Adversarial machine learning is the research field investigating vulnerabilities inherent to machine learning systems’ design and ways to defend against them. Recently, recommender systems have been shown vulnerable to adversarial attacks that force the models to produce misleading recommendations. For instance, adversaries can attempt to push target items into high/low positions in the recommendation lists by inserting optimized fake profiles in pure-collaborative recommenders or uploading item images with human-imperceptible perturbations. This chapter lays out a taxonomy of how recommender systems can be dramatically affected by adversarial attacks, together with the analysis of existing defense mechanisms and their limits. A discussion and an analysis are provided on the methodologies to evaluate recommender systems under adversarial settings. Finally, open issues and future research directions are discussed that need further investigation in designing powerful attacks while proposing more robust defense strategies.

Adversarial Recommender Systems: Attack, Defense, and Advances

Anelli, Vito Walter;Deldjoo, Yashar;Di Noia, Tommaso;Merra, Felice Antonio
2022

Abstract

Adversarial machine learning is the research field investigating vulnerabilities inherent to machine learning systems’ design and ways to defend against them. Recently, recommender systems have been shown vulnerable to adversarial attacks that force the models to produce misleading recommendations. For instance, adversaries can attempt to push target items into high/low positions in the recommendation lists by inserting optimized fake profiles in pure-collaborative recommenders or uploading item images with human-imperceptible perturbations. This chapter lays out a taxonomy of how recommender systems can be dramatically affected by adversarial attacks, together with the analysis of existing defense mechanisms and their limits. A discussion and an analysis are provided on the methodologies to evaluate recommender systems under adversarial settings. Finally, open issues and future research directions are discussed that need further investigation in designing powerful attacks while proposing more robust defense strategies.
Third Edition of Recommender systems handbook
978-1-0716-2196-7
978-1-0716-2197-4
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11589/243821
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact