Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
194 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
46 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Shilling Black-box Review-based Recommender Systems through Fake Review Generation (2306.16526v1)

Published 27 Jun 2023 in cs.IR, cs.LG, and cs.SI

Abstract: Review-Based Recommender Systems (RBRS) have attracted increasing research interest due to their ability to alleviate well-known cold-start problems. RBRS utilizes reviews to construct the user and items representations. However, in this paper, we argue that such a reliance on reviews may instead expose systems to the risk of being shilled. To explore this possibility, in this paper, we propose the first generation-based model for shilling attacks against RBRSs. Specifically, we learn a fake review generator through reinforcement learning, which maliciously promotes items by forcing prediction shifts after adding generated reviews to the system. By introducing the auxiliary rewards to increase text fluency and diversity with the aid of pre-trained LLMs and aspect predictors, the generated reviews can be effective for shilling with high fidelity. Experimental results demonstrate that the proposed framework can successfully attack three different kinds of RBRSs on the Amazon corpus with three domains and Yelp corpus. Furthermore, human studies also show that the generated reviews are fluent and informative. Finally, equipped with Attack Review Generators (ARGs), RBRSs with adversarial training are much more robust to malicious reviews.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (61)
  1. Gediminas Adomavicius and Alexander Tuzhilin. 2005. Toward the next generation of recommender systems: A survey of the state-of-the-art and possible extensions. IEEE Trans Knowl Data Eng (2005), 734–749.
  2. Few-Shot Learning for Opinion Summarization. In EMNLP. 4119–4135.
  3. Learning Opinion Summarizers by Selecting Informative Reviews. In EMNLP. 9424–9442.
  4. Classification Features for Attack Detection in Collaborative Recommender Systems. In KDD. 542–547.
  5. Neural Attentional Rating Regression with Review-Level Explanations. In WWW. 1583–1592.
  6. Knowledge-Enhanced Black-Box Attacks for Recommendations. In KDD. 108–117.
  7. Reinforcement Recommendation with User Multi-Aspect Preference. In WWW. 425–435.
  8. Zunping Cheng and Neil Hurley. 2009. Effective Diverse and Obfuscated Attacks on Model-Based Recommender Systems. In RecSys. 141–148.
  9. A black-box attack model for visually-aware recommender systems. In WSDM.
  10. Nan Ding and Radu Soricut. 2017. Cold-Start Reinforcement Learning with Softmax Policy Gradient. In NeurIPS.
  11. ReGen: Reinforcement Learning for Text and Knowledge Base Generation using Pretrained Language Models. In EMNLP. 1084–1099.
  12. Asymmetrical Hierarchical Networks with Attentive Interactions for Interpretable Review-Based Recommendation. AAAI (2020), 7667–7674.
  13. Benchmarking Adversarial Robustness on Image Classification. In CVPR.
  14. HotFlip: White-Box Adversarial Examples for Text Classification. In ACL. 31–36.
  15. Influence Function Based Data Poisoning Attacks to Top-N Recommender Systems. In WWW. 3019–3025.
  16. Poisoning Attacks to Graph-Based Recommender Systems. In ACSAC. 381–392.
  17. Set-Sequence-Graph: A Multi-View Approach Towards Exploiting Reviews for Recommendation. In CIKM. 395–404.
  18. Shilling attacks against recommender systems: a comprehensive survey. Artif. Intell. Rev. (2014).
  19. PETGEN: Personalized Text Generation Attack on Deep Sequence Embedding-Based Classification Models. In KDD. 575–584.
  20. An Unsupervised Neural Attention Model for Aspect Extraction. In ACL. 388–397.
  21. Data Poisoning Attacks to Deep Learning Based Recommender Systems. In NDSS.
  22. Fact-Checking Reasoning System for Fake Review Detection Using Answer Set Programming. Algorithms 14 (2021), 190.
  23. Parneet Kaur and Shivani Goel. 2016. Shilling attack models in recommender system. In ICICT, Vol. 2. 1–5.
  24. Shyong K. Lam and John Riedl. 2004. Shilling Recommender Systems for Fun and Profit. In WWW. 393–402.
  25. Juha Leino and Kari-Jouko Räihä. 2007. Case Amazon: Ratings and Reviews as Part of Recommendations. In RecSys. 137–140.
