A survey on Adversarial Recommender Systems: from Attack/Defense strategies to Generative Adversarial Networks

Latent-factor models (LFM) based on collaborative filtering (CF), such as matrix factorization (MF) and deep CF methods, are widely used in modern recommender systems (RS) due to their excellent performance and recommendation accuracy. However, success has been accompanied with a major new arising challenge: many applications of machine learning (ML) are adversarial in nature. In recent years, it has been shown that these methods are vulnerable to adversarial examples, i.e., subtle but non-random perturbations designed to force recommendation models to produce erroneous outputs. The goal of this survey is two-fold: (i) to present recent advances on adversarial machine learning (AML) for the security of RS (i.e., attacking and defense recommendation models), (ii) to show another successful application of AML in generative adversarial networks (GANs) for generative applications, thanks to their ability for learning (high-dimensional) data distributions. In this survey, we provide an exhaustive literature review of 74 articles published in major RS and ML journals and conferences. This review serves as a reference for the RS community, working on the security of RS or on generative models using GANs to improve their quality.

[1]  Sang-Young Jo,et al.  Scenery-Based Fashion Recommendation with Cross-Domain Geneartive Adverserial Networks , 2019, 2019 IEEE International Conference on Big Data and Smart Computing (BigComp).

[2]  Fabio Crestani,et al.  Adversarial Training for Review-Based Recommendations , 2019, SIGIR.

[3]  M. Shamim Hossain,et al.  Cross-Platform Multi-Modal Topic Modeling for Personalized Inter-Platform Recommendation , 2015, IEEE Transactions on Multimedia.

[4]  Huan Liu,et al.  Privacy-Aware Recommendation with Private-Attribute Protection using Adversarial Learning , 2019, WSDM.

[5]  Xiaokui Xiao,et al.  Privacy Enhanced Matrix Factorization for Recommendation with Local Differential Privacy , 2018, IEEE Transactions on Knowledge and Data Engineering.

[6]  Philippe Cudré-Mauroux,et al.  Privacy-Preserving Social Media Data Publishing for Personalized Ranking-Based Recommendation , 2019, IEEE Transactions on Knowledge and Data Engineering.

[7]  Blaine Nelson,et al.  Poisoning Attacks against Support Vector Machines , 2012, ICML.

[8]  Tommaso Di Noia,et al.  Multi-Step Adversarial Perturbations on Recommender Systems Embeddings , 2020, ArXiv.

[9]  Wei Cai,et al.  A Survey on Security Threats and Defensive Techniques of Machine Learning: A Data Driven View , 2018, IEEE Access.

[10]  Sergey Ioffe,et al.  Inception-v4, Inception-ResNet and the Impact of Residual Connections on Learning , 2016, AAAI.

[11]  Jian Yin,et al.  Geo-ALM: POI Recommendation by Fusing Geographical Information and Adversarial Learning Mechanism , 2019, IJCAI.

[12]  Wojciech Zaremba,et al.  Improved Techniques for Training GANs , 2016, NIPS.

[13]  Tommaso Di Noia,et al.  How Dataset Characteristics Affect the Robustness of Collaborative Recommendation Models , 2020, SIGIR.

[14]  Min Yang,et al.  PLASTIC: Prioritize Long and Short-term Information in Top-n Recommendation using Adversarial Training , 2018, IJCAI.

[15]  Yehezkel S. Resheff,et al.  Privacy and Fairness in Recommender Systems via Adversarial Training of User Representations , 2018, ICPRAM.

[16]  Dong Xu,et al.  Advanced Deep-Learning Techniques for Salient and Category-Specific Object Detection: A Survey , 2018, IEEE Signal Processing Magazine.

[17]  Tommaso Di Noia,et al.  Adversarial Learning for Recommendation: Applications for Security and Generative Tasks — Concept to Code , 2020, RecSys.

[18]  J. Bobadilla,et al.  Recommender systems survey , 2013, Knowl. Based Syst..

[19]  Samy Bengio,et al.  Adversarial Machine Learning at Scale , 2016, ICLR.

[20]  Xiangnan He,et al.  Certifiable Robustness to Discrete Adversarial Perturbations for Factorization Machines , 2020, SIGIR.

