Stealthy Attack on Large Language Model based Recommendation
This exposes a significant security gap in LLM-based recommendation systems, posing risks for platforms and users, and is incremental in highlighting a new vulnerability.
The paper reveals that LLM-based recommender systems are vulnerable to stealthy attacks where attackers can boost an item's exposure by subtly altering its textual content during testing, without affecting overall performance, as demonstrated across four mainstream models.
Recently, the powerful large language models (LLMs) have been instrumental in propelling the progress of recommender systems (RS). However, while these systems have flourished, their susceptibility to security threats has been largely overlooked. In this work, we reveal that the introduction of LLMs into recommendation models presents new security vulnerabilities due to their emphasis on the textual content of items. We demonstrate that attackers can significantly boost an item's exposure by merely altering its textual content during the testing phase, without requiring direct interference with the model's training process. Additionally, the attack is notably stealthy, as it does not affect the overall recommendation performance and the modifications to the text are subtle, making it difficult for users and platforms to detect. Our comprehensive experiments across four mainstream LLM-based recommendation models demonstrate the superior efficacy and stealthiness of our approach. Our work unveils a significant security gap in LLM-based recommendation systems and paves the way for future research on protecting these systems.