Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
153 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Toward Robust Recommendation via Real-time Vicinal Defense (2309.17278v1)

Published 29 Sep 2023 in cs.LG, cs.CR, and cs.IR

Abstract: Recommender systems have been shown to be vulnerable to poisoning attacks, where malicious data is injected into the dataset to cause the recommender system to provide biased recommendations. To defend against such attacks, various robust learning methods have been proposed. However, most methods are model-specific or attack-specific, making them lack generality, while other methods, such as adversarial training, are oriented towards evasion attacks and thus have a weak defense strength in poisoning attacks. In this paper, we propose a general method, Real-time Vicinal Defense (RVD), which leverages neighboring training data to fine-tune the model before making a recommendation for each user. RVD works in the inference phase to ensure the robustness of the specific sample in real-time, so there is no need to change the model structure and training process, making it more practical. Extensive experimental results demonstrate that RVD effectively mitigates targeted poisoning attacks across various models without sacrificing accuracy. Moreover, the defensive effect can be further amplified when our method is combined with other strategies.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (35)
  1. Robust matrix factorization for collaborative filtering in recommender systems. In 2017 51st Asilomar Conference on Signals, Systems, and Computers.
  2. A Little Is Enough: Circumventing Defenses For Distributed Learning. In CoRR.
  3. Strong data augmentation sanitizes poisoning and backdoor attacks without an accuracy tradeoff. In ICASSP 2021-2021 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).
  4. Mitigating evasion attacks to deep neural networks via region-based classification. In Proceedings of the 33rd Annual Computer Security Applications Conference.
  5. Robust collaborative recommendation by least trimmed squares matrix factorization. In 2010 22nd IEEE International Conference on Tools with Artificial Intelligence.
  6. Local Model Poisoning Attacks to Byzantine-Robust Federated Learning. In CoRR.
  7. Influence function based data poisoning attacks to top-n recommender systems. In Proceedings of The Web Conference 2020.
  8. Poisoning attacks to graph-based recommender systems. In Proceedings of the 34th annual computer security applications conference.
  9. Random-Walk Computation of Similarities between Nodes of a Graph with Application to Collaborative Recommendation. In IEEE Transactions on Knowledge and Data Engineering.
  10. FilmTrust: movie recommendations using trust in web-based social networks. In CCNC 2006. 2006 3rd IEEE Consumer Communications and Networking Conference, 2006.
  11. Generative Adversarial Networks.
  12. GroupLens. 1998. MovieLens 100K Dataset.
  13. GroupLens. 2003. MovieLens 1M Dataset.
  14. LightGCN: Simplifying and Powering Graph Convolution Network for Recommendation.
  15. Adversarial personalized ranking for recommendation. In The 41st International ACM SIGIR conference on research & development in information retrieval.
  16. Model Inversion Attacks against Collaborative Inference. In Proceedings of the 35th Annual Computer Security Applications Conference.
  17. Model inversion attacks for prediction systems: Without knowledge of non-sensitive attributes. In 2017 15th Annual Conference on Privacy, Security and Trust (PST).
  18. In Matrix Factorization Techniques for Recommender Systems.
  19. Shilling recommender systems for fun and profit. In Proceedings of the 13th international conference on World Wide Web.
  20. Data poisoning attacks on factorization-based collaborative filtering. In Advances in neural information processing systems.
  21. Attacking recommender systems with augmented user profiles. In Proceedings of the 29th ACM international conference on information & knowledge management.
  22. Heterogeneous Global Graph Neural Networks for Personalized Session-based Recommendation. In Proceedings of the Fifteenth ACM International Conference on Web Search and Data Mining.
  23. Paterek, A. 2007. Improving regularized singular value decomposition for collaborative filtering. In Proceedings of KDD cup and workshop.
  24. Deep k-nn defense against clean-label data poisoning attacks. In Computer Vision–ECCV 2020 Workshops: Glasgow, UK, August 23–28, 2020, Proceedings, Part I 16.
  25. Popkov, A. Y. 2005. Gradient Methods for Nonstationary Unconstrained Optimization Problems.
  26. Item-Based Collaborative Filtering Recommendation Algorithms. In Proceedings of the 10th International Conference on World Wide Web.
  27. Autorec: Autoencoders meet collaborative filtering. In Proceedings of the 24th international conference on World Wide Web.
  28. Certified defenses for data poisoning attacks. In Advances in neural information processing systems.
  29. Visualizing Data using t-SNE. Journal of Machine Learning Research, 9(86): 2579–2605.
  30. Threats to Training: A Survey of Poisoning Attacks and Defenses on Machine Learning Systems. In ACM Computing Surveys.
  31. Influence-Driven Data Poisoning for Robust Recommender Systems. In IEEE Transactions on Pattern Analysis and Machine Intelligence.
  32. Collaborative denoising auto-encoders for top-n recommender systems. In Proceedings of the ninth ACM international conference on web search and data mining.
  33. Yelp. 2004. Yelp Dataset.
  34. mixup: Beyond empirical risk minimization. In arXiv preprint arXiv:1710.09412.
  35. Towards Poisoning the Neural Collaborative Filtering-Based Recommender Systems. In Computer Security – ESORICS 2020.

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now