Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
119 tokens/sec
GPT-4o
56 tokens/sec
Gemini 2.5 Pro Pro
43 tokens/sec
o3 Pro
6 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Adversarial Item Promotion on Visually-Aware Recommender Systems by Guided Diffusion (2312.15826v4)

Published 25 Dec 2023 in cs.IR

Abstract: Visually-aware recommender systems have found widespread application in domains where visual elements significantly contribute to the inference of users' potential preferences. While the incorporation of visual information holds the promise of enhancing recommendation accuracy and alleviating the cold-start problem, it is essential to point out that the inclusion of item images may introduce substantial security challenges. Some existing works have shown that the item provider can manipulate item exposure rates to its advantage by constructing adversarial images. However, these works cannot reveal the real vulnerability of visually-aware recommender systems because (1) The generated adversarial images are markedly distorted, rendering them easily detectable by human observers; (2) The effectiveness of the attacks is inconsistent and even ineffective in some scenarios. To shed light on the real vulnerabilities of visually-aware recommender systems when confronted with adversarial images, this paper introduces a novel attack method, IPDGI (Item Promotion by Diffusion Generated Image). Specifically, IPDGI employs a guided diffusion model to generate adversarial samples designed to deceive visually-aware recommender systems. Taking advantage of accurately modeling benign images' distribution by diffusion models, the generated adversarial images have high fidelity with original images, ensuring the stealth of our IPDGI. To demonstrate the effectiveness of our proposed methods, we conduct extensive experiments on two commonly used e-commerce recommendation datasets (Amazon Beauty and Amazon Baby) with several typical visually-aware recommender systems. The experimental results show that our attack method has a significant improvement in both the performance of promoting the long-tailed (i.e., unpopular) items and the quality of generated adversarial images.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (51)
  1. Fashion DNA: merging content and sales data for recommendation and article mapping. arXiv preprint arXiv:1609.02489 (2016).
  2. Attentive collaborative filtering: Multimedia recommendation with item-and component-level attention. In Proceedings of the 40th International ACM SIGIR conference on Research and Development in Information Retrieval. 335–344.
  3. Tada: trend alignment with dual-attention multi-task recurrent neural networks for sales prediction. In 2018 IEEE international conference on data mining (ICDM). IEEE, 49–58.
  4. An Image Dataset for Benchmarking Recommender Systems with Raw Pixels. arXiv preprint arXiv:2309.06789 (2023).
  5. A black-box attack model for visually-aware recommender systems. In Proceedings of the 14th ACM International Conference on Web Search and Data Mining. 94–102.
  6. Prafulla Dhariwal and Alexander Nichol. 2021. Diffusion models beat gans on image synthesis. Advances in neural information processing systems 34 (2021), 8780–8794.
  7. Taamr: Targeted adversarial attack against multimedia recommender systems. In 2020 50th Annual IEEE/IFIP international conference on dependable systems and networks workshops (DSN-W). IEEE, 1–8.
  8. Sequential Recommendation with Diffusion Models. arXiv preprint arXiv:2304.04541 (2023).
  9. Adversarial examples that fool both computer vision and time-limited humans. Advances in neural information processing systems 31 (2018).
  10. Generative adversarial networks. Commun. ACM 63, 11 (2020), 139–144.
  11. Deep residual learning for image recognition. In Proceedings of the IEEE conference on computer vision and pattern recognition. 770–778.
  12. Ruining He and Julian McAuley. 2016. VBPR: visual bayesian personalized ranking from implicit feedback. In Proceedings of the AAAI conference on artificial intelligence, Vol. 30.
  13. Neural collaborative filtering. In Proceedings of the 26th international conference on world wide web. 173–182.
  14. Gans trained by a two time-scale update rule converge to a local nash equilibrium. Advances in neural information processing systems 30 (2017).
  15. Denoising diffusion probabilistic models. Advances in neural information processing systems 33 (2020), 6840–6851.
  16. Large scale visual recommendations from street fashion images. In Proceedings of the 20th ACM SIGKDD international conference on Knowledge discovery and data mining. 1925–1934.
  17. Getting the look: clothing recognition and segmentation for automatic product suggestions in everyday photos. In Proceedings of the 3rd ACM conference on International conference on multimedia retrieval. 105–112.
  18. Visually-aware fashion recommendation and design with generative image models. In 2017 IEEE international conference on data mining (ICDM). IEEE, 207–216.
  19. Diederik P Kingma and Jimmy Ba. 2014. Adam: A method for stochastic optimization. arXiv preprint arXiv:1412.6980 (2014).
