Poisoning Attacks against Recommender Systems: A Survey

TL;DR

This survey reviews poisoning attacks on recommender systems, categorizing existing methods, discussing mechanisms, and introducing ARLib, an open-source benchmarking library for empirical comparison.

Contribution

It provides a comprehensive taxonomy of poisoning attack methods and introduces ARLib, a library for benchmarking and comparing these attacks systematically.

Findings

Proposed a new taxonomy for PAR methods

Developed ARLib, an open-source benchmarking tool

Identified future research directions in PAR

Abstract

Modern recommender systems (RS) have seen substantial success, yet they remain vulnerable to malicious activities, notably poisoning attacks. These attacks involve injecting malicious data into the training datasets of RS, thereby compromising their integrity and manipulating recommendation outcomes for gaining illicit profits. This survey paper provides a systematic and up-to-date review of the research landscape on Poisoning Attacks against Recommendation (PAR). A novel and comprehensive taxonomy is proposed, categorizing existing PAR methodologies into three distinct categories: Component-Specific, Goal-Driven, and Capability Probing. For each category, we discuss its mechanism in detail, along with associated methods. Furthermore, this paper highlights potential future research avenues in this domain. Additionally, to facilitate and benchmark the empirical comparison of PAR, we introduce an open-source library, ARLib, which encompasses a comprehensive collection of PAR models and common datasets. The library is released at https://github.com/CoderWZW/ARLib.