[21]  Lina Yao,et al.  Exploring Missing Interactions: A Convolutional Generative Adversarial Network for Collaborative Filtering , 2020, CIKM.

[22]  Lina Yao,et al.  Adversarial Attacks and Detection on Reinforcement Learning-Based Interactive Recommender Systems , 2020, SIGIR.

[23]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[24]  Xu Chen,et al.  Adversarial Distillation for Efficient Recommendation with External Knowledge , 2018, ACM Trans. Inf. Syst..

[25]  Tommaso Di Noia,et al.  An Empirical Study of DNNs Robustification Inefficacy in Protecting Visual Recommenders , 2020, ArXiv.

[26]  Chuhan Wu,et al.  Fairness-aware News Recommendation with Decomposed Adversarial Learning , 2020, AAAI.

[27]  Qi Tian,et al.  Adversarial Training Towards Robust Multimedia Recommender System , 2018, IEEE Transactions on Knowledge and Data Engineering.

[28]  Krishna P. Gummadi,et al.  A Unified Approach to Quantifying Algorithmic Unfairness: Measuring Individual &Group Unfairness via Inequality Indices , 2018, KDD.

[29]  Min Gao,et al.  Generating Reliable Friends via Adversarial Training to Improve Social Recommendation , 2019, 2019 IEEE International Conference on Data Mining (ICDM).

[30]  Raymond Y. K. Lau,et al.  Least Squares Generative Adversarial Networks , 2016, 2017 IEEE International Conference on Computer Vision (ICCV).

[31]  Lina Yao,et al.  Deep Learning Based Recommender System , 2017, ACM Comput. Surv..

[32]  Kyumin Lee,et al.  Adversarial Mahalanobis Distance-based Attentive Song Recommender for Automatic Playlist Continuation , 2019, SIGIR.

[33]  Chunyan Miao,et al.  PD-GAN: Adversarial Learning for Personalized Diversity-Promoting Recommendation , 2019, IJCAI.

[34]  Aleksander Madry,et al.  On Evaluating Adversarial Robustness , 2019, ArXiv.

[35]  Sanja Fidler,et al.  Be Your Own Prada: Fashion Synthesis with Structural Coherence , 2017, 2017 IEEE International Conference on Computer Vision (ICCV).

[36]  Martha Larson,et al.  Collaborative Filtering beyond the User-Item Matrix , 2014, ACM Comput. Surv..

[37]  Wei Chen,et al.  ATLRec: An Attentional Adversarial Transfer Learning Network for Cross-Domain Recommendation , 2020, Journal of Computer Science and Technology.

[38]  Yi Chang,et al.  Adversarial Sampling and Training for Semi-Supervised Information Retrieval , 2018, WWW.

[39]  Charu C. Aggarwal,et al.  Ensemble-Based and Hybrid Recommender Systems , 2016 .

[40]  Kan Li,et al.  RsyGAN: Generative Adversarial Network for Recommender Systems , 2019, 2019 International Joint Conference on Neural Networks (IJCNN).

[41]  Julia Rubin,et al.  Fairness Definitions Explained , 2018, 2018 IEEE/ACM International Workshop on Software Fairness (FairWare).

[42]  Patrick D. McDaniel,et al.  Transferability in Machine Learning: from Phenomena to Black-Box Attacks using Adversarial Samples , 2016, ArXiv.

[43]  Yihang Zhang,et al.  Fashion clothes matching scheme based on Siamese Network and AutoEncoder , 2019, Multimedia Systems.

[44]  Ambrish Tyagi,et al.  CRAFT: Complementary Recommendation by Adversarial Feature Transform , 2018, ECCV Workshops.

[45]  Kyungwoo Song,et al.  Augmented Variational Autoencoders for Collaborative Filtering with Auxiliary Information , 2017, CIKM.

[46]  Sebastian Nowozin,et al.  Adversarial Variational Bayes: Unifying Variational Autoencoders and Generative Adversarial Networks , 2017, ICML.

[47]  Yan Zhou,et al.  A Multiple Instance Learning Strategy for Combating Good Word Attacks on Spam Filters , 2008, J. Mach. Learn. Res..

