Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
169 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Towards Robust Recommendation: A Review and an Adversarial Robustness Evaluation Library (2404.17844v1)

Published 27 Apr 2024 in cs.IR

Abstract: Recently, recommender system has achieved significant success. However, due to the openness of recommender systems, they remain vulnerable to malicious attacks. Additionally, natural noise in training data and issues such as data sparsity can also degrade the performance of recommender systems. Therefore, enhancing the robustness of recommender systems has become an increasingly important research topic. In this survey, we provide a comprehensive overview of the robustness of recommender systems. Based on our investigation, we categorize the robustness of recommender systems into adversarial robustness and non-adversarial robustness. In the adversarial robustness, we introduce the fundamental principles and classical methods of recommender system adversarial attacks and defenses. In the non-adversarial robustness, we analyze non-adversarial robustness from the perspectives of data sparsity, natural noise, and data imbalance. Additionally, we summarize commonly used datasets and evaluation metrics for evaluating the robustness of recommender systems. Finally, we also discuss the current challenges in the field of recommender system robustness and potential future research directions. Additionally, to facilitate fair and efficient evaluation of attack and defense methods in adversarial robustness, we propose an adversarial robustness evaluation library--ShillingREC, and we conduct evaluations of basic attack models and recommendation models. ShillingREC project is released at https://github.com/chengleileilei/ShillingREC.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (95)
  1. T. T. Kaya and C. Kaleli, “Robustness analysis of multi-criteria top-n collaborative recommender system,” Arabian Journal for Science and Engineering, vol. 48, no. 8, pp. 10 189–10 212, 2023.
  2. X. He, Z. He, X. Du, and T.-S. Chua, “Adversarial personalized ranking for recommendation,” in The 41st International ACM SIGIR conference on research & development in information retrieval, 2018, pp. 355–364.
  3. X. Li and J. She, “Collaborative variational autoencoder for recommender systems,” in Proceedings of the 23rd ACM SIGKDD international conference on knowledge discovery and data mining, 2017, pp. 305–314.
  4. Y. Yang, C. Huang, L. Xia, and C. Li, “Knowledge graph contrastive learning for recommendation,” in Proceedings of the 45th International ACM SIGIR Conference on Research and Development in Information Retrieval, 2022, pp. 1434–1443.
  5. X. Chen, H. Liu, and D. Yang, “Improved lsh for privacy-aware and robust recommender system with sparse data in edge environment,” EURASIP Journal on Wireless Communications and Networking, vol. 2019, pp. 1–11, 2019.
  6. Y. Deldjoo, T. D. Noia, and F. A. Merra, “A survey on adversarial recommender systems: from attack/defense strategies to generative adversarial networks,” ACM Computing Surveys (CSUR), vol. 54, no. 2, pp. 1–38, 2021.
  7. J. Shouling, D. Tianyu, D. Shuiguang, C. Peng, S. Jie, Y. Min, and L. Bo, “A review of research on robustness of deep learning models,” Journal of Computer Science, vol. 45, no. 1, pp. 190–206, 2022.
  8. M. Si and Q. Li, “Shilling attacks against collaborative recommender systems: a review,” Artificial Intelligence Review, vol. 53, pp. 291–319, 2020.
  9. Y. Ge, S. Liu, Z. Fu, J. Tan, Z. Li, S. Xu, Y. Li, Y. Xian, and Y. Zhang, “A survey on trustworthy recommender systems,” arXiv preprint arXiv:2207.12515, 2022.
  10. W. Fan, X. Zhao, X. Chen, J. Su, J. Gao, L. Wang, Q. Liu, Y. Wang, H. Xu, L. Chen et al., “A comprehensive survey on trustworthy recommender systems,” arXiv preprint arXiv:2209.10117, 2022.
  11. M. P. O’Mahony, N. J. Hurley, and G. C. Silvestre, “Promoting recommendations: An attack on collaborative filtering,” in Database and Expert Systems Applications.   Springer, 2002, pp. 494–503.
  12. M. P. O’Mahony, “Towards robust and efficient automated collaborative filtering,” 2004.
  13. B. Li, Y. Wang, A. Singh, and Y. Vorobeychik, “Data poisoning attacks on factorization-based collaborative filtering,” in Advances in Neural Information Processing Systems, vol. 29.   Curran Associates, Inc., 2016.
