Due to the pivotal role of Recommender Systems (RS) in guiding customers towards the purchase, there is a natural motivation for unscrupulous parties to spoof RS for profits. In this paper, we study Shilling Attack where an adversarial party injects a number of fake user profiles for improper purposes. Conventional Shilling Attack approaches lack attack transferability (i.e., attacks are not effective on some victim RS models) and/or attack invisibility (i.e., injected profiles can be easily detected). To overcome these issues, we present Leg-UP, a novel attack model based on the Generative Adversarial Network. Leg-UP learns user behavior patterns from real users in the sampled ``templates'' and constructs fake user profiles. To simulate real users, the generator in Leg-UP directly outputs discrete ratings. To enhance attack transferability, the parameters of the generator are optimized by maximizing the attack performance on a surrogate RS model. To improve attack invisibility, Leg-UP adopts a discriminator to guide the generator to generate undetectable fake user profiles. Experiments on benchmarks have shown that Leg-UP exceeds state-of-the-art Shilling Attack methods on a wide range of victim RS models. The source code of our work is available at: https://github.com/XMUDM/ShillingAttack.
翻译:由于建议系统(RS)在指导客户购买货物方面起着关键作用,因此不择手段的各方自然会出于一种自然动机,要求其为利润而冒出RS的利润。在本文中,我们研究了对立方为不正当目的输入一些假用户简介的Shilling Attack 。常规Shilling Attack 方法缺乏攻击可转移性(即攻击对某些RS受害者模型不起作用)和/或攻击不可见性(即注射剖面图很容易检测出来),为了克服这些问题,我们介绍了以Genearial Aversarial网络为基础的新型攻击模型Leg-UP。Lg-UP向抽样“Templates”的真正用户学习了用户行为模式,并构建了假用户简介。要模拟实际用户,Lg-MP的发电机直接输出离散评级。为了提高攻击可转移性,发电机的参数通过在Surgate RS模型上最大限度地发挥攻击性功能来优化。为了改进攻击可视性,Lg-UP采用一个歧视者来指导发电机制作无法识别的假用户简介。Leg-UPUP'T的模型。在SBA上进行广泛的实验。在S-RA的源上显示。