Single-User Injection for Invisible Shilling Attack against Recommender Systems

TL;DR

This paper introduces SUI-Attack, a novel graph-based method for executing invisible shilling attacks on recommender systems using only a single fake user profile, enhancing stealthiness and effectiveness.

Contribution

It is the first to study single-user injection shilling attacks and proposes a new method that improves attack success and stealthiness over multi-user approaches.

Findings

SUI-Attack achieves effective attack results with a single fake user.

The method enhances stealthiness, reducing detection risk.

Experimental results demonstrate its superiority over existing methods.

Abstract

Recommendation systems (RS) are crucial for alleviating the information overload problem. Due to its pivotal role in guiding users to make decisions, unscrupulous parties are lured to launch attacks against RS to affect the decisions of normal users and gain illegal profits. Among various types of attacks, shilling attack is one of the most subsistent and profitable attacks. In shilling attack, an adversarial party injects a number of well-designed fake user profiles into the system to mislead RS so that the attack goal can be achieved. Although existing shilling attack methods have achieved promising results, they all adopt the attack paradigm of multi-user injection, where some fake user profiles are required. This paper provides the first study of shilling attack in an extremely limited scenario: only one fake user profile is injected into the victim RS to launch shilling attacks (i.e., single-user injection). We propose a novel single-user injection method SUI-Attack for invisible shilling attack. SUI-Attack is a graph based attack method that models shilling attack as a node generation task over the user-item bipartite graph of the victim RS, and it constructs the fake user profile by generating user features and edges that link the fake user to items. Extensive experiments demonstrate that SUI-Attack can achieve promising attack results in single-user injection. In addition to its attack power, SUI-Attack increases the stealthiness of shilling attack and reduces the risk of being detected. We provide our implementation at: https://github.com/KDEGroup/SUI-Attack.