[48]  Ning Zhong,et al.  Leveraging Reconstructive Profiles of Users and Items for Tag-Aware Recommendation , 2018, 2018 IEEE International Conference on Data Mining Workshops (ICDMW).

[49]  PARICHAT CHONWIHARNPHAN,et al.  Generating Realistic Users Using Generative Adversarial Network With Recommendation-Based Embedding , 2020, IEEE Access.

[50]  Tommaso Di Noia,et al.  Towards Effective Device-Aware Federated Learning , 2019, AI*IA.

[51]  Mária Bieliková,et al.  Beyond User Preferences: The Short-Term Behaviour Modelling , 2017, RecTemp@RecSys.

[52]  Minyi Guo,et al.  GraphGAN: Graph Representation Learning with Generative Adversarial Nets , 2017, AAAI.

[53]  Ousmane Amadou Dia,et al.  Adversarial Examples in Modern Machine Learning: A Review , 2019, ArXiv.

[54]  Tommaso Di Noia,et al.  Adversarial Machine Learning in Recommender Systems (AML-RecSys) , 2020, WSDM.

[55]  Quoc Viet Hung Nguyen,et al.  Enhancing Collaborative Filtering with Generative Augmentation , 2019, KDD.

[56]  Claudia Eckert,et al.  Support vector machines under adversarial label contamination , 2015, Neurocomputing.

[57]  Hsuan-Tien Lin,et al.  Compatibility Family Learning for Item Recommendation and Generation , 2017, AAAI.

[58]  Linh Nguyen,et al.  Domain-to-Domain Translation Model for Recommender System , 2018, ArXiv.

[59]  Roberto Turrin,et al.  Cross-Domain Recommender Systems , 2015, Recommender Systems Handbook.

[60]  Cheng Wang,et al.  RecSys-DAN: Discriminative Adversarial Networks for Cross-Domain Recommender Systems , 2019, IEEE Transactions on Neural Networks and Learning Systems.

[61]  Douglas B. Terry,et al.  Using collaborative filtering to weave an information tapestry , 1992, CACM.

[62]  Fabio Roli,et al.  Poisoning behavioral malware clustering , 2014, AISec '14.

[63]  Xing Xie,et al.  CCCFNet: A Content-Boosted Collaborative Filtering Neural Network for Cross Domain Recommender Systems , 2017, WWW.

[64]  Alexandros Karatzoglou,et al.  Session-based Recommendations with Recurrent Neural Networks , 2015, ICLR.

[65]  Salvatore J. Stolfo,et al.  Anagram: A Content Anomaly Detector Resistant to Mimicry Attack , 2006, RAID.

[66]  Yuan Qi,et al.  Generative Adversarial User Model for Reinforcement Learning Based Recommendation System , 2018, ICML.

[67]  Junwei Han,et al.  Generative Adversarial Network Based Heterogeneous Bibliographic Network Representation for Personalized Citation Recommendation , 2018, AAAI.

[68]  Jonathon Shlens,et al.  Conditional Image Synthesis with Auxiliary Classifier GANs , 2016, ICML.

[69]  David Berthelot,et al.  BEGAN: Boundary Equilibrium Generative Adversarial Networks , 2017, ArXiv.

[70]  Zhong Ming,et al.  CoFiGAN: Collaborative filtering by generative and discriminative training for one-class recommendation , 2020, Knowl. Based Syst..

[71]  Dilruk Perera,et al.  CnGAN: Generative Adversarial Networks for Cross-network user preference generation for non-overlapped users , 2019, WWW.

[72]  Ben Poole,et al.  Categorical Reparameterization with Gumbel-Softmax , 2016, ICLR.

[73]  Lina Yao,et al.  Adversarial Collaborative Neural Network for Robust Recommendation , 2019, SIGIR.

[74]  Jing Li,et al.  Adversarial tensor factorization for context-aware recommendation , 2019, RecSys.

[75]  Leon A. Gatys,et al.  Image Style Transfer Using Convolutional Neural Networks , 2016, 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[76]  Peter Dolog,et al.  Convolutional Adversarial Latent Factor Model for Recommender System , 2019, FLAIRS Conference.

