Attacking Recommender Systems with Augmented User Profiles
This addresses security vulnerabilities in recommender systems for online services, which is an incremental improvement over existing attack methods.
The paper tackles the problem of shilling attacks on recommender systems by introducing a novel Augmented Shilling Attack framework (AUSH) that uses Generative Adversarial Networks to tailor attacks based on budget and goals, and experimentally shows it is effective across a wide range of systems and virtually undetectable by state-of-the-art detection models.
Recommendation Systems (RS) have become an essential part of many online services. Due to its pivotal role in guiding customers towards purchasing, there is a natural motivation for unscrupulous parties to spoof RS for profits. In this paper, we study the shilling attack: a subsistent and profitable attack where an adversarial party injects a number of user profiles to promote or demote a target item. Conventional shilling attack models are based on simple heuristics that can be easily detected, or directly adopt adversarial attack methods without a special design for RS. Moreover, the study on the attack impact on deep learning based RS is missing in the literature, making the effects of shilling attack against real RS doubtful. We present a novel Augmented Shilling Attack framework (AUSH) and implement it with the idea of Generative Adversarial Network. AUSH is capable of tailoring attacks against RS according to budget and complex attack goals, such as targeting a specific user group. We experimentally show that the attack impact of AUSH is noticeable on a wide range of RS including both classic and modern deep learning based RS, while it is virtually undetectable by the state-of-the-art attack detection model.