October 28, 2024 2:30, ENR2 S215
When
Title: Security of Recommender System: Adversarial Attack, Vulnerability Estimation and Mitigation Practice
Abstract: Due to the nature of openness, recommender system is vulnerable to adversarial attack that aims to manipulate the recommendations of target items by injecting purposely prepared fake data into the system. Different parties are well motivated to perform the adversarial attack on real-world recommender systems to gain business benefits. Therefore, it is crucial to study the possible adversarial attack, assess recommender’s vulnerability under the attack, and develop effective mitigation measures. To meet this need, we develop a novel multi-agent reinforcement learning (MARL)-based approach for simulating the adversarial attack to recommenders. Compared with the extant methods, our approach better simulates the real-world attack on recommenders and assesses their vulnerability. With the MARL-based approach, we further develop a novel item-vulnerability estimator to conveniently predict individual items’ vulnerability under the attack. The developed estimator could be used to efficiently identify and prioritize vulnerable items in a recommender system. With the estimator, we conduct further item-vulnerability analysis using counterfactual alterations to reveal effective mitigation practices for combatting the attack. We conduct systematic evaluations to evaluate our MARL-based attack approach against multiple state-of-the-art methods from four different dimensions, and we also test our developed item- vulnerability estimator and demonstrate its value for the risk management of recommender
system.
Relevant Papers: