Unveiling Vulnerabilities of Contrastive Recommender Systems to Poisoning Attacks

TL;DR

This paper uncovers a vulnerability in contrastive learning-based recommender systems, showing they are susceptible to poisoning attacks that exploit spectral uniformity to promote specific items, with extensive experimental validation.

Contribution

It reveals a novel poisoning attack framework targeting CL-based recommenders by manipulating spectral value distributions to increase item promotion effectiveness.

Findings

Poisoning attacks can exploit spectral uniformity in CL recommenders.

The proposed attack enhances target item visibility effectively.

Extensive experiments validate attack success across datasets.

Abstract

Contrastive learning (CL) has recently gained prominence in the domain of recommender systems due to its great ability to enhance recommendation accuracy and improve model robustness. Despite its advantages, this paper identifies a vulnerability of CL-based recommender systems that they are more susceptible to poisoning attacks aiming to promote individual items. Our analysis indicates that this vulnerability is attributed to the uniform spread of representations caused by the InfoNCE loss. Furthermore, theoretical and empirical evidence shows that optimizing this loss favors smooth spectral values of representations. This finding suggests that attackers could facilitate this optimization process of CL by encouraging a more uniform distribution of spectral values, thereby enhancing the degree of representation dispersion. With these insights, we attempt to reveal a potential poisoning attack against CL-based recommender systems, which encompasses a dual-objective framework: one that induces a smoother spectral value distribution to amplify the InfoNCE loss's inherent dispersion effect, named dispersion promotion; and the other that directly elevates the visibility of target items, named rank promotion. We validate the threats of our attack model through extensive experimentation on four datasets. By shedding light on these vulnerabilities, our goal is to advance the development of more robust CL-based recommender systems. The code is available at \url{https://github.com/CoderWZW/ARLib}.