A survey on Adversarial Recommender Systems: from Attack/Defense strategies to Generative Adversarial Networks

TL;DR

This survey reviews recent advances in adversarial machine learning for recommender systems, highlighting attack and defense strategies, and explores the application of generative adversarial networks (GANs) in improving generative models.

Contribution

It provides an exhaustive literature review of 74 articles on adversarial attacks, defenses, and GAN applications in recommender systems, serving as a comprehensive reference.

Findings

Adversarial attacks can significantly degrade recommendation accuracy.

Defense strategies are evolving to counteract adversarial perturbations.

GANs are effectively used to enhance generative models in recommender systems.

Abstract

Latent-factor models (LFM) based on collaborative filtering (CF), such as matrix factorization (MF) and deep CF methods, are widely used in modern recommender systems (RS) due to their excellent performance and recommendation accuracy. However, success has been accompanied with a major new arising challenge: many applications of machine learning (ML) are adversarial in nature. In recent years, it has been shown that these methods are vulnerable to adversarial examples, i.e., subtle but non-random perturbations designed to force recommendation models to produce erroneous outputs. The goal of this survey is two-fold: (i) to present recent advances on adversarial machine learning (AML) for the security of RS (i.e., attacking and defense recommendation models), (ii) to show another successful application of AML in generative adversarial networks (GANs) for generative applications, thanks to their ability for learning (high-dimensional) data distributions. In this survey, we provide an exhaustive literature review of 74 articles published in major RS and ML journals and conferences. This review serves as a reference for the RS community, working on the security of RS or on generative models using GANs to improve their quality.