  14. M. Fang, G. Yang, N. Z. Gong, and J. Liu, “Poisoning attacks to graph-based recommender systems,” in Proceedings of the 34th Annual Computer Security Applications Conference.   Association for Computing Machinery, 2018, pp. 381–392.
  15. C. Wu, D. Lian, Y. Ge, Z. Zhu, and E. Chen, “Triple adversarial learning for influence based poisoning attack in recommender systems,” in Proceedings of the 27th ACM SIGKDD Conference on Knowledge Discovery & Data Mining.   Association for Computing Machinery, 2021, pp. 1830–1840.
  16. H. Zhang, Y. Li, B. Ding, and J. Gao, “Practical data poisoning attack against next-item recommendation,” in Proceedings of The Web Conference 2020.   Association for Computing Machinery, 2020, pp. 2458–2464.
  17. J. Song, Z. Li, Z. Hu, Y. Wu, Z. Li, J. Li, and J. Gao, “Poisonrec: An adaptive data poisoning framework for attacking black-box recommender systems,” in 2020 IEEE 36th International Conference on Data Engineering (ICDE), 2020, pp. 157–168.
  18. S. K. Lam and J. Riedl, “Shilling recommender systems for fun and profit,” in Proceedings of the 13th International Conference on World Wide Web.   Association for Computing Machinery, 2004, pp. 393–402.
  19. B. Mobasher, R. Burke, R. Bhaumik, and C. Williams, “Toward trustworthy recommender systems: An analysis of attack models and algorithm robustness,” ACM Transactions on Internet Technology, vol. 7, no. 4, pp. 23–es, 2007.
  20. R. Burke, B. Mobasher, R. Bhaumik, and C. Williams, “Segment-based injection attacks against collaborative filtering recommender systems,” in Fifth IEEE International Conference on Data Mining (ICDM’05), 2005, pp. 4 pp.–.
  21. M. Fang, N. Z. Gong, and J. Liu, “Influence function based data poisoning attacks to top-n recommender systems,” in Proceedings of The Web Conference 2020.   Association for Computing Machinery, 2020, pp. 3019–3025.
  22. C. Wu, D. Lian, Y. Ge, Z. Zhu, and E. Chen, “Influence-driven data poisoning for robust recommender systems,” IEEE TRANSACTIONS ON PATTERN ANALYSIS AND MACHINE INTELLIGENCE, vol. 45, no. 10, 2023.
  23. J. Tang, H. Wen, and K. Wang, “Revisiting adversarially learned injection attacks against recommender systems,” in Fourteenth ACM Conference on Recommender Systems, 2020, pp. 318–327.
  24. H. Zhang, C. Tian, Y. Li, L. Su, N. Yang, W. X. Zhao, and J. Gao, “Data poisoning attack against recommender system using incomplete and perturbed data,” in Proceedings of the 27th ACM SIGKDD Conference on Knowledge Discovery & Data Mining.   Association for Computing Machinery, 2021, pp. 2154–2164.
  25. I. Goodfellow, J. Pouget-Abadie, M. Mirza, B. Xu, D. Warde-Farley, S. Ozair, A. Courville, and Y. Bengio, “Generative adversarial nets,” Advances in neural information processing systems, vol. 27, 2014.
  26. C. Lin, S. Chen, H. Li, Y. Xiao, L. Li, and Q. Yang, “Attacking recommender systems with augmented user profiles,” in Proceedings of the 29th ACM International Conference on Information & Knowledge Management.   ACM, 2020, pp. 855–864.
  27. X. Zhang, J. Chen, R. Zhang, C. Wang, and L. Liu, “Attacking recommender systems with plausible profile,” IEEE Transactions on Information Forensics and Security, vol. 16, pp. 4788–4800, 2021.
  28. F. Wu, M. Gao, J. Yu, Z. Wang, K. Liu, and X. Wang, “Ready for emerging threats to recommender systems? a graph convolution-based generative shilling attack,” Information Sciences, vol. 578, pp. 683–701, 2021.
