SemanticShield: LLM-Powered Audits Expose Shilling Attacks in Recommender Systems
This addresses security vulnerabilities in e-commerce recommender systems for users and platforms, representing an incremental improvement by focusing on item-side features.
The paper tackles shilling attacks in recommender systems by proposing SemanticShield, a two-stage detection framework that integrates item-side semantics via LLMs, achieving effective detection against six attack strategies and showing strong generalization to unseen methods.
Recommender systems (RS) are widely used in e-commerce for personalized suggestions, yet their openness makes them susceptible to shilling attacks, where adversaries inject fake behaviors to manipulate recommendations. Most existing defenses emphasize user-side behaviors while overlooking item-side features such as titles and descriptions that can expose malicious intent. To address this gap, we propose a two-stage detection framework that integrates item-side semantics via large language models (LLMs). The first stage pre-screens suspicious users using low-cost behavioral criteria, and the second stage employs LLM-based auditing to evaluate semantic consistency. Furthermore, we enhance the auditing model through reinforcement fine-tuning on a lightweight LLM with carefully designed reward functions, yielding a specialized detector called SemanticShield. Experiments on six representative attack strategies demonstrate the effectiveness of SemanticShield against shilling attacks, and further evaluation on previously unseen attack methods shows its strong generalization capability. Code is available at https://github.com/FrankenstLee/SemanticShield.