[77]  Jan Kautz,et al.  Unsupervised Image-to-Image Translation Networks , 2017, NIPS.

[78]  Brian Y. Lim,et al.  RecGAN: recurrent generative adversarial networks for recommendation systems , 2018, RecSys.

[79]  Ajmal Mian,et al.  Threat of Adversarial Attacks on Deep Learning in Computer Vision: A Survey , 2018, IEEE Access.

[80]  Ji-Rong Wen,et al.  Sequential Recommendation with Self-Attentive Multi-Adversarial Network , 2020, SIGIR.

[81]  Lars Schmidt-Thieme,et al.  Pairwise interaction tensor factorization for personalized tag recommendation , 2010, WSDM '10.

[82]  Jiajin Huang,et al.  Rating Prediction in Review-Based Recommendations via Adversarial Auto-Encoder , 2018, 2018 IEEE/WIC/ACM International Conference on Web Intelligence (WI).

[83]  Yuhui Zheng,et al.  Recent Progress on Generative Adversarial Networks (GANs): A Survey , 2019, IEEE Access.

[84]  Tommaso Di Noia,et al.  Assessing the Impact of a User-Item Collaborative Attack on Class of Users , 2019, ImpactRS@RecSys.

[85]  Martin Ester,et al.  Collaborative Denoising Auto-Encoders for Top-N Recommender Systems , 2016, WSDM.

[86]  Ye Zhang,et al.  A Novel Personalized Citation Recommendation Approach Based on GAN , 2018, ISMIS.

[87]  Silvio Savarese,et al.  Adversarial Feature Augmentation for Unsupervised Domain Adaptation , 2017, 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition.

[88]  Ji-Rong Wen,et al.  Mining Implicit Entity Preference from User-Item Interaction Data for Knowledge Graph Completion via Adversarial Learning , 2020, WWW.

[89]  Jianfang Wang,et al.  Adversarial Training-Based Mean Bayesian Personalized Ranking for Recommender System , 2020, IEEE Access.

[90]  Xianwen Yu,et al.  VAEGAN: A Collaborative Filtering Framework based on Adversarial Variational Autoencoders , 2019, IJCAI.

[91]  Weinan Zhang,et al.  LambdaFM: Learning Optimal Ranking with Factorization Machines Using Lambda Surrogates , 2016, CIKM.

[92]  Kunpeng Zhang,et al.  Adversarial Point-of-Interest Recommendation , 2019, WWW.

[93]  Ansgar Scherp,et al.  Using Adversarial Autoencoders for Multi-Modal Automatic Playlist Continuation , 2018, RecSys Challenge.

[94]  Yishay Mansour,et al.  Policy Gradient Methods for Reinforcement Learning with Function Approximation , 1999, NIPS.

[95]  Sang-Wook Kim,et al.  Adversarial Training of Deep Autoencoders Towards Recommendation Tasks , 2018, 2018 International Conference on Network Infrastructure and Digital Content (IC-NIDC).

[96]  Jarana Manotumruksa,et al.  Sequential-based Adversarial Optimisation for Personalised Top-N Item Recommendation , 2020, SIGIR.

[97]  Yehuda Koren,et al.  Matrix Factorization Techniques for Recommender Systems , 2009, Computer.

[98]  Hui Li,et al.  Attacking Recommender Systems with Augmented User Profiles , 2020, CIKM.

[99]  Yoshua Bengio,et al.  Learning Phrase Representations using RNN Encoder–Decoder for Statistical Machine Translation , 2014, EMNLP.

[100]  David A. Wagner,et al.  Defensive Distillation is Not Robust to Adversarial Examples , 2016, ArXiv.

[101]  Huseyin Polat,et al.  Shilling attacks against recommender systems: a comprehensive survey , 2014, Artificial Intelligence Review.

[102]  Samy Bengio,et al.  Adversarial examples in the physical world , 2016, ICLR.

[103]  Shlomo Berkovsky,et al.  Web Personalization and Recommender Systems , 2015, KDD.

