Towards Adversarially Robust Recommendation from Adaptive Fraudster Detection

TL;DR

This paper identifies vulnerabilities in GNN-based recommender systems to poisoning attacks and proposes PDR, an adaptive fraudster detection framework that enhances robustness by considering label uncertainty.

Contribution

It introduces PDR, a novel adaptive fraudster detection module that improves recommendation system robustness against poisoning attacks by explicitly handling label uncertainty.

Findings

PDR outperforms benchmark methods under attack scenarios.

GraphRfi remains vulnerable due to supervised fraudster detection.

The adaptive detection module effectively mitigates poisoning attacks.

Abstract

The robustness of recommender systems under node injection attacks has garnered significant attention. Recently, GraphRfi, a GNN-based recommender system, was proposed and shown to effectively mitigate the impact of injected fake users. However, we demonstrate that GraphRfi remains vulnerable to attacks due to the supervised nature of its fraudster detection component, where obtaining clean labels is challenging in practice. In particular, we propose a powerful poisoning attack, MetaC, against both GNN-based and MF-based recommender systems. Furthermore, we analyze why GraphRfi fails under such an attack. Then, based on our insights obtained from vulnerability analysis, we design an adaptive fraudster detection module that explicitly considers label uncertainty. This module can serve as a plug-in for different recommender systems, resulting in a robust framework named PDR. Comprehensive experiments show that our defense approach outperforms other benchmark methods under attacks. Overall, our research presents an effective framework for integrating fraudster detection into recommendation systems to achieve adversarial robustness.