Robustness of Deep Recommendation Systems to Untargeted Interaction Perturbations

• URL: http://arxiv.org/abs/2201.12686v1
• Date: Sat, 29 Jan 2022 23:43:21 GMT
• Title: Robustness of Deep Recommendation Systems to Untargeted Interaction Perturbations
• Authors: Sejoon Oh, Srijan Kumar
• Abstract summary: We develop a novel framework in which user-item training interactions are perturbed in unintentional and adversarial settings. We show that four popular recommender models are unstable against even one random perturbation. We propose an adversarial perturbation method CASPER which identifies and perturbs an interaction that induces the maximal cascading effect.
• Score: 11.921365836430658
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: While deep learning-based sequential recommender systems are widely used in practice, their sensitivity to untargeted training data perturbations is unknown. Untargeted perturbations aim to modify ranked recommendation lists for all users at test time, by inserting imperceptible input perturbations during training time. Existing perturbation methods are mostly targeted attacks optimized to change ranks of target items, but not suitable for untargeted scenarios. In this paper, we develop a novel framework in which user-item training interactions are perturbed in unintentional and adversarial settings. First, through comprehensive experiments on four datasets, we show that four popular recommender models are unstable against even one random perturbation. Second, we establish a cascading effect in which minor manipulations of early training interactions can cause extensive changes to the model and the generated recommendations for all users. Leveraging this effect, we propose an adversarial perturbation method CASPER which identifies and perturbs an interaction that induces the maximal cascading effect. Experimentally, we demonstrate that CASPER reduces the stability of recommendation models the most, compared to several baselines and state-of-the-art methods. Finally, we show the runtime and success of CASPER scale near-linearly with the dataset size and the number of perturbations, respectively.

Related papers

• HiFIRec: Towards High-Frequency yet Low-Intention Behaviors for Multi-Behavior Recommendation [10.558247582357783]
  HiFIRec is a novel multi-behavior recommendation method.<n>It corrects the effect of high-frequency yet low-intention behaviors by differential behavior modeling.<n>Experiments on two benchmarks show that HiFIRec relatively improves HR@10 by 4.21%-6.81% over several state-of-the-art methods.
  arXiv  Detail & Related papers  (2025-09-30T04:20:45Z)
• Pre-training for Recommendation Unlearning [14.514770044236375]
  UnlearnRec is a model-agnostic pre-training paradigm that prepares systems for efficient unlearning operations.<n>Our method delivers exceptional unlearning effectiveness while providing more than 10x speedup compared to retraining approaches.
  arXiv  Detail & Related papers  (2025-05-28T17:57:11Z)
• Denoising Pre-Training and Customized Prompt Learning for Efficient Multi-Behavior Sequential Recommendation [69.60321475454843]
  We propose DPCPL, the first pre-training and prompt-tuning paradigm tailored for Multi-Behavior Sequential Recommendation. In the pre-training stage, we propose a novel Efficient Behavior Miner (EBM) to filter out the noise at multiple time scales. Subsequently, we propose to tune the pre-trained model in a highly efficient manner with the proposed Customized Prompt Learning (CPL) module.
  arXiv  Detail & Related papers  (2024-08-21T06:48:38Z)
• Behavior-Contextualized Item Preference Modeling for Multi-Behavior Recommendation [30.715182718492244]
  This paper introduces a novel approach, Behavior-Contextualized Item Preference Modeling (BCIPM) for multi-behavior recommendation. Our proposed Behavior-Contextualized Item Preference Network discerns and learns users' specific item preferences within each behavior. It then considers only those preferences relevant to the target behavior for final recommendations, significantly reducing noise from auxiliary behaviors.
  arXiv  Detail & Related papers  (2024-04-28T12:46:36Z)
• Towards More Robust and Accurate Sequential Recommendation with Cascade-guided Adversarial Training [54.56998723843911]
  Two properties unique to the nature of sequential recommendation models may impair their robustness. We propose Cascade-guided Adversarial training, a new adversarial training procedure that is specifically designed for sequential recommendation models.
  arXiv  Detail & Related papers  (2023-04-11T20:55:02Z)
• Rethinking Missing Data: Aleatoric Uncertainty-Aware Recommendation [59.500347564280204]
  We propose a new Aleatoric Uncertainty-aware Recommendation (AUR) framework. AUR consists of a new uncertainty estimator along with a normal recommender model. As the chance of mislabeling reflects the potential of a pair, AUR makes recommendations according to the uncertainty.
  arXiv  Detail & Related papers  (2022-09-22T04:32:51Z)
• Debiasing Learning for Membership Inference Attacks Against Recommender Systems [79.48353547307887]
  Learned recommender systems may inadvertently leak information about their training data, leading to privacy violations. We investigate privacy threats faced by recommender systems through the lens of membership inference. We propose a Debiasing Learning for Membership Inference Attacks against recommender systems (DL-MIA) framework that has four main components.
  arXiv  Detail & Related papers  (2022-06-24T17:57:34Z)
• Attribute-Guided Adversarial Training for Robustness to Natural Perturbations [64.35805267250682]
  We propose an adversarial training approach which learns to generate new samples so as to maximize exposure of the classifier to the attributes-space. Our approach enables deep neural networks to be robust against a wide range of naturally occurring perturbations.
  arXiv  Detail & Related papers  (2020-12-03T10:17:30Z)
• Asymptotic Behavior of Adversarial Training in Binary Classification [41.7567932118769]
  Adversarial training is considered to be the state-of-the-art method for defense against adversarial attacks. Despite being successful in practice, several problems in understanding performance of adversarial training remain open. We derive precise theoretical predictions for the minimization of adversarial training in binary classification.
  arXiv  Detail & Related papers  (2020-10-26T01:44:20Z)
• Learning to Generate Noise for Multi-Attack Robustness [126.23656251512762]
  Adversarial learning has emerged as one of the successful techniques to circumvent the susceptibility of existing methods against adversarial perturbations. In safety-critical applications, this makes these methods extraneous as the attacker can adopt diverse adversaries to deceive the system. We propose a novel meta-learning framework that explicitly learns to generate noise to improve the model's robustness against multiple types of attacks.
  arXiv  Detail & Related papers  (2020-06-22T10:44:05Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.