  26. Data Poisoning Attacks on Factorization-Based Collaborative Filtering. In NeurIPS, Vol. 29.
  27. TextBugger: Generating Adversarial Text Against Real-world Applications. In NDSS.
  28. Attacking recommender systems with augmented user profiles. In CIKM.
  29. Shilling Black-Box Recommender Systems by Learning to Generate Fake User Profiles. IEEE Trans. Neural Netw. Learn. Syst. (2022), 1–15.
  30. Chin-Yew Lin. 2004. ROUGE: A Package for Automatic Evaluation of Summaries. In Text Summarization Branches Out. 74–81.
  31. DAML: Dual Attention Mutual Learning between Ratings and Reviews for Item Recommendation. In KDD. 344–352.
  32. NRPA: Neural Recommendation with Personalized Attention. In SIGIR. 1233–1236.
  33. A Learning-Exploring Method to Generate Diverse Paraphrases with Multi-Objective Deep Reinforcement Learning. In CICLing. 2310–2321.
  34. Context-Aware Scene Graph Generation With Seq2Seq Transformers. In ICCV. 15931–15941.
  35. Review-Aware Neural Recommendation with Cross-Modality Mutual Attention. In CIKM. 3293–3297.
  36. Toward Trustworthy Recommender Systems: An Analysis of Attack Models and Algorithm Robustness. ACM Trans. Internet Technol. (2007), 23–es.
  37. TextAttack: A Framework for Adversarial Attacks in Natural Language Processing. CoRR.
  38. Jianmo Ni and Julian McAuley. 2018. Personalized Review Generation By Expanding Phrases and Attending on Aspect-Aware Representations. In ACL. 706–711.
  39. John O’Donovan and Barry Smyth. 2006. Is Trust Robust? An Analysis of Trust-Based Recommendation. In IUI. 101–108.
  40. Unorganized Malicious Attacks Detection. In NeurIPS, Vol. 31.
  41. Himangshu Paul and Alexander Nikolaev. 2021. Fake review detection on online E-commerce platforms: a systematic literature review. Data Min Knowl Discov 35 (2021), 1830–1881.
  42. Language models are unsupervised multitask learners. OpenAI blog.
  43. Self-critical sequence training for image captioning. In CVPR.
  44. Recommender systems: introduction and challenges. In Recommender systems handbook. 1–34.
  45. A Review-Aware Graph Contrastive Learning Framework for Recommendation. In SIGIR. 1283–1293.
  46. PoisonRec: An Adaptive Data Poisoning Framework for Attacking Black-box Recommender Systems. In ICDE. 157–168.
  47. An Unsupervised Aspect-Aware Recommendation Model with Explanation Text Generation. ACM Trans. Inf. Syst. (2021).
  48. Policy Gradient Methods for Reinforcement Learning with Function Approximation. In NeurIPS.
  49. Attention is All you Need. In NeurIPS, Vol. 30.
  50. Universal Adversarial Triggers for Attacking and Analyzing NLP. In EMNLP-IJCNLP. 2153–2162.
  51. FdGars: Fraudster Detection via Graph Convolutional Networks in Online App Review System. In WWW. 310–316.
  52. Identification of fake reviews using semantic and behavioral features. In ICIM. 92–97.
  53. Debiasing Learning for Membership Inference Attacks Against Recommender Systems. In KDD. 1959–1968.
  54. Ronald J. Williams. 1992. Simple Statistical Gradient-Following Algorithms for Connectionist Reinforcement Learning. Mach. Learn. 8 (1992), 229–256.
  55. Triple Adversarial Learning for Influence Based Poisoning Attack in Recommender Systems. In KDD. 1830–1840.
  56. Reviews Meet Graphs: Enhancing User and Item Representations for Recommendation with Hierarchical Attentive Graph Neural Network. In EMNLP-IJCNLP. 4884–4893.
  57. Exact Adversarial Attack to Image Captioning via Structured Output Learning With Latent Variables. In CVPR.
  58. Black-Box Attacks on Sequential Recommenders via Data-Free Model Extraction. In RecSys.
  59. Data Poisoning Attack against Recommender System Using Incomplete and Perturbed Data. In KDD. 2154–2164.
  60. Deep learning based recommender system: A survey and new perspectives. CSUR (2019), 1–38.
  61. Joint Deep Modeling of Users and Items Using Reviews for Recommendation. In WSDM. 425–434.
Citations (7)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now