Adversarial machine learning is the research field investigating vulnerabilities inherent to machine learning systems’ design and ways to defend against them. Recently, recommender systems have been shown vulnerable to adversarial attacks that force the models to produce misleading recommendations. For instance, adversaries can attempt to push target items into high/low positions in the recommendation lists by inserting optimized fake profiles in pure-collaborative recommenders or uploading item images with human-imperceptible perturbations. This chapter lays out a taxonomy of how recommender systems can be dramatically affected by adversarial attacks, together with the analysis of existing defense mechanisms and their limits. A discussion and an analysis are provided on the methodologies to evaluate recommender systems under adversarial settings. Finally, open issues and future research directions are discussed that need further investigation in designing powerful attacks while proposing more robust defense strategies.
Adversarial Recommender Systems: Attack, Defense, and Advances / Anelli, Vito Walter; Deldjoo, Yashar; Di Noia, Tommaso; Merra, Felice Antonio. - ELETTRONICO. - (2022), pp. 335-379. [10.1007/978-1-0716-2197-4_9]
Adversarial Recommender Systems: Attack, Defense, and Advances
Anelli, Vito Walter;Deldjoo, Yashar;Di Noia, Tommaso;Merra, Felice Antonio
2022-01-01
Abstract
Adversarial machine learning is the research field investigating vulnerabilities inherent to machine learning systems’ design and ways to defend against them. Recently, recommender systems have been shown vulnerable to adversarial attacks that force the models to produce misleading recommendations. For instance, adversaries can attempt to push target items into high/low positions in the recommendation lists by inserting optimized fake profiles in pure-collaborative recommenders or uploading item images with human-imperceptible perturbations. This chapter lays out a taxonomy of how recommender systems can be dramatically affected by adversarial attacks, together with the analysis of existing defense mechanisms and their limits. A discussion and an analysis are provided on the methodologies to evaluate recommender systems under adversarial settings. Finally, open issues and future research directions are discussed that need further investigation in designing powerful attacks while proposing more robust defense strategies.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
