Adversarial Attacks and Detection on Reinforcement Learning-Based Interactive Recommender Systems

TL;DR

This paper introduces an attack-agnostic detection method for reinforcement learning-based interactive recommender systems, demonstrating its effectiveness against diverse adversarial attacks through extensive experiments.

Contribution

It proposes a deep learning-based classifier for early detection of adversarial attacks, capable of generalizing across multiple attack crafting methods in recommender systems.

Findings

Most adversarial attacks are highly effective.

Attack strength and frequency significantly influence attack success.

Strategically-timed attacks can match continuous attacks with fewer attempts.

Abstract

Adversarial attacks pose significant challenges for detecting adversarial attacks at an early stage. We propose attack-agnostic detection on reinforcement learning-based interactive recommendation systems. We first craft adversarial examples to show their diverse distributions and then augment recommendation systems by detecting potential attacks with a deep learning-based classifier based on the crafted data. Finally, we study the attack strength and frequency of adversarial examples and evaluate our model on standard datasets with multiple crafting methods. Our extensive experiments show that most adversarial attacks are effective, and both attack strength and attack frequency impact the attack performance. The strategically-timed attack achieves comparative attack performance with only 1/3 to 1/2 attack frequency. Besides, our black-box detector trained with one crafting method has the generalization ability over several crafting methods.