  29. C. Lin, S. Chen, M. Zeng, S. Zhang, M. Gao, and H. Li, “Shilling black-box recommender systems by learning to generate fake user profiles,” IEEE Transactions on Neural Networks and Learning Systems, pp. 1–15, 2022.
  30. W. Fan, T. Derr, X. Zhao, Y. Ma, H. Liu, J. Wang, J. Tang, and Q. Li, “Attacking black-box recommendations via copying cross-domain user profiles,” in 2021 IEEE 37th International Conference on Data Engineering (ICDE).   IEEE, 2021, pp. 1583–1594.
  31. W. Zhou, J. Wen, Q. Xiong, M. Gao, and J. Zeng, “Svm-tia a shilling attack detection method based on svm and target item analysis in recommender systems,” Neurocomputing, vol. 210, pp. 197–205, 2016.
  32. C. Tong, X. Yin, J. Li, T. Zhu, R. Lv, L. Sun, and J. J. Rodrigues, “A shilling attack detector based on convolutional neural network for collaborative recommender system in social aware network,” The Computer Journal, vol. 61, no. 7, pp. 949–958, 2018.
  33. Q. Zhou, J. Wu, and L. Duan, “Recommendation attack detection based on deep learning,” Journal of Information Security and Applications, vol. 52, p. 102493, 2020.
  34. M. Ebrahimian and R. Kashef, “Detecting shilling attacks using hybrid deep learning models,” Symmetry, vol. 12, no. 11, p. 1805, 2020.
  35. B. Mehta and W. Nejdl, “Unsupervised strategies for shilling detection and robust collaborative filtering,” User Modeling and User-Adapted Interaction, vol. 19, pp. 65–97, 2009.
  36. Y. Zhang, Y. Tan, M. Zhang, Y. Liu, T.-S. Chua, and S. Ma, “Catch the black sheep: unified framework for shilling attack detection based on fraudulent action propagation,” in Twenty-fourth international joint conference on artificial intelligence, 2015.
  37. Y. Hao and F. Zhang, “An unsupervised detection method for shilling attacks based on deep learning and community detection,” Soft Computing, vol. 25, no. 1, pp. 477–494, 2021.
  38. Z. Wu, J. Wu, J. Cao, and D. Tao, “Hysad: A semi-supervised hybrid shilling attack detector for trustworthy product recommendation,” in Proceedings of the 18th ACM SIGKDD international conference on Knowledge discovery and data mining, 2012, pp. 985–993.
  39. Q. Zhou and L. Duan, “Semi-supervised recommendation attack detection based on co-forest,” Computers & Security, vol. 109, p. 102390, 2021.
  40. Y. Hao, G. Meng, J. Wang, and C. Zong, “A detection method for hybrid attacks in recommender systems,” Information Systems, vol. 114, p. 102154, 2023.
  41. Z. Cheng and N. Hurley, “Robust collaborative recommendation by least trimmed squares matrix factorization,” in 2010 22nd IEEE International Conference on Tools with Artificial Intelligence, vol. 2.   IEEE, 2010, pp. 105–112.
  42. H. Yi, F. Zhang, and J. Lan, “A robust collaborative recommendation algorithm based on k-distance and tukey m-estimator,” China Communications, vol. 11, no. 9, pp. 112–123, 2014.
  43. H. Yu, R. Gao, K. Wang, and F. Zhang, “A novel robust recommendation method based on kernel matrix factorization,” Journal of Intelligent & Fuzzy Systems, vol. 32, no. 3, pp. 2101–2109, 2017.
  44. S. S. Fadaee, M. S. Ghaemi, H. A. Soufiani, and R. Sundaram, “Chiron: A robust recommendation system with graph regularizer,” in Proceedings of the 10th International Conference on Computer Recognition Systems CORES 2017 10.   Springer, 2018, pp. 367–376.
  45. D. Wu, G. Lu, and Z. Xu, “Robust and accurate representation learning for high-dimensional and sparse matrices in recommender systems,” in 2020 IEEE International Conference on Knowledge Graph (ICKG).   IEEE, 2020, pp. 489–496.
