Adversarial Attacks on Online Learning to Rank with Stochastic Click Models

TL;DR

This paper introduces novel adversarial attack strategies on online learning to rank systems, demonstrating their effectiveness and efficiency through theoretical analysis and experiments on synthetic and real data.

Contribution

It presents the first study of adversarial attacks on OLTR, proposing list poisoning and click poisoning strategies with theoretical guarantees.

Findings

Attacks can successfully mislead OLTR algorithms to rank target items on top.

Proposed methods are theoretically sound with bounded success and cost.

Experimental results confirm the effectiveness and efficiency of the attacks.

Abstract

We propose the first study of adversarial attacks on online learning to rank. The goal of the adversary is to misguide the online learning to rank algorithm to place the target item on top of the ranking list linear times to time horizon $T$ with a sublinear attack cost. We propose generalized list poisoning attacks that perturb the ranking list presented to the user. This strategy can efficiently attack any no-regret ranker in general stochastic click models. Furthermore, we propose a click poisoning-based strategy named attack-then-quit that can efficiently attack two representative OLTR algorithms for stochastic click models. We theoretically analyze the success and cost upper bound of the two proposed methods. Experimental results based on synthetic and real-world data further validate the effectiveness and cost-efficiency of the proposed attack strategies.