[104]  Alan Hanjalic,et al.  List-wise learning to rank with matrix factorization for collaborative filtering , 2010, RecSys '10.

[105]  Xian Wu,et al.  Adversarial Learning to Compare: Self-Attentive Prospective Customer Recommendation in Location based Social Networks , 2020, WSDM.

[106]  Claudia Eckert,et al.  Adversarial Label Flips Attack on Support Vector Machines , 2012, ECAI.

[107]  Ananthram Swami,et al.  Distillation as a Defense to Adversarial Perturbations Against Deep Neural Networks , 2015, 2016 IEEE Symposium on Security and Privacy (SP).

[108]  Ashish Sharma,et al.  An Adversarial Approach to Improve Long-Tail Performance in Neural Collaborative Filtering , 2018, CIKM.

[109]  Simon Osindero,et al.  Conditional Generative Adversarial Nets , 2014, ArXiv.

[110]  Jung-Tae Lee,et al.  CFGAN: A Generic Collaborative Filtering Framework based on Generative Adversarial Networks , 2018, CIKM.

[111]  Tommaso Di Noia,et al.  TAaMR: Targeted Adversarial Attack against Multimedia Recommender Systems , 2020, 2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W).

[112]  Aleksander Madry,et al.  Towards Deep Learning Models Resistant to Adversarial Attacks , 2017, ICLR.

[113]  Jonathon Shlens,et al.  Explaining and Harnessing Adversarial Examples , 2014, ICLR.

[114]  Yang Liu,et al.  Adversarial Variational Autoencoder for Top-N Recommender Systems , 2018, 2018 IEEE 9th International Conference on Software Engineering and Service Science (ICSESS).

[115]  Jian Sun,et al.  Deep Residual Learning for Image Recognition , 2015, 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[116]  Konstantina Christakopoulou,et al.  Adversarial attacks on an oblivious recommender , 2019, RecSys.

[117]  Chen Fang,et al.  Visually-Aware Fashion Recommendation and Design with Generative Image Models , 2017, 2017 IEEE International Conference on Data Mining (ICDM).

[118]  Tat-Seng Chua,et al.  Neural Collaborative Filtering , 2017, WWW.

[119]  Yevgeniy Vorobeychik,et al.  Data Poisoning Attacks on Factorization-Based Collaborative Filtering , 2016, NIPS.

[120]  Huan Liu,et al.  Personalized Privacy-Preserving Social Recommendation , 2018, AAAI.

[121]  Jiliang Tang,et al.  Deep Adversarial Social Recommendation , 2019, IJCAI.

[122]  Joan Bruna,et al.  Intriguing properties of neural networks , 2013, ICLR.

[123]  Debdeep Mukhopadhyay,et al.  Adversarial Attacks and Defences: A Survey , 2018, ArXiv.

[124]  Daling Wang,et al.  An Approach for Clothing Recommendation Based on Multiple Image Attributes , 2016, WAIM.

[125]  Zhuoran Liu,et al.  Adversarial Item Promotion: Vulnerabilities at the Core of Top-N Recommenders that Use Images to Address Cold Start , 2020, WWW.

[126]  Julian J. McAuley,et al.  VBPR: Visual Bayesian Personalized Ranking from Implicit Feedback , 2015, AAAI.

[127]  J. Doug Tygar,et al.  Adversarial machine learning , 2019, AISec '11.

[128]  Lixin Gao,et al.  The impact of YouTube recommendation system on video views , 2010, IMC '10.

[129]  Kaigui Bian,et al.  Adversarial Oracular Seq2seq Learning for Sequential Recommendation , 2020, IJCAI.

[130]  Lina Yao,et al.  Adversarial Collaborative Auto-encoder for Top-N Recommendation , 2019, 2019 International Joint Conference on Neural Networks (IJCNN).

[131]  David A. Wagner,et al.  Towards Evaluating the Robustness of Neural Networks , 2016, 2017 IEEE Symposium on Security and Privacy (SP).

[132]  Dit-Yan Yeung,et al.  Dynamic Key-Value Memory Networks for Knowledge Tracing , 2016, WWW.