  46. J. Wu, X. Wang, F. Feng, X. He, L. Chen, J. Lian, and X. Xie, “Self-supervised graph learning for recommendation,” in Proceedings of the 44th international ACM SIGIR conference on research and development in information retrieval, 2021, pp. 726–735.
  47. X. Zhu, Y. Du, Y. Mao, L. Chen, Y. Hu, and Y. Gao, “Knowledge-refined denoising network for robust recommendation,” arXiv preprint arXiv:2304.14987, 2023.
  48. Z. Fan, Z. Liu, H. Peng, and P. S. Yu, “Mutual wasserstein discrepancy minimization for sequential recommendation,” arXiv preprint arXiv:2301.12197, 2023.
  49. Y. Wu, C. DuBois, A. X. Zheng, and M. Ester, “Collaborative denoising auto-encoders for top-n recommender systems,” in Proceedings of the ninth ACM international conference on web search and data mining, 2016, pp. 153–162.
  50. F. Yuan, L. Yao, and B. Benatallah, “Adversarial collaborative neural network for robust recommendation,” in Proceedings of the 42nd International ACM SIGIR Conference on Research and Development in Information Retrieval, 2019, pp. 1065–1068.
  51. H. Chen and J. Li, “Adversarial tensor factorization for context-aware recommendation,” in Proceedings of the 13th ACM Conference on Recommender Systems, 2019, pp. 363–367.
  52. C. Wu, D. Lian, Y. Ge, Z. Zhu, E. Chen, and S. Yuan, “Fight fire with fire: towards robust recommender systems via adversarial poisoning training,” in Proceedings of the 44th International ACM SIGIR Conference on Research and Development in Information Retrieval, 2021, pp. 1074–1083.
  53. J. Tang, X. Du, X. He, F. Yuan, Q. Tian, and T.-S. Chua, “Adversarial training towards robust multimedia recommender system,” IEEE Transactions on Knowledge and Data Engineering, vol. 32, no. 5, pp. 855–867, 2019.
  54. A. Paul, Z. Wu, K. Liu, and S. Gong, “Robust multi-objective visual bayesian personalized ranking for multimedia recommendation,” Applied Intelligence, pp. 1–12, 2022.
  55. Z. Zhang, W. Zhao, J. Yang, S. Nepal, C. Paris, and B. Li, “Exploiting users’ rating behaviour to enhance the robustness of social recommendation,” in Web Information Systems Engineering–WISE 2017: 18th International Conference, Puschino, Russia, October 7-11, 2017, Proceedings, Part II 18.   Springer, 2017, pp. 467–475.
  56. Y. Quan, J. Ding, C. Gao, L. Yi, D. Jin, and Y. Li, “Robust preference-guided denoising for graph based social recommendation,” in Proceedings of the ACM Web Conference 2023, 2023, pp. 1097–1108.
  57. T. Wang, L. Xia, and C. Huang, “Denoised self-augmented learning for social recommendation,” arXiv preprint arXiv:2305.12685, 2023.
  58. D. Jia, F. Zhang, and S. Liu, “A robust collaborative filtering recommendation algorithm based on multidimensional trust model.” J. Softw., vol. 8, no. 1, pp. 11–18, 2013.
  59. D. Jia and F. Zhang, “A robust collaborative recommendation algorithm incorporating trustworthy neighborhood model.” J. Comput., vol. 9, no. 10, pp. 2328–2334, 2014.
  60. M. Gao, B. Ling, Q. Yuan, Q. Xiong, L. Yang et al., “A robust collaborative filtering approach based on user relationships for recommendation systems,” Mathematical Problems in Engineering, vol. 2014, 2014.
  61. H. Yi and F. Zhang, “Robust recommendation method based on suspicious users measurement and multidimensional trust,” Journal of Intelligent Information Systems, vol. 46, no. 2, pp. 349–367, 2016.
  62. H. Yu, L. Sun, and F. Zhang, “A robust bayesian probabilistic matrix factorization model for collaborative filtering recommender systems based on user anomaly rating behavior detection.” KSII Transactions on Internet & Information Systems, vol. 13, no. 9, 2019.