  20. Diederik P Kingma and Max Welling. 2013. Auto-encoding variational bayes. arXiv preprint arXiv:1312.6114 (2013).
  21. Comparative deep learning of hybrid representations for image recommendations. In Proceedings of the IEEE conference on computer vision and pattern recognition. 2545–2553.
  22. Lightweight self-attentive sequential recommendation. In Proceedings of the 30th ACM International Conference on Information & Knowledge Management. 967–977.
  23. DiffuRec: A Diffusion Model for Sequential Recommendation. arXiv preprint arXiv:2304.00686 (2023).
  24. Zhuoran Liu and Martha Larson. 2021. Adversarial item promotion: Vulnerabilities at the core of top-n recommenders that use images to address cold start. In Proceedings of the Web Conference 2021. 3590–3602.
  25. A survey on adversarial attacks in computer vision: Taxonomy, visualization and future directions. Computers & Security (2022), 102847.
  26. Bayesian leave-one-out cross-validation for large data. In International Conference on Machine Learning. PMLR, 4244–4253.
  27. Image-based recommendations on styles and substitutes. In Proceedings of the 38th international ACM SIGIR conference on research and development in information retrieval. 43–52.
  28. James Neve and Ryan McConville. 2020. ImRec: Learning reciprocal preferences using images. In Proceedings of the 14th ACM Conference on Recommender Systems. 170–179.
  29. A survey of machine unlearning. arXiv preprint arXiv:2209.02299 (2022).
  30. Pytorch: An imperative style, high-performance deep learning library. Advances in neural information processing systems 32 (2019).
  31. Rethinking the item order in session-based recommendation with graph neural networks. In Proceedings of the 28th ACM international conference on information and knowledge management. 579–588.
  32. Gag: Global attributed graph neural network for streaming session-based recommendation. In Proceedings of the 43rd International ACM SIGIR Conference on Research and Development in Information Retrieval. 669–678.
  33. Semi-decentralized Federated Ego Graph Learning for Recommendation. In Proceedings of the ACM Web Conference 2023. 339–348.
  34. BPR: Bayesian personalized ranking from implicit feedback. arXiv preprint arXiv:1205.2618 (2012).
  35. Imagenet large scale visual recognition challenge. International journal of computer vision 115 (2015), 211–252.
  36. Methods and metrics for cold-start recommendations. In Proceedings of the 25th annual international ACM SIGIR conference on Research and development in information retrieval. 253–260.
  37. Karen Simonyan and Andrew Zisserman. 2014. Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556 (2014).
  38. Deep unsupervised learning using nonequilibrium thermodynamics. In International conference on machine learning. PMLR, 2256–2265.
  39. Adversarial training towards robust multimedia recommender system. IEEE Transactions on Knowledge and Data Engineering 32, 5 (2019), 855–867.
  40. Learning visual clothing style with heterogeneous dyadic co-occurrences. In Proceedings of the IEEE international conference on computer vision. 4642–4650.
  41. Diffusion Recommender Model. arXiv preprint arXiv:2304.04971 (2023).
  42. Hypergraph contrastive collaborative filtering. In Proceedings of the 45th International ACM SIGIR conference on research and development in information retrieval. 70–79.
  43. Diffusion models: A comprehensive survey of methods and applications. Comput. Surveys 56, 4 (2023), 1–39.
  44. Joint modeling of users’ interests and mobility patterns for point-of-interest recommendation. In Proceedings of the 23rd ACM international conference on Multimedia. 819–822.
  45. LCARS: A spatial item recommender system. ACM Transactions on Information Systems (TOIS) 32, 3 (2014), 1–37.
  46. Manipulating Federated Recommender Systems: Poisoning with Synthetic Users and Its Countermeasures. arXiv preprint arXiv:2304.03054 (2023).
  47. Manipulating Visually-aware Federated Recommender Systems and Its Countermeasures. ACM Transactions on Information Systems (2023).
  48. Adversarial attacks beyond the image space. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition. 4302–4311.
  49. Graph embedding for recommendation against attribute inference attacks. In Proceedings of the Web Conference 2021. 3002–3014.
  50. Pipattack: Poisoning federated recommender systems for manipulating item promotion. In Proceedings of the Fifteenth ACM International Conference on Web Search and Data Mining. 1415–1423.
  51. A revisiting study of appropriate offline evaluation for top-N recommendation algorithms. ACM Transactions on Information Systems 41, 2 (2022), 1–41.
User Edit Pencil Streamline Icon: https://streamlinehq.com
Authors (6)
  1. Lijian Chen (4 papers)
  2. Wei Yuan (110 papers)
  3. Tong Chen (200 papers)
  4. Guanhua Ye (26 papers)
  5. Quoc Viet Hung Nguyen (57 papers)
  6. Hongzhi Yin (210 papers)
Citations (5)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now