[133]  James Caverlee,et al.  Measuring and Mitigating Item Under-Recommendation Bias in Personalized Ranking Systems , 2020, SIGIR.

[134]  Gabriella Pasi,et al.  Recommender Systems Leveraging Multimedia Content , 2020, ACM Comput. Surv..

[135]  Gilles Louppe,et al.  Learning to Pivot with Adversarial Networks , 2016, NIPS.

[136]  Sang-Wook Kim,et al.  Rating Augmentation with Generative Adversarial Networks towards Accurate Collaborative Filtering , 2019, WWW.

[137]  Geoffrey E. Hinton,et al.  Distilling the Knowledge in a Neural Network , 2015, ArXiv.

[138]  Suyu Ge,et al.  Neural News Recommendation with Multi-Head Self-Attention , 2019, EMNLP.

[139]  Zi Huang,et al.  Neural Memory Streaming Recommender Networks with Adversarial Training , 2018, KDD.

[140]  Peng Cui,et al.  Collaborative Generative Adversarial Network for Recommendation Systems , 2019, 2019 IEEE 35th International Conference on Data Engineering Workshops (ICDEW).

[141]  Bin Wu,et al.  APL: Adversarial Pairwise Learning for Recommender Systems , 2019, Expert Syst. Appl..

[142]  Alex Beutel,et al.  Recurrent Recommender Networks , 2017, WSDM.

[143]  Huan Liu,et al.  Towards privacy preserving social recommendation under personalized privacy settings , 2018, World Wide Web.

[144]  Peng Zhang,et al.  IRGAN: A Minimax Game for Unifying Generative and Discriminative Information Retrieval Models , 2017, SIGIR.

[145]  Wojciech Zaremba,et al.  An Empirical Exploration of Recurrent Network Architectures , 2015, ICML.

[146]  Xiaoyu Du,et al.  Adversarial Personalized Ranking for Recommendation , 2018, SIGIR.

[147]  Jinfeng Yi,et al.  Enhancing the Robustness of Neural Collaborative Filtering Systems Under Malicious Attacks , 2019, IEEE Transactions on Multimedia.

[148]  Min Yang,et al.  Leveraging Long and Short-Term Information in Content-Aware Movie Recommendation via Adversarial Training , 2017, IEEE Transactions on Cybernetics.

[149]  Terrance E. Boult,et al.  Adversarial Diversity and Hard Positive Generation , 2016, 2016 IEEE Conference on Computer Vision and Pattern Recognition Workshops (CVPRW).

[150]  Meng Liu,et al.  LARA: Attribute-to-feature Adversarial Learning for New-item Recommendation , 2020, WSDM.

[151]  Wang Chen,et al.  Utilizing Generative Adversarial Networks for Recommendation based on Ratings and Reviews , 2019, 2019 International Joint Conference on Neural Networks (IJCNN).

[152]  Wei Wang,et al.  Click Feedback-Aware Query Recommendation Using Adversarial Examples , 2019, WWW.

[153]  Cecilia R. Aragon,et al.  Global Reactions to the Cambridge Analytica Scandal: A Cross-Language Social Media Study , 2019, WWW.

[154]  Murat Kantarcioglu,et al.  Adversarial Machine Learning , 2018, Adversarial Machine Learning.

[155]  François Laviolette,et al.  Domain-Adversarial Training of Neural Networks , 2015, J. Mach. Learn. Res..

[156]  Junhao Wen,et al.  A Minimax Game for Generative and Discriminative Sample Models for Recommendation , 2019, PAKDD.

[157]  Sang-Wook Kim,et al.  Collaborative Adversarial Autoencoders: An Effective Collaborative Filtering Model Under the GAN Framework , 2019, IEEE Access.

[158]  Lars Schmidt-Thieme,et al.  BPR: Bayesian Personalized Ranking from Implicit Feedback , 2009, UAI.

[159]  Wang Chen,et al.  LambdaGAN: Generative Adversarial Nets for Recommendation Task with Lambda Strategy , 2019, 2019 International Joint Conference on Neural Networks (IJCNN).

[160]  Hari Sundaram,et al.  A Modular Adversarial Approach to Social Recommendation , 2019, CIKM.