  63. S. Zhang, H. Yin, T. Chen, Q. V. N. Hung, Z. Huang, and L. Cui, “Gcn-based user representation learning for unifying robust recommendation and fraudster detection,” in Proceedings of the 43rd international ACM SIGIR conference on research and development in information retrieval, 2020, pp. 689–698.
  64. Q. Wang, D. Lian, C. Wu, and E. Chen, “Towards robust recommender systems via triple cooperative defense,” in International Conference on Web Information Systems Engineering.   Springer, 2022, pp. 564–578.
  65. X. Chen, H. Liu, Y. Xu, and C. Yan, “Robust and privacy-preserving service recommendation over sparse data in education,” Wireless Communications and Mobile Computing, vol. 2019, 2019.
  66. Z. Gantner, L. Drumond, C. Freudenthaler, and L. Schmidt-Thieme, “Personalized ranking for non-uniformly sampled items,” in Proceedings of KDD Cup 2011.   PMLR, 2012, pp. 231–247.
  67. W. Zhang, T. Chen, J. Wang, and Y. Yu, “Optimizing top-n collaborative filtering via dynamic negative item sampling,” in Proceedings of the 36th international ACM SIGIR conference on Research and development in information retrieval, 2013, pp. 785–788.
  68. Z. Wang, Q. Xu, Z. Yang, X. Cao, and Q. Huang, “Implicit feedbacks are not always favorable: Iterative relabeled one-class collaborative filtering against noisy interactions,” in Proceedings of the 29th ACM International Conference on Multimedia, 2021, pp. 3070–3078.
  69. Q. Zhu, H. Zhang, Q. He, and Z. Dou, “A gain-tuning dynamic negative sampler for recommendation,” in Proceedings of the ACM Web Conference 2022, 2022, pp. 277–285.
  70. Y. Gao, Y. Du, Y. Hu, L. Chen, X. Zhu, Z. Fang, and B. Zheng, “Self-guided learning to denoise for robust recommendation,” in Proceedings of the 45th International ACM SIGIR Conference on Research and Development in Information Retrieval, 2022, pp. 1412–1422.
  71. J. Chen, D. Lian, and K. Zheng, “Improving one-class collaborative filtering via ranking-based implicit regularizer,” in Proceedings of the AAAI Conference on artificial intelligence, vol. 33, no. 01, 2019, pp. 37–44.
  72. W. Wang, F. Feng, X. He, L. Nie, and T.-S. Chua, “Denoising implicit feedback for recommendation,” in Proceedings of the 14th ACM international conference on web search and data mining, 2021, pp. 373–381.
  73. Y. Wang, X. Xin, Z. Meng, J. M. Jose, F. Feng, and X. He, “Learning robust recommenders through cross-model agreement,” in Proceedings of the ACM Web Conference 2022, 2022, pp. 2015–2025.
  74. Z. Wang, M. Gao, W. Li, J. Yu, L. Guo, and H. Yin, “Efficient bi-level optimization for recommendation denoising,” in Proceedings of the 29th ACM SIGKDD Conference on Knowledge Discovery and Data Mining, 2023, pp. 2502–2511.
  75. P. Yang, P. Zhao, V. W. Zheng, L. Ding, and X. Gao, “Robust asymmetric recommendation via min-max optimization,” in The 41st International ACM SIGIR Conference on Research & Development in Information Retrieval, 2018, pp. 1077–1080.
  76. F. M. Harper and J. A. Konstan, “The movielens datasets: History and context,” Acm transactions on interactive intelligent systems (tiis), vol. 5, no. 4, pp. 1–19, 2015.
  77. J. Tang, H. Gao, H. Liu, and A. Das Sarma, “etrust: Understanding trust evolution in an online world,” in Proceedings of the 18th ACM SIGKDD international conference on Knowledge discovery and data mining, 2012, pp. 253–261.
  78. G. Guo, J. Zhang, and N. Yorke-Smith, “A novel bayesian similarity measure for recommender systems,” in Proceedings of the Twenty-Third International Joint Conference on Artificial Intelligence, ser. IJCAI ’13.   AAAI Press, 2013, p. 2619–2625.
