Influence Function based Data Poisoning Attacks to Top-N Recommender
Systems
- URL: http://arxiv.org/abs/2002.08025v3
- Date: Sun, 31 May 2020 21:24:05 GMT
- Title: Influence Function based Data Poisoning Attacks to Top-N Recommender
Systems
- Authors: Minghong Fang, Neil Zhenqiang Gong, Jia Liu
- Abstract summary: An attacker can trick a recommender system to recommend a target item to as many normal users as possible.
We develop a data poisoning attack to solve this problem.
Our results show that our attacks are effective and outperform existing methods.
- Score: 43.14766256772
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Recommender system is an essential component of web services to engage users.
Popular recommender systems model user preferences and item properties using a
large amount of crowdsourced user-item interaction data, e.g., rating scores;
then top-$N$ items that match the best with a user's preference are recommended
to the user. In this work, we show that an attacker can launch a data poisoning
attack to a recommender system to make recommendations as the attacker desires
via injecting fake users with carefully crafted user-item interaction data.
Specifically, an attacker can trick a recommender system to recommend a target
item to as many normal users as possible. We focus on matrix factorization
based recommender systems because they have been widely deployed in industry.
Given the number of fake users the attacker can inject, we formulate the
crafting of rating scores for the fake users as an optimization problem.
However, this optimization problem is challenging to solve as it is a
non-convex integer programming problem. To address the challenge, we develop
several techniques to approximately solve the optimization problem. For
instance, we leverage influence function to select a subset of normal users who
are influential to the recommendations and solve our formulated optimization
problem based on these influential users. Our results show that our attacks are
effective and outperform existing methods.
Related papers
- The MovieLens Beliefs Dataset: Collecting Pre-Choice Data for Online Recommender Systems [0.0]
This paper introduces a method for collecting user beliefs about unexperienced items - a critical predictor of choice behavior.
We implement this method on the MovieLens platform, resulting in a rich dataset that combines user ratings, beliefs, and observed recommendations.
arXiv Detail & Related papers (2024-05-17T19:06:06Z) - Poisoning Federated Recommender Systems with Fake Users [48.70867241987739]
Federated recommendation is a prominent use case within federated learning, yet it remains susceptible to various attacks.
We introduce a novel fake user based poisoning attack named PoisonFRS to promote the attacker-chosen targeted item.
Experiments on multiple real-world datasets demonstrate that PoisonFRS can effectively promote the attacker-chosen item to a large portion of genuine users.
arXiv Detail & Related papers (2024-02-18T16:34:12Z) - PORE: Provably Robust Recommender Systems against Data Poisoning Attacks [58.26750515059222]
We propose PORE, the first framework to build provably robust recommender systems.
PORE can transform any existing recommender system to be provably robust against untargeted data poisoning attacks.
We prove that PORE still recommends at least $r$ of the $N$ items to the user under any data poisoning attack, where $r$ is a function of the number of fake users in the attack.
arXiv Detail & Related papers (2023-03-26T01:38:11Z) - Eliciting User Preferences for Personalized Multi-Objective Decision
Making through Comparative Feedback [76.7007545844273]
We propose a multi-objective decision making framework that accommodates different user preferences over objectives.
Our model consists of a Markov decision process with a vector-valued reward function, with each user having an unknown preference vector.
We suggest an algorithm that finds a nearly optimal policy for the user using a small number of comparison queries.
arXiv Detail & Related papers (2023-02-07T23:58:19Z) - Recommendation with User Active Disclosing Willingness [20.306413327597603]
We study a novel recommendation paradigm, where the users are allowed to indicate their "willingness" on disclosing different behaviors.
We conduct extensive experiments to demonstrate the effectiveness of our model on balancing the recommendation quality and user disclosing willingness.
arXiv Detail & Related papers (2022-10-25T04:43:40Z) - PipAttack: Poisoning Federated Recommender Systems forManipulating Item
Promotion [58.870444954499014]
A common practice is to subsume recommender systems under the decentralized federated learning paradigm.
We present a systematic approach to backdooring federated recommender systems for targeted item promotion.
arXiv Detail & Related papers (2021-10-21T06:48:35Z) - Membership Inference Attacks Against Recommender Systems [33.66394989281801]
We make the first attempt on quantifying the privacy leakage of recommender systems through the lens of membership inference.
Our attack is on the user-level but not on the data sample-level.
A shadow recommender is established to derive the labeled training data for training the attack model.
arXiv Detail & Related papers (2021-09-16T15:19:19Z) - Data Poisoning Attacks to Deep Learning Based Recommender Systems [26.743631067729677]
We conduct first systematic study of data poisoning attacks against deep learning based recommender systems.
An attacker's goal is to manipulate a recommender system such that the attacker-chosen target items are recommended to many users.
To achieve this goal, our attack injects fake users with carefully crafted ratings to a recommender system.
arXiv Detail & Related papers (2021-01-07T17:32:56Z) - MetaSelector: Meta-Learning for Recommendation with User-Level Adaptive
Model Selection [110.87712780017819]
We propose a meta-learning framework to facilitate user-level adaptive model selection in recommender systems.
We conduct experiments on two public datasets and a real-world production dataset.
arXiv Detail & Related papers (2020-01-22T16:05:01Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.