TL;DR
This paper demonstrates that text-aware recommender systems are vulnerable to adversarial attacks through realistic text rewriting, which can unfairly manipulate product rankings despite human perception of authenticity.
Contribution
The paper introduces a novel text rewriting attack framework on text-aware recommender systems, highlighting a new vulnerability in the robustness of such systems.
Findings
Recommender systems are vulnerable to realistic text rewriting attacks.
Two attack methods: two-phase fine-tuning and in-context learning.
Experiments show effectiveness across multiple datasets and approaches.
Abstract
Text-aware recommender systems incorporate rich textual features, such as titles and descriptions, to generate item recommendations for users. The use of textual features helps mitigate cold-start problems, and thus, such recommender systems have attracted increased attention. However, we argue that the dependency on item descriptions makes the recommender system vulnerable to manipulation by adversarial sellers on e-commerce platforms. In this paper, we explore the possibility of such manipulation by proposing a new text rewriting framework to attack text-aware recommender systems. We show that the rewriting attack can be exploited by sellers to unfairly uprank their products, even though the adversarially rewritten descriptions are perceived as realistic by human evaluators. Methodologically, we investigate two different variations to carry out text rewriting attacks: (1) two-phase…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
