A Black-Box Attack Model for Visually-Aware Recommender Systems

• URL: http://arxiv.org/abs/2011.02701v1
• Date: Thu, 5 Nov 2020 08:43:12 GMT
• Title: A Black-Box Attack Model for Visually-Aware Recommender Systems
• Authors: Rami Cohen, Oren Sar Shalom, Dietmar Jannach and Amihood Amir
• Abstract summary: Visually-aware recommender systems (RS) have recently attracted increased research interest. In this work, we show that relying on external sources can make an RS vulnerable to attacks. We show how a new visual attack model can effectively influence the item scores and rankings in a black-box approach.
• Score: 7.226144684379191
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Due to the advances in deep learning, visually-aware recommender systems (RS) have recently attracted increased research interest. Such systems combine collaborative signals with images, usually represented as feature vectors outputted by pre-trained image models. Since item catalogs can be huge, recommendation service providers often rely on images that are supplied by the item providers. In this work, we show that relying on such external sources can make an RS vulnerable to attacks, where the goal of the attacker is to unfairly promote certain pushed items. Specifically, we demonstrate how a new visual attack model can effectively influence the item scores and rankings in a black-box approach, i.e., without knowing the parameters of the model. The main underlying idea is to systematically create small human-imperceptible perturbations of the pushed item image and to devise appropriate gradient approximation methods to incrementally raise the pushed item's score. Experimental evaluations on two datasets show that the novel attack model is effective even when the contribution of the visual features to the overall performance of the recommender system is modest.

Related papers

• Positive-Unlabelled Learning for Improving Image-based Recommender System Explainability [2.9748898344267785]
  This work proposes a new explainer training pipeline by leveraging Positive-Unlabelled (PU) Learning techniques. Experiments show this PU-based approach outperforms the state-of-the-art non-PU method in six popular real-world datasets.
  arXiv  Detail & Related papers  (2024-07-09T10:40:31Z)
• Beyond Thumbs Up/Down: Untangling Challenges of Fine-Grained Feedback for Text-to-Image Generation [67.88747330066049]
  Fine-grained feedback captures nuanced distinctions in image quality and prompt-alignment. We show that demonstrating its superiority to coarse-grained feedback is not automatic. We identify key challenges in eliciting and utilizing fine-grained feedback.
  arXiv  Detail & Related papers  (2024-06-24T17:19:34Z)
• Making Recommender Systems More Knowledgeable: A Framework to Incorporate Side Information [5.033504076393256]
  We propose a general framework for incorporating item-specific side information into the recommender system to enhance its performance. We show that with side information, our recommender system outperforms state-of-the-art models by a considerable margin. We also propose a new type of loss to regularize the attention mechanism used by recommender systems and evaluate its influence on model performance.
  arXiv  Detail & Related papers  (2024-06-02T04:33:52Z)
• Model Stealing Attack against Recommender System [85.1927483219819]
  Some adversarial attacks have achieved model stealing attacks against recommender systems. In this paper, we constrain the volume of available target data and queries and utilize auxiliary data, which shares the item set with the target data, to promote model stealing attacks.
  arXiv  Detail & Related papers  (2023-12-18T05:28:02Z)
• A Model-Agnostic Framework for Recommendation via Interest-aware Item Embeddings [4.989653738257287]
  Interest-aware Capsule network (IaCN) is a model-agnostic framework that directly learns interest-oriented item representations. IaCN serves as an auxiliary task, enabling the joint learning of both item-based and interest-based representations. We evaluate the proposed approach on benchmark datasets, exploring various scenarios involving different deep neural networks.
  arXiv  Detail & Related papers  (2023-08-17T22:40:59Z)
• Enhancement by Your Aesthetic: An Intelligible Unsupervised Personalized Enhancer for Low-Light Images [67.14410374622699]
  We propose an intelligible unsupervised personalized enhancer (iUPEnhancer) for low-light images. The proposed iUP-Enhancer is trained with the guidance of these correlations and the corresponding unsupervised loss functions. Experiments demonstrate that the proposed algorithm produces competitive qualitative and quantitative results.
  arXiv  Detail & Related papers  (2022-07-15T07:16:10Z)
• Reinforcement Learning based Path Exploration for Sequential Explainable Recommendation [57.67616822888859]
  We propose a novel Temporal Meta-path Guided Explainable Recommendation leveraging Reinforcement Learning (TMER-RL) TMER-RL utilizes reinforcement item-item path modelling between consecutive items with attention mechanisms to sequentially model dynamic user-item evolutions on dynamic knowledge graph for explainable recommendation. Extensive evaluations of TMER on two real-world datasets show state-of-the-art performance compared against recent strong baselines.
  arXiv  Detail & Related papers  (2021-11-24T04:34:26Z)
• PipAttack: Poisoning Federated Recommender Systems forManipulating Item Promotion [58.870444954499014]
  A common practice is to subsume recommender systems under the decentralized federated learning paradigm. We present a systematic approach to backdooring federated recommender systems for targeted item promotion.
  arXiv  Detail & Related papers  (2021-10-21T06:48:35Z)
• Self-Supervised Reinforcement Learning for Recommender Systems [77.38665506495553]
  We propose self-supervised reinforcement learning for sequential recommendation tasks. Our approach augments standard recommendation models with two output layers: one for self-supervised learning and the other for RL. Based on such an approach, we propose two frameworks namely Self-Supervised Q-learning(SQN) and Self-Supervised Actor-Critic(SAC)
  arXiv  Detail & Related papers  (2020-06-10T11:18:57Z)
• Adversarial Item Promotion: Vulnerabilities at the Core of Top-N Recommenders that Use Images to Address Cold Start [3.640517671681518]
  We show how unscrupulous merchants can create item images that artificially promote their products, improving their rankings. We describe a new type of attack, Adversarial Item Promotion (AIP), that strikes directly at the core of Top-N recommenders. We show that using images to address cold start opens recommender systems to potential threats with clear practical implications.
  arXiv  Detail & Related papers  (2020-06-02T19:12:13Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.