Knowledge-enhanced Black-box Attacks for Recommendations

Recent studies have shown that deep neural networks-based recommender systems are vulnerable to adversarial attacks, where attackers can inject carefully crafted fake user profiles (i.e., a set of items that fake users have interacted with) into a target recommender system to achieve malicious purposes, such as promote or demote a set of target items. Due to the security and privacy concerns, it is more practical to perform adversarial attacks under the black-box setting, where the architecture/parameters and training data of target systems cannot be easily accessed by attackers. However, generating high-quality fake user profiles under black-box setting is rather challenging with limited resources to target systems. To address this challenge, in this work, we introduce a novel strategy by leveraging items' attribute information (i.e., items' knowledge graph), which can be publicly accessible and provide rich auxiliary knowledge to enhance the generation of fake user profiles. More specifically, we propose a knowledge graph-enhanced black-box attacking framework (KGAttack) to effectively learn attacking policies through deep reinforcement learning techniques, in which knowledge graph is seamlessly integrated into hierarchical policy networks to generate fake user profiles for performing adversarial black-box attacks. Comprehensive experiments on various real-world datasets demonstrate the effectiveness of the proposed attacking framework under the black-box setting.

[1]  Jiliang Tang,et al.  Graph Trend Filtering Networks for Recommendation , 2022, SIGIR.

[2]  Zhankui He,et al.  Black-Box Attacks on Sequential Recommenders via Data-Free Model Extraction , 2021, RecSys.

[3]  Enhong Chen,et al.  Triple Adversarial Learning for Influence based Poisoning Attack in Recommender Systems , 2021, KDD.

[4]  Xiaorui Liu,et al.  Graph Trend Filtering Networks for Recommendation , 2021, SIGIR.

[5]  Jiliang Tang,et al.  Jointly Attacking Graph Neural Network and its Explanations , 2021, 2023 IEEE 39th International Conference on Data Engineering (ICDE).

[6]  Jiliang Tang,et al.  Trustworthy AI: A Computational Perspective , 2021, ACM Trans. Intell. Syst. Technol..

[7]  Jiliang Tang,et al.  AutoLoss: Automated Loss Function Search in Recommendations , 2021, KDD.

[8]  Qi Li,et al.  Data Poisoning Attacks to Deep Learning Based Recommender Systems , 2021, NDSS.

[9]  Jie Yang,et al.  Are We Evaluating Rigorously? Benchmarking Recommendation for Reproducible Evaluation and Fair Comparison , 2020, RecSys.

[10]  Ke Wang,et al.  Revisiting Adversarially Learned Injection Attacks Against Recommender Systems , 2020, RecSys.

[11]  Qing Li,et al.  A Graph Neural Network Framework for Social Recommendations , 2020, IEEE Transactions on Knowledge and Data Engineering.

[12]  Jiliang Tang,et al.  Attacking Black-box Recommendations via Copying Cross-domain User Profiles , 2020, 2021 IEEE 37th International Conference on Data Engineering (ICDE).

[13]  Hui Li,et al.  Attacking Recommender Systems with Augmented User Profiles , 2020, CIKM.

[14]  Zhao Li,et al.  PoisonRec: An Adaptive Data Poisoning Framework for Attacking Black-box Recommender Systems , 2020, 2020 IEEE 36th International Conference on Data Engineering (ICDE).

[15]  Jiliang Tang,et al.  AutoEmb: Automated Embedding Dimensionality Search in Streaming Recommendations , 2020, ArXiv.

[16]  Jia Liu,et al.  Influence Function based Data Poisoning Attacks to Top-N Recommender Systems , 2020, WWW.

[17]  Konstantina Christakopoulou,et al.  Adversarial attacks on an oblivious recommender , 2019, RecSys.

[18]  Yao Ma,et al.  Deep social collaborative filtering , 2019, RecSys.

[19]  Tat-Seng Chua,et al.  Neural Graph Collaborative Filtering , 2019, SIGIR.

[20]  Jiliang Tang,et al.  Deep Adversarial Social Recommendation , 2019, IJCAI.

[21]  Minyi Guo,et al.  Knowledge Graph Convolutional Networks for Recommender Systems , 2019, WWW.

[22]  Yuan He,et al.  Graph Neural Networks for Social Recommendation , 2019, WWW.

[23]  Jiaxing Song,et al.  Reinforcement Learning to Optimize Long-term User Engagement in Recommender Systems , 2019, KDD.

[24]  Matthew Nicholson,et al.  Leveraging Knowledge Graphs of Movies and Their Content for Web-Scale Analysis , 2018, 2018 14th International Conference on Signal-Image Technology & Internet-Based Systems (SITIS).

[25]  Jia Liu,et al.  Poisoning Attacks to Graph-Based Recommender Systems , 2018, ACSAC.

[26]  Jure Leskovec,et al.  Graph Convolutional Neural Networks for Web-Scale Recommender Systems , 2018, KDD.

[27]  Qing Li,et al.  Deep Modeling of Social Relations for Recommendation , 2018, AAAI.

[28]  Kui Ren,et al.  Toward Privacy-Preserving Personalized Recommendation Services , 2018 .

[29]  Minyi Guo,et al.  RippleNet: Propagating User Preferences on the Knowledge Graph for Recommender Systems , 2018, CIKM.

[30]  Alec Radford,et al.  Proximal Policy Optimization Algorithms , 2017, ArXiv.

[31]  Tat-Seng Chua,et al.  Neural Collaborative Filtering , 2017, WWW.

[32]  Max Welling,et al.  Semi-Supervised Classification with Graph Convolutional Networks , 2016, ICLR.

[33]  Yevgeniy Vorobeychik,et al.  Data Poisoning Attacks on Factorization-Based Collaborative Filtering , 2016, NIPS.

[34]  Heng-Tze Cheng,et al.  Wide & Deep Learning for Recommender Systems , 2016, DLRS@RecSys.

[35]  Alex Graves,et al.  Asynchronous Methods for Deep Reinforcement Learning , 2016, ICML.

[36]  Demis Hassabis,et al.  Mastering the game of Go with deep neural networks and tree search , 2016, Nature.

[37]  Yuval Tassa,et al.  Continuous control with deep reinforcement learning , 2015, ICLR.

[38]  Yoshua Bengio,et al.  Learning Phrase Representations using RNN Encoder–Decoder for Statistical Machine Translation , 2014, EMNLP.

[39]  Jason Weston,et al.  Translating Embeddings for Modeling Multi-relational Data , 2013, NIPS.

[40]  Xiangyu Zhao,et al.  Automated Machine Learning for Deep Recommender Systems: A Survey , 2022, ArXiv.

[41]  Viktor de Boer,et al.  kgbench: A Collection of Knowledge Graph Datasets for Evaluating Relational and Multimodal Machine Learning , 2021, ESWC.