  79. G. Guo, J. Zhang, D. Thalmann, and N. Yorke-Smith, “Etaf: An extended trust antecedents framework for trust prediction,” in Proceedings of the 2014 International Conference on Advances in Social Networks Analysis and Mining (ASONAM), 2014, pp. 540–547.
  80. C.-N. Ziegler, S. M. McNee, J. A. Konstan, and G. Lausen, “Improving recommendation lists through topic diversification,” in Proceedings of the 14th international conference on World Wide Web, 2005, pp. 22–32.
  81. X. Geng, H. Zhang, J. Bian, and T.-S. Chua, “Learning image and user features for recommendation in social networks,” in Proceedings of the IEEE international conference on computer vision, 2015, pp. 4274–4282.
  82. E. Cho, S. A. Myers, and J. Leskovec, “Friendship and mobility: user movement in location-based social networks,” in Proceedings of the 17th ACM SIGKDD international conference on Knowledge discovery and data mining, 2011, pp. 1082–1090.
  83. J. A. Gulla, L. Zhang, P. Liu, Ö. Özgöbek, and X. Su, “The adressa dataset for news recommendation,” in Proceedings of the international conference on web intelligence, 2017, pp. 1042–1048.
  84. F. Wang, H. Zhu, G. Srivastava, S. Li, M. R. Khosravi, and L. Qi, “Robust collaborative filtering recommendation with user-item-trust records,” IEEE Transactions on Computational Social Systems, vol. 9, no. 4, pp. 986–996, 2021.
  85. Y. Li, H. Chen, J. Tan, and Y. Zhang, “Causal factorization machine for robust recommendation,” in Proceedings of the 22nd ACM/IEEE Joint Conference on Digital Libraries, 2022, pp. 1–9.
  86. Q. Fulan, Y. Ruxia, Z. Shu, and Z. Yanping, “Robust recommendation algorithm using an iterative group-based reputation,” in 2018 IEEE 3rd International Conference on Cloud Computing and Big Data Analysis (ICCCBDA).   IEEE, 2018, pp. 62–70.
  87. G. Noh and H. Oh, “Auro-rec: An unsupervised and robust sybil attack defense in online recommender systems,” in 2015 SAI Intelligent Systems Conference (IntelliSys).   IEEE, 2015, pp. 1017–1024.
  88. P. Kaur and S. Goel, “Shilling attack models in recommender system,” in 2016 International conference on inventive computation technologies (ICICT), vol. 2.   IEEE, 2016, pp. 1–5.
  89. C. Wu, R. Zhang, J. Guo, Y. Fan, and X. Cheng, “Are neural ranking models robust?” ACM Transactions on Information Systems, vol. 41, no. 2, pp. 1–36, 2022.
  90. CHANGSHENG. WANG, J. Ye, W. Wang, C. Gao, F. Feng, and X. He, “Recad: Towards a unified library for recommender attack and defense,” in Proceedings of the 17th ACM Conference on Recommender Systems.   Association for Computing Machinery, 2023, pp. 234–244.
  91. Z. Wang, M. Gao, J. Yu, H. Ma, H. Yin, and S. Sadiq, “Poisoning attacks against recommender systems: A survey,” 2024.
  92. Y. Koren, R. Bell, and C. Volinsky, “Matrix factorization techniques for recommender systems,” Computer, vol. 42, no. 8, pp. 30–37, 2009.
  93. X. He, L. Liao, H. Zhang, L. Nie, X. Hu, and T.-S. Chua, “Neural collaborative filtering,” in Proceedings of the 26th International Conference on World Wide Web.   International World Wide Web Conferences Steering Committee, 2017, pp. 173–182.
  94. X. He, K. Deng, X. Wang, Y. Li, Y. Zhang, and M. Wang, “Lightgcn: Simplifying and powering graph convolution network for recommendation,” in Proceedings of the 43rd International ACM SIGIR Conference on Research and Development in Information Retrieval.   Association for Computing Machinery, 2020, pp. 639–648.
  95. Y. Lai, Y. Zhu, W. Fan, X. Zhang, and K. Zhou, “Towards adversarially robust recommendation from adaptive fraudster detection,” IEEE Transactions on Information Forensics and Security, pp. 1–1, 2023.

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now