Adversarial Text Rewriting for Text-aware Recommender Systems
- URL: http://arxiv.org/abs/2408.00312v1
- Date: Thu, 1 Aug 2024 06:14:42 GMT
- Title: Adversarial Text Rewriting for Text-aware Recommender Systems
- Authors: Sejoon Oh, Gaurav Verma, Srijan Kumar,
- Abstract summary: We argue that the dependency on item descriptions makes the recommender system vulnerable to manipulation by adversarial sellers on e-commerce platforms.
We propose a new text rewriting framework to attack text-aware recommender systems.
We show that the rewriting attack can be exploited by sellers to unfairly uprank their products, even though the adversarially rewritten descriptions are perceived as realistic by human evaluators.
- Score: 21.73809272703814
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Text-aware recommender systems incorporate rich textual features, such as titles and descriptions, to generate item recommendations for users. The use of textual features helps mitigate cold-start problems, and thus, such recommender systems have attracted increased attention. However, we argue that the dependency on item descriptions makes the recommender system vulnerable to manipulation by adversarial sellers on e-commerce platforms. In this paper, we explore the possibility of such manipulation by proposing a new text rewriting framework to attack text-aware recommender systems. We show that the rewriting attack can be exploited by sellers to unfairly uprank their products, even though the adversarially rewritten descriptions are perceived as realistic by human evaluators. Methodologically, we investigate two different variations to carry out text rewriting attacks: (1) two-phase fine-tuning for greater attack performance, and (2) in-context learning for higher text rewriting quality. Experiments spanning 3 different datasets and 4 existing approaches demonstrate that recommender systems exhibit vulnerability against the proposed text rewriting attack. Our work adds to the existing literature around the robustness of recommender systems, while highlighting a new dimension of vulnerability in the age of large-scale automated text generation.
Related papers
- LLM-Powered Text Simulation Attack Against ID-Free Recommender Systems [42.07327538740209]
This study uncovers that ID-free recommender systems are vulnerable to the proposed Text Simulation attack (TextSimu)
As a novel type of text poisoning attack, TextSimu exploits large language models (LLM) to alter the textual information of target items by simulating the characteristics of popular items.
To withstand TextSimu-like attacks, we explore the detection approach for identifying LLM-generated promotional text.
arXiv Detail & Related papers (2024-09-18T04:10:44Z) - On Evaluating The Performance of Watermarked Machine-Generated Texts Under Adversarial Attacks [20.972194348901958]
We first comb the mainstream watermarking schemes and removal attacks on machine-generated texts.
We evaluate eight watermarks (five pre-text, three post-text) and twelve attacks (two pre-text, ten post-text) across 87 scenarios.
Results indicate that KGW and Exponential watermarks offer high text quality and watermark retention but remain vulnerable to most attacks.
arXiv Detail & Related papers (2024-07-05T18:09:06Z) - Improving Subject-Driven Image Synthesis with Subject-Agnostic Guidance [62.15866177242207]
We show that through constructing a subject-agnostic condition, one could obtain outputs consistent with both the given subject and input text prompts.
Our approach is conceptually simple and requires only minimal code modifications, but leads to substantial quality improvements.
arXiv Detail & Related papers (2024-05-02T15:03:41Z) - Understanding and Mitigating the Threat of Vec2Text to Dense Retrieval Systems [28.175920880194223]
We investigate factors related to embedding models that may impact text recoverability via Vec2Text.
We propose a simple embedding transformation fix that guarantees equal ranking effectiveness while mitigating the recoverability risk.
arXiv Detail & Related papers (2024-02-20T07:49:30Z) - ESTextSpotter: Towards Better Scene Text Spotting with Explicit Synergy
in Transformer [88.61312640540902]
We introduce Explicit Synergy-based Text Spotting Transformer framework (ESTextSpotter)
Our model achieves explicit synergy by modeling discriminative and interactive features for text detection and recognition within a single decoder.
Experimental results demonstrate that our model significantly outperforms previous state-of-the-art methods.
arXiv Detail & Related papers (2023-08-20T03:22:23Z) - Verifying the Robustness of Automatic Credibility Assessment [50.55687778699995]
We show that meaning-preserving changes in input text can mislead the models.
We also introduce BODEGA: a benchmark for testing both victim models and attack methods on misinformation detection tasks.
Our experimental results show that modern large language models are often more vulnerable to attacks than previous, smaller solutions.
arXiv Detail & Related papers (2023-03-14T16:11:47Z) - Mitigating Human and Computer Opinion Fraud via Contrastive Learning [0.0]
We introduce the novel approach towards fake text reviews detection in collaborative filtering recommender systems.
The existing algorithms concentrate on detecting the fake reviews, generated by language models and ignore the texts, written by dishonest users.
We propose the contrastive learning-based architecture, which utilizes the user demographic characteristics, along with the text reviews, as the additional evidence against fakes.
arXiv Detail & Related papers (2023-01-08T12:02:28Z) - R2D2: Robust Data-to-Text with Replacement Detection [16.53137103104244]
We introduce R2D2, a training framework that addresses unfaithful Data-to-Text generation.
We argue that the poor entity retrieval capability of D2T systems is one of the primary sources of unfaithfulness.
Our experimental results show that R2D2 systems could effectively mitigate the unfaithful text generation.
arXiv Detail & Related papers (2022-05-25T03:29:25Z) - SmartPatch: Improving Handwritten Word Imitation with Patch
Discriminators [67.54204685189255]
We propose SmartPatch, a new technique increasing the performance of current state-of-the-art methods.
We combine the well-known patch loss with information gathered from the parallel trained handwritten text recognition system.
This leads to a more enhanced local discriminator and results in more realistic and higher-quality generated handwritten words.
arXiv Detail & Related papers (2021-05-21T18:34:21Z) - MOST: A Multi-Oriented Scene Text Detector with Localization Refinement [67.35280008722255]
We propose a new algorithm for scene text detection, which puts forward a set of strategies to significantly improve the quality of text localization.
Specifically, a Text Feature Alignment Module (TFAM) is proposed to dynamically adjust the receptive fields of features.
A Position-Aware Non-Maximum Suppression (PA-NMS) module is devised to exclude unreliable ones.
arXiv Detail & Related papers (2021-04-02T14:34:41Z) - Conditioned Text Generation with Transfer for Closed-Domain Dialogue
Systems [65.48663492703557]
We show how to optimally train and control the generation of intent-specific sentences using a conditional variational autoencoder.
We introduce a new protocol called query transfer that allows to leverage a large unlabelled dataset.
arXiv Detail & Related papers (2020-11-03T14:06:10Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.