Single-Node Trigger Backdoor Attacks in Graph-Based Recommendation Systems

TL;DR

This paper introduces a novel single-node trigger backdoor attack on graph-based recommendation systems, effectively exposing target items with minimal impact and high stealth, highlighting a new security vulnerability.

Contribution

It proposes a single-node trigger generator for covert backdoor attacks, improving stealth and reducing destructiveness compared to existing methods.

Findings

Target item exposure exceeds 50% in 99% of cases

System performance impact is limited to around 5%

Effective in maintaining attack stealth and system integrity

Abstract

Graph recommendation systems have been widely studied due to their ability to effectively capture the complex interactions between users and items. However, these systems also exhibit certain vulnerabilities when faced with attacks. The prevailing shilling attack methods typically manipulate recommendation results by injecting a large number of fake nodes and edges. However, such attack strategies face two primary challenges: low stealth and high destructiveness. To address these challenges, this paper proposes a novel graph backdoor attack method that aims to enhance the exposure of target items to the target user in a covert manner, without affecting other unrelated nodes. Specifically, we design a single-node trigger generator, which can effectively expose multiple target items to the target user by inserting only one fake user node. Additionally, we introduce constraint conditions between the target nodes and irrelevant nodes to mitigate the impact of fake nodes on the recommendation system's performance. Experimental results show that the exposure of the target items reaches no less than 50% in 99% of the target users, while the impact on the recommendation system's performance is controlled within approximately 5%.