Toward Robust Recommendation via Real-time Vicinal Defense

TL;DR

This paper introduces Real-time Vicinal Defense (RVD), a practical, model-agnostic method that enhances recommender system robustness against poisoning attacks by fine-tuning with neighboring data during inference.

Contribution

The paper proposes a novel, real-time, inference-phase defense method that does not alter model training, improving robustness against poisoning attacks in recommender systems.

Findings

RVD effectively mitigates targeted poisoning attacks across various models.

RVD maintains recommendation accuracy while enhancing robustness.

Combining RVD with other strategies further improves defense effectiveness.

Abstract

Recommender systems have been shown to be vulnerable to poisoning attacks, where malicious data is injected into the dataset to cause the recommender system to provide biased recommendations. To defend against such attacks, various robust learning methods have been proposed. However, most methods are model-specific or attack-specific, making them lack generality, while other methods, such as adversarial training, are oriented towards evasion attacks and thus have a weak defense strength in poisoning attacks. In this paper, we propose a general method, Real-time Vicinal Defense (RVD), which leverages neighboring training data to fine-tune the model before making a recommendation for each user. RVD works in the inference phase to ensure the robustness of the specific sample in real-time, so there is no need to change the model structure and training process, making it more practical. Extensive experimental results demonstrate that RVD effectively mitigates targeted poisoning attacks across various models without sacrificing accuracy. Moreover, the defensive effect can be further amplified when our method is combined with other strategies.