DARTS: A Dual-View Attack Framework for Targeted Manipulation in Federated Sequential Recommendation

TL;DR

This paper introduces DARTS, a dual-view attack framework for federated sequential recommendation systems, demonstrating its effectiveness and proposing a defense mechanism to mitigate targeted attacks.

Contribution

It presents a novel dual-view attack method combining explicit sampling and contrastive learning strategies, and evaluates its effectiveness against existing models in federated recommendation.

Findings

The proposed attack significantly outperforms existing methods in FSR tasks.

The defense mechanism effectively reduces attack success rates.

Extensive experiments validate the robustness of the proposed approach.

Abstract

Federated recommendation (FedRec) preserves user privacy by enabling decentralized training of personalized models, but this architecture is inherently vulnerable to adversarial attacks. Significant research has been conducted on targeted attacks in FedRec systems, motivated by commercial and social influence considerations. However, much of this work has largely overlooked the differential robustness of recommendation models. Moreover, our empirical findings indicate that existing targeted attack methods achieve only limited effectiveness in Federated Sequential Recommendation(FSR) tasks. Driven by these observations, we focus on investigating targeted attacks in FSR and propose a novel dualview attack framework, named DV-FSR. This attack method uniquely combines a sampling-based explicit strategy with a contrastive learning-based implicit gradient strategy to orchestrate a coordinated attack. Additionally, we introduce a specific defense mechanism tailored for targeted attacks in FSR, aiming to evaluate the mitigation effects of the attack method we proposed. Extensive experiments validate the effectiveness of our proposed approach on representative sequential models. Our codes are publicly available.