Related papers: Shilling Recommender Systems by Generating Side-feature-aware Fake User Profiles

Shilling Recommender Systems by Generating Side-feature-aware Fake User Profiles

URL: http://arxiv.org/abs/2509.17918v5
Date: Thu, 30 Oct 2025 06:29:37 GMT
Title: Shilling Recommender Systems by Generating Side-feature-aware Fake User Profiles
Authors: Yuanrong Wang, Yingpeng Du,
Abstract summary: We extend the Leg-UP framework to incorporate side features, enabling the generation of side-feature-aware fake user profiles.<n> Experiments on benchmarks show that our method achieves strong attack performance while maintaining stealthiness.
Score: 6.556612769295069
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: Recommender systems (RS) greatly influence users' consumption decisions, making them attractive targets for malicious shilling attacks that inject fake user profiles to manipulate recommendations. Existing shilling methods can generate effective and stealthy fake profiles when training data only contain rating matrix, but they lack comprehensive solutions for scenarios where side features are present and utilized by the recommender. To address this gap, we extend the Leg-UP framework by enhancing the generator architecture to incorporate side features, enabling the generation of side-feature-aware fake user profiles. Experiments on benchmarks show that our method achieves strong attack performance while maintaining stealthiness.

Related papers

ReasAlign: Reasoning Enhanced Safety Alignment against Prompt Injection Attack [52.17935054046577]
We present ReasAlign, a model-level solution to improve safety alignment against indirect prompt injection attacks.<n>ReasAlign incorporates structured reasoning steps to analyze user queries, detect conflicting instructions, and preserve the continuity of the user's intended tasks.
arXiv Detail & Related papers (2026-01-15T08:23:38Z)
Retrieval-Augmented Review Generation for Poisoning Recommender Systems [20.765216208845843]
We propose a novel practical attack framework named RAGAN to generate high-quality fake user profiles.<n> RAGAN achieves the state-of-the-art poisoning attack performance.
arXiv Detail & Related papers (2025-08-21T05:25:22Z)
Improving the Shortest Plank: Vulnerability-Aware Adversarial Training for Robust Recommender System [60.719158008403376]
Vulnerability-aware Adversarial Training (VAT) is designed to defend against poisoning attacks in recommender systems. VAT employs a novel vulnerability-aware function to estimate users' vulnerability based on the degree to which the system fits them.
arXiv Detail & Related papers (2024-09-26T02:24:03Z)
Prompt Tuning as User Inherent Profile Inference Machine [53.78398656789463]
We propose UserIP-Tuning, which uses prompt-tuning to infer user profiles. A profile quantization codebook bridges the modality gap by profile embeddings into collaborative IDs. Experiments on four public datasets show that UserIP-Tuning outperforms state-of-the-art recommendation algorithms.
arXiv Detail & Related papers (2024-08-13T02:25:46Z)
Advancing Recommender Systems by mitigating Shilling attacks [0.0]
Collaborative filtering is a widely used method for computing recommendations due to its good performance. This paper proposes an algorithm to detect such shilling profiles in the system accurately and also study the effects of such profiles on the recommendations.
arXiv Detail & Related papers (2024-04-24T20:05:39Z)
Poisoning Federated Recommender Systems with Fake Users [48.70867241987739]
Federated recommendation is a prominent use case within federated learning, yet it remains susceptible to various attacks. We introduce a novel fake user based poisoning attack named PoisonFRS to promote the attacker-chosen targeted item. Experiments on multiple real-world datasets demonstrate that PoisonFRS can effectively promote the attacker-chosen item to a large portion of genuine users.
arXiv Detail & Related papers (2024-02-18T16:34:12Z)
On Generative Agents in Recommendation [58.42840923200071]
Agent4Rec is a user simulator in recommendation based on Large Language Models. Each agent interacts with personalized recommender models in a page-by-page manner.
arXiv Detail & Related papers (2023-10-16T06:41:16Z)
PORE: Provably Robust Recommender Systems against Data Poisoning Attacks [58.26750515059222]
We propose PORE, the first framework to build provably robust recommender systems. PORE can transform any existing recommender system to be provably robust against untargeted data poisoning attacks. We prove that PORE still recommends at least $r$ of the $N$ items to the user under any data poisoning attack, where $r$ is a function of the number of fake users in the attack.
arXiv Detail & Related papers (2023-03-26T01:38:11Z)
Shilling Black-box Recommender Systems by Learning to Generate Fake User Profiles [14.437087775166876]
We present Leg-UP, a novel attack model based on the Generative Adversarial Network. Leg-UP learns user behavior patterns from real users in the sampled templates'' and constructs fake user profiles. Experiments on benchmarks have shown that Leg-UP exceeds state-of-the-art Shilling Attack methods on a wide range of victim RS models.
arXiv Detail & Related papers (2022-06-23T00:40:19Z)
Attacking Black-box Recommendations via Copying Cross-domain User Profiles [47.48722020494725]
We present our framework that harnesses real users from a source domain by copying their profiles into the target domain with the goal of promoting a subset of items. CopyAttack's goal is to maximize the hit ratio of the targeted items in the Top-$k$ recommendation list of the users in the target domain.
arXiv Detail & Related papers (2020-05-17T02:10:38Z)
Influence Function based Data Poisoning Attacks to Top-N Recommender Systems [43.14766256772]
An attacker can trick a recommender system to recommend a target item to as many normal users as possible. We develop a data poisoning attack to solve this problem. Our results show that our attacks are effective and outperform existing methods.
arXiv Detail & Related papers (2020-02-19T06:41:51Z)

This list is automatically generated from the titles and abstracts of the papers in this site.