Practical Cross-System Shilling Attacks with Limited Access to Data

TL;DR

This paper introduces PC-Attack, a practical cross-system shilling attack method that effectively promotes or demotes items in recommender systems with limited data access, outperforming existing approaches.

Contribution

The paper proposes a novel PC-Attack framework that requires minimal information and leverages self-supervised learning on public data, advancing practical shilling attack techniques.

Findings

PC-Attack outperforms state-of-the-art baselines in experiments.

It requires limited access to victim system data.

The method effectively captures graph topology for attack success.

Abstract

In shilling attacks, an adversarial party injects a few fake user profiles into a Recommender System (RS) so that the target item can be promoted or demoted. Although much effort has been devoted to developing shilling attack methods, we find that existing approaches are still far from practical. In this paper, we analyze the properties a practical shilling attack method should have and propose a new concept of Cross-system Attack. With the idea of Cross-system Attack, we design a Practical Cross-system Shilling Attack (PC-Attack) framework that requires little information about the victim RS model and the target RS data for conducting attacks. PC-Attack is trained to capture graph topology knowledge from public RS data in a self-supervised manner. Then, it is fine-tuned on a small portion of target data that is easy to access to construct fake profiles. Extensive experiments have demonstrated the superiority of PC-Attack over state-of-the-art baselines. Our implementation of PC-Attack is available at https://github.com/KDEGroup/PC-Attack.