Defending a Music Recommender Against Hubness-Based Adversarial Attacks

TL;DR

This paper introduces a defense mechanism using Mutual Proximity to protect music recommenders from hubness-based adversarial attacks, significantly reducing attack success rates and maintaining audio quality.

Contribution

The paper proposes a novel defense method employing Mutual Proximity to enhance robustness of recommenders against high-dimensional hubness attacks.

Findings

Attack success rate drops from 44% to less than 6% after applying the defense.

Defended system shows decreased vulnerability to various attack strategies.

Adversarial examples become less effective and lower audio quality is observed.

Abstract

Adversarial attacks can drastically degrade performance of recommenders and other machine learning systems, resulting in an increased demand for defence mechanisms. We present a new line of defence against attacks which exploit a vulnerability of recommenders that operate in high dimensional data spaces (the so-called hubness problem). We use a global data scaling method, namely Mutual Proximity (MP), to defend a real-world music recommender which previously was susceptible to attacks that inflated the number of times a particular song was recommended. We find that using MP as a defence greatly increases robustness of the recommender against a range of attacks, with success rates of attacks around 44% (before defence) dropping to less than 6% (after defence). Additionally, adversarial examples still able to fool the defended system do so at the price of noticeably lower audio quality as shown by a decreased average SNR.