Evaluating the Robustness of Conversational Recommender Systems by Adversarial Examples
This addresses the vulnerability of CRSs to malicious user inputs, which is crucial for ensuring reliable interactions in real-world applications, though it is incremental as it focuses on evaluation rather than proposing a new defense method.
The paper tackled the problem of evaluating the robustness of conversational recommender systems (CRSs) against adversarial attacks, and found that none of the three tested systems were robust or reliable when exposed to automatically generated adversarial examples.
Conversational recommender systems (CRSs) are improving rapidly, according to the standard recommendation accuracy metrics. However, it is essential to make sure that these systems are robust in interacting with users including regular and malicious users who want to attack the system by feeding the system modified input data. In this paper, we propose an adversarial evaluation scheme including four scenarios in two categories and automatically generate adversarial examples to evaluate the robustness of these systems in the face of different input data. By executing these adversarial examples we can compare the ability of different conversational recommender systems to satisfy the user's preferences. We evaluate three CRSs by the proposed adversarial examples on two datasets. Our results show that none of these systems are robust and reliable to the adversarial examples.