Stealthy Attack on Large Language Model based Recommendation

TL;DR

This paper uncovers security vulnerabilities in LLM-based recommendation systems, showing attackers can subtly manipulate item exposure without detection, highlighting a critical need for improved security measures.

Contribution

The study reveals a novel, stealthy attack method exploiting textual content in LLM-based recommenders, exposing a significant security gap in these systems.

Findings

Attack increases item exposure significantly

Modifications are subtle and hard to detect

Effective across multiple LLM-based models

Abstract

Recently, the powerful large language models (LLMs) have been instrumental in propelling the progress of recommender systems (RS). However, while these systems have flourished, their susceptibility to security threats has been largely overlooked. In this work, we reveal that the introduction of LLMs into recommendation models presents new security vulnerabilities due to their emphasis on the textual content of items. We demonstrate that attackers can significantly boost an item's exposure by merely altering its textual content during the testing phase, without requiring direct interference with the model's training process. Additionally, the attack is notably stealthy, as it does not affect the overall recommendation performance and the modifications to the text are subtle, making it difficult for users and platforms to detect. Our comprehensive experiments across four mainstream LLM-based recommendation models demonstrate the superior efficacy and stealthiness of our approach. Our work unveils a significant security gap in LLM-based recommendation systems and paves the way for future research on protecting these systems.