Securing Visually-Aware Recommender Systems: An Adversarial Image Reconstruction and Detection Framework

TL;DR

This paper introduces a novel adversarial image reconstruction and detection framework to enhance the security of visually-aware recommender systems against imperceptible image perturbation attacks, improving robustness and detection accuracy.

Contribution

It proposes a joint defense strategy combining image reconstruction with global vision transformers and contrastive learning for effective attack mitigation and detection in VARS.

Findings

Outperforms existing defense methods against FGSM and PGD attacks

Achieves high accuracy in detecting adversarial examples

Demonstrates effectiveness on real-world datasets

Abstract

With rich visual data, such as images, becoming readily associated with items, visually-aware recommendation systems (VARS) have been widely used in different applications. Recent studies have shown that VARS are vulnerable to item-image adversarial attacks, which add human-imperceptible perturbations to the clean images associated with those items. Attacks on VARS pose new security challenges to a wide range of applications such as e-Commerce and social networks where VARS are widely used. How to secure VARS from such adversarial attacks becomes a critical problem. Currently, there is still a lack of systematic study on how to design secure defense strategies against visual attacks on VARS. In this paper, we attempt to fill this gap by proposing an adversarial image reconstruction and detection framework to secure VARS. Our proposed method can simultaneously (1) secure VARS from adversarial attacks characterized by local perturbations by image reconstruction based on global vision transformers; and (2) accurately detect adversarial examples using a novel contrastive learning approach. Meanwhile, our framework is designed to be used as both a filter and a detector so that they can be jointly trained to improve the flexibility of our defense strategy to a variety of attacks and VARS models. We have conducted extensive experimental studies with two popular attack methods (FGSM and PGD). Our experimental results on two real-world datasets show that our defense strategy against visual attacks is effective and outperforms existing methods on different attacks. Moreover, our method can detect adversarial examples with high accuracy.