Adversarial Attacks on Online Learning to Rank with Stochastic Click Models
This addresses security vulnerabilities in online ranking systems, which is an incremental contribution to adversarial machine learning in information retrieval.
The paper tackles adversarial attacks on online learning to rank by proposing generalized list poisoning and click poisoning strategies to misguide algorithms into placing a target item at the top of rankings, with theoretical analysis and experimental validation showing effectiveness and cost-efficiency.
We propose the first study of adversarial attacks on online learning to rank. The goal of the adversary is to misguide the online learning to rank algorithm to place the target item on top of the ranking list linear times to time horizon $T$ with a sublinear attack cost. We propose generalized list poisoning attacks that perturb the ranking list presented to the user. This strategy can efficiently attack any no-regret ranker in general stochastic click models. Furthermore, we propose a click poisoning-based strategy named attack-then-quit that can efficiently attack two representative OLTR algorithms for stochastic click models. We theoretically analyze the success and cost upper bound of the two proposed methods. Experimental results based on synthetic and real-world data further validate the effectiveness and cost-efficiency of the proposed attack strategies.