Practical Cross-System Shilling Attacks with Limited Access to Data

Authors

  • Meifang Zeng School of Informatics, Xiamen University
  • Ke Li PLA Strategic Support Force Information Engineering University
  • Bingchuan Jiang PLA Strategic Support Force Information Engineering University
  • Liujuan Cao School of Informatics, Xiamen University
  • Hui Li School of Informatics, Xiamen University

DOI:

https://doi.org/10.1609/aaai.v37i4.25612

Keywords:

DMKM: Recommender Systems, APP: Security

Abstract

In shilling attacks, an adversarial party injects a few fake user profiles into a Recommender System (RS) so that the target item can be promoted or demoted. Although much effort has been devoted to developing shilling attack methods, we find that existing approaches are still far from practical. In this paper, we analyze the properties a practical shilling attack method should have and propose a new concept of Cross-system Attack. With the idea of Cross-system Attack, we design a Practical Cross-system Shilling Attack (PC-Attack) framework that requires little information about the victim RS model and the target RS data for conducting attacks. PC-Attack is trained to capture graph topology knowledge from public RS data in a self-supervised manner. Then, it is fine-tuned on a small portion of target data that is easy to access to construct fake profiles. Extensive experiments have demonstrated the superiority of PC-Attack over state-of-the-art baselines. Our implementation of PC-Attack is available at https://github.com/KDEGroup/PC-Attack.
AAAI-23 Proceedings Cover

Downloads

Published

2023-06-26

How to Cite

Zeng, M., Li, K., Jiang, B., Cao, L., & Li, H. (2023). Practical Cross-System Shilling Attacks with Limited Access to Data. Proceedings of the AAAI Conference on Artificial Intelligence, 37(4), 4864-4874. https://doi.org/10.1609/aaai.v37i4.25612

Issue

Vol. 37 No. 4: AAAI-23 Technical Tracks 4

Section

AAAI Technical Track on Data Mining and Knowledge Management