English

Influence Function based Data Poisoning Attacks to Top-N Recommender Systems

Cryptography and Security 2020-06-02 v3 Information Retrieval Machine Learning Machine Learning

Abstract

Recommender system is an essential component of web services to engage users. Popular recommender systems model user preferences and item properties using a large amount of crowdsourced user-item interaction data, e.g., rating scores; then top-NN items that match the best with a user's preference are recommended to the user. In this work, we show that an attacker can launch a data poisoning attack to a recommender system to make recommendations as the attacker desires via injecting fake users with carefully crafted user-item interaction data. Specifically, an attacker can trick a recommender system to recommend a target item to as many normal users as possible. We focus on matrix factorization based recommender systems because they have been widely deployed in industry. Given the number of fake users the attacker can inject, we formulate the crafting of rating scores for the fake users as an optimization problem. However, this optimization problem is challenging to solve as it is a non-convex integer programming problem. To address the challenge, we develop several techniques to approximately solve the optimization problem. For instance, we leverage influence function to select a subset of normal users who are influential to the recommendations and solve our formulated optimization problem based on these influential users. Our results show that our attacks are effective and outperform existing methods.

Keywords

Cite

@article{arxiv.2002.08025,
  title  = {Influence Function based Data Poisoning Attacks to Top-N Recommender Systems},
  author = {Minghong Fang and Neil Zhenqiang Gong and Jia Liu},
  journal= {arXiv preprint arXiv:2002.08025},
  year   = {2020}
}

Comments

Accepted by WWW 2020; This is technical report version

R2 v1 2026-06-23T13:46:26.883Z