Assessing the Impact of a User-Item Collaborative Attack on Class of Users

TL;DR

This paper investigates how user-item targeted shilling attacks influence recommendation outcomes in collaborative filtering systems, considering user profile richness, attack size, and attack strategy effectiveness across datasets.

Contribution

It introduces a novel focus on user-item attack strategies and their differential impact based on user profile types in CF models, expanding understanding of attack dynamics.

Findings

Warm and cold users respond differently to attacks.

Attack effectiveness varies with user profile richness.

Dataset characteristics influence attack success.

Abstract

Collaborative Filtering (CF) models lie at the core of most recommendation systems due to their state-of-the-art accuracy. They are commonly adopted in e-commerce and online services for their impact on sales volume and/or diversity, and their impact on companies' outcome. However, CF models are only as good as the interaction data they work with. As these models rely on outside sources of information, counterfeit data such as user ratings or reviews can be injected by attackers to manipulate the underlying data and alter the impact of resulting recommendations, thus implementing a so-called shilling attack. While previous works have focused on evaluating shilling attack strategies from a global perspective paying particular attention to the effect of the size of attacks and attacker's knowledge, in this work we explore the effectiveness of shilling attacks under novel aspects. First, we investigate the effect of attack strategies crafted on a target user in order to push the recommendation of a low-ranking item to a higher position, referred to as user-item attack. Second, we evaluate the effectiveness of attacks in altering the impact of different CF models by contemplating the class of the target user, from the perspective of the richness of her profile (i.e., cold v.s. warm user). Finally, similar to previous work we contemplate the size of attack (i.e., the amount of fake profiles injected) in examining their success. The results of experiments on two widely used datasets in business and movie domains, namely Yelp and MovieLens, suggest that warm and cold users exhibit contrasting behaviors in datasets with different characteristics.