid being detected. While the complete knowledge assumption seems extreme, it enables a robust assessment of the vulnerability of collaborative filtering schemes to highly motivated attacks. We present efficient solutions for two popular factorization-based collaborative filtering algorithms: the \emph{alternative minimization} formulation and the \emph{nuclear norm minimization} method. Finally, we test the effectiveness of our proposed algorithms on real-world data and discuss potential defensive strategies.