Knowledge-enhanced Black-box Attacks for Recommendations

被引:23
作者
Chen, Jingfan [1 ]
Fan, Wenqi [2 ]
Zhu, Guanghui [1 ]
Zhao, Xiangyu [3 ]
Yuan, Chunfeng [1 ]
Li, Qing [2 ]
Huang, Yihua [1 ]
机构
[1] Nanjing Univ, State Key Lab Novel Software Technol, Nanjing, Peoples R China
[2] Hong Kong Polytech Univ, Hong Kong, Peoples R China
[3] City Univ Hong Kong, Hong Kong, Peoples R China
来源
PROCEEDINGS OF THE 28TH ACM SIGKDD CONFERENCE ON KNOWLEDGE DISCOVERY AND DATA MINING, KDD 2022 | 2022年
基金
中国国家自然科学基金;
关键词
Adversarial Attacks; Recommender Systems; Black-box Attacks; Knowledge Graph; Reinforcement Learning;
D O I
10.1145/3534678.3539359
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Recent studies have shown that deep neural networks-based recommender systems are vulnerable to adversarial attacks, where attackers can inject carefully crafted fake user profiles (i.e., a set of items that fake users have interacted with) into a target recommender system to achieve malicious purposes, such as promote or demote a set of target items. Due to the security and privacy concerns, it is more practical to perform adversarial attacks under the black-box setting, where the architecture/parameters and training data of target systems cannot be easily accessed by attackers. However, generating high-quality fake user profiles under black-box setting is rather challenging with limited resources to target systems. To address this challenge, in this work, we introduce a novel strategy by leveraging items' attribute information (i.e., items' knowledge graph), which can be publicly accessible and provide rich auxiliary knowledge to enhance the generation of fake user profiles. More specifically, we propose a knowledge graph-enhanced black-box attacking framework (KGAttack) to effectively learn attacking policies through deep reinforcement learning techniques, in which knowledge graph is seamlessly integrated into hierarchical policy networks to generate fake user profiles for performing adversarial black-box attacks. Comprehensive experiments on various real-world datasets demonstrate the effectiveness of the proposed attacking framework under the black-box setting.
引用
收藏
页码:108 / 117
页数:10
相关论文
共 40 条
[1]   kgbench: A Collection of Knowledge Graph Datasets for Evaluating Relational and Multimodal Machine Learning [J].
Bloem, Peter ;
Wilcke, Xander ;
van Berkel, Lucas ;
de Boer, Victor .
SEMANTIC WEB, ESWC 2021, 2021, 12731 :614-630
[2]  
Bordes A., 2013, ADV NEURAL INFORM PR, P2787
[3]  
Chen B, 2022, Arxiv, DOI [arXiv:2204.01390, DOI 10.1145/3630104]
[4]  
Cheng H. T., 2016, P 1 WORKSH DEEP LEAR, P7
[5]  
Cho K., 2014, COMPUT SCI
[6]   Adversarial Attacks on an Oblivious Recommender [J].
Christakopoulou, Konstantina ;
Banerjee, Arindam .
RECSYS 2019: 13TH ACM CONFERENCE ON RECOMMENDER SYSTEMS, 2019, :322-330
[7]   Graph Trend Filtering Networks for Recommendation [J].
Fan, Wenqi ;
Liu, Xiaorui ;
Jin, Wei ;
Zhao, Xiangyu ;
Tang, Jiliang ;
Li, Qing .
PROCEEDINGS OF THE 45TH INTERNATIONAL ACM SIGIR CONFERENCE ON RESEARCH AND DEVELOPMENT IN INFORMATION RETRIEVAL (SIGIR '22), 2022, :112-121
[8]  
Fan WQ, 2021, Arxiv, DOI arXiv:2108.03388
[9]   Attacking Black-box Recommendations via Copying Cross-domain User Profiles [J].
Fan, Wenqi ;
Derr, Tyler ;
Zhao, Xiangyu ;
Ma, Yao ;
Liu, Hui ;
Wang, Jianping ;
Tang, Jiliang ;
Li, Qing .
2021 IEEE 37TH INTERNATIONAL CONFERENCE ON DATA ENGINEERING (ICDE 2021), 2021, :1583-1594
[10]   Deep Social Collaborative Filtering [J].
Fan, Wenqi ;
Ma, Yao ;
Yin, Dawei ;
Wang, Jianping ;
Tang, Jiliang ;
Li, Qing .
RECSYS 2019: 13TH ACM CONFERENCE ON RECOMMENDER SYSTEMS, 2019, :305-313