Review-Incorporated Model-Agnostic Profile Injection Attacks on Recommender Systems
This addresses security risks in recommender systems for users and platforms, but it is an incremental improvement on existing attack methods.
The paper tackles the vulnerability of recommender systems to data poisoning by developing R-Trojan, an attack method that uses textual reviews to generate fake user profiles, achieving high transferability and imperceptibility while outperforming state-of-the-art methods in black-box settings.
Recent studies have shown that recommender systems (RSs) are highly vulnerable to data poisoning attacks. Understanding attack tactics helps improve the robustness of RSs. We intend to develop efficient attack methods that use limited resources to generate high-quality fake user profiles to achieve 1) transferability among black-box RSs 2) and imperceptibility among detectors. In order to achieve these goals, we introduce textual reviews of products to enhance the generation quality of the profiles. Specifically, we propose a novel attack framework named R-Trojan, which formulates the attack objectives as an optimization problem and adopts a tailored transformer-based generative adversarial network (GAN) to solve it so that high-quality attack profiles can be produced. Comprehensive experiments on real-world datasets demonstrate that R-Trojan greatly outperforms state-of-the-art attack methods on various victim RSs under black-box settings and show its good imperceptibility.