Attacking Recommender Systems with Augmented User Profiles

TL;DR

This paper introduces AUSH, a generative adversarial network-based framework for sophisticated shilling attacks on recommendation systems, demonstrating its effectiveness and stealth against various RS, including deep learning models.

Contribution

The paper presents a novel AUSH framework that tailors attacks to specific goals and budgets, significantly advancing attack strategies against diverse recommendation systems.

Findings

AUSH effectively compromises both traditional and deep learning RS.

AUSH attacks are undetectable by current detection models.

The impact of AUSH is substantial across multiple RS types.

Abstract

Recommendation Systems (RS) have become an essential part of many online services. Due to its pivotal role in guiding customers towards purchasing, there is a natural motivation for unscrupulous parties to spoof RS for profits. In this paper, we study the shilling attack: a subsistent and profitable attack where an adversarial party injects a number of user profiles to promote or demote a target item. Conventional shilling attack models are based on simple heuristics that can be easily detected, or directly adopt adversarial attack methods without a special design for RS. Moreover, the study on the attack impact on deep learning based RS is missing in the literature, making the effects of shilling attack against real RS doubtful. We present a novel Augmented Shilling Attack framework (AUSH) and implement it with the idea of Generative Adversarial Network. AUSH is capable of tailoring attacks against RS according to budget and complex attack goals, such as targeting a specific user group. We experimentally show that the attack impact of AUSH is noticeable on a wide range of RS including both classic and modern deep learning based RS, while it is virtually undetectable by the state-of-the-art attack detection model.