Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

ToDA: Target-oriented Diffusion Attacker against Recommendation System

Xiaohao Liu, Zhulin Tao, Ting Jiang, He Chang, Yunshan Ma, Yinwei Wei, Xiang Wang

TL;DR

A novel Target-oriented Diffusion Attack model (ToDA) is proposed that incorporates a pre-trained autoencoder that transforms user profiles into a high dimensional space, paired with a Latent Diffusion Attacker (LDA)-the core component of ToDA.

Abstract

Recommendation systems (RS) have become indispensable tools for web services to address information overload, thus enhancing user experiences and bolstering platforms' revenues. However, with their increasing ubiquity, security concerns have also emerged. As the public accessibility of RS, they are susceptible to specific malicious attacks where adversaries can manipulate user profiles, leading to biased recommendations. Recent research often integrates additional modules using generative models to craft these deceptive user profiles, ensuring them are imperceptible while causing the intended harm. Albeit their efficacy, these models face challenges of unstable training and the exploration-exploitation dilemma, which can lead to suboptimal results. In this paper, we pioneer to investigate the potential of diffusion models (DMs), for shilling attacks. Specifically, we propose a novel Target-oriented Diffusion Attack model (ToDA). It incorporates a pre-trained autoencoder that transforms user profiles into a high dimensional space, paired with a Latent Diffusion Attacker (LDA)-the core component of ToDA. LDA introduces noise into the profiles within this latent space, adeptly steering the approximation towards targeted items through cross-attention mechanisms. The global horizon, implemented by a bipartite graph, is involved in LDA and derived from the encoded user profile feature. This makes LDA possible to extend the generation outwards the on-processing user feature itself, and bridges the gap between diffused user features and target item features. Extensive experiments compared to several SOTA baselines demonstrate ToDA's effectiveness. Specific studies exploit the elaborative design of ToDA and underscore the potency of advanced generative models in such contexts.

ToDA: Target-oriented Diffusion Attacker against Recommendation System

TL;DR

A novel Target-oriented Diffusion Attack model (ToDA) is proposed that incorporates a pre-trained autoencoder that transforms user profiles into a high dimensional space, paired with a Latent Diffusion Attacker (LDA)-the core component of ToDA.

Abstract

Recommendation systems (RS) have become indispensable tools for web services to address information overload, thus enhancing user experiences and bolstering platforms' revenues. However, with their increasing ubiquity, security concerns have also emerged. As the public accessibility of RS, they are susceptible to specific malicious attacks where adversaries can manipulate user profiles, leading to biased recommendations. Recent research often integrates additional modules using generative models to craft these deceptive user profiles, ensuring them are imperceptible while causing the intended harm. Albeit their efficacy, these models face challenges of unstable training and the exploration-exploitation dilemma, which can lead to suboptimal results. In this paper, we pioneer to investigate the potential of diffusion models (DMs), for shilling attacks. Specifically, we propose a novel Target-oriented Diffusion Attack model (ToDA). It incorporates a pre-trained autoencoder that transforms user profiles into a high dimensional space, paired with a Latent Diffusion Attacker (LDA)-the core component of ToDA. LDA introduces noise into the profiles within this latent space, adeptly steering the approximation towards targeted items through cross-attention mechanisms. The global horizon, implemented by a bipartite graph, is involved in LDA and derived from the encoded user profile feature. This makes LDA possible to extend the generation outwards the on-processing user feature itself, and bridges the gap between diffused user features and target item features. Extensive experiments compared to several SOTA baselines demonstrate ToDA's effectiveness. Specific studies exploit the elaborative design of ToDA and underscore the potency of advanced generative models in such contexts.
Paper Structure (32 sections, 13 equations, 6 figures, 6 tables, 2 algorithms)

This paper contains 32 sections, 13 equations, 6 figures, 6 tables, 2 algorithms.

Table of Contents

  1. Introduction
  2. Preliminary
  3. Shilling Attacks
  4. Attack goal
  5. Attacker capability
  6. Recommendation System
  7. Methodology
  8. Approach Overview
  9. Latent Diffusion Attacker
  10. Target-oriented Approximator
  11. Optimization
  12. Complexity Analysis
  13. Experiment
  14. Experimental Settings
  15. Datasets
  16. ...and 17 more sections

Figures (6)

  • Figure 1: Illustration of a shilling attack example and the comparison between conventional diffusion models and ToDA, which derives the targeted profile by leveraging global view graph and target information.
  • Figure 2: The overall framework of ToDA. It is featured by the latent diffusion attacker with target-oriented approximator $\boldsymbol{\epsilon}_\theta$. The approximator $\boldsymbol{\epsilon}_\theta$ denoises the previous state of user profile feature $\mathbf{e}_{u;s}$, bringing in the global information to the local view diffusion model. The features of target items are incorporated through a GCN Encoder $\mathcal{E}_{\mathcal{G}}$, before using the cross-attention to control the denoising orientation.
  • Figure 3: The distributions of user profiles in a 2d-plane.
  • Figure 4: The performance comparison in terms of different number of diffusion steps $S$.
  • Figure 5: The performance comparison in terms of different noise scales.
  • ...and 1 more figures