Understanding and Improving Adversarial Collaborative Filtering for Robust Recommendation
Kaike Zhang, Qi Cao, Yunfan Wu, Fei Sun, Huawei Shen, Xueqi Cheng
TL;DR
This work examines why Adversarial Collaborative Filtering (ACF) improves both robustness and performance in recommender systems and proposes a theoretically motivated enhancement. By analyzing a Gaussian Recommender System, it proves that ACF can achieve lower error than traditional CF under the same training budget and provides bounds that highlight the benefit of per-user perturbation magnitudes tied to embedding scales. The authors introduce Personalized Magnitude Adversarial Collaborative Filtering (PamaCF), which assigns user-specific perturbation budgets and perturbs along the gradient direction to maximize adversarial loss; a BPR variant is also presented. Extensive experiments on Gowalla, Yelp2018, and MIND show that PamaCF outperforms baselines in both clean and poisoned settings, with substantial gains in Recall@k and NDCG@k and strong defense against various poisoning attacks. The work advances robust recommendation by linking theoretical error reductions to practical, per-user perturbation strategies, offering a scalable defense with tangible performance benefits in real-world datasets.
Abstract
Adversarial Collaborative Filtering (ACF), which typically applies adversarial perturbations at user and item embeddings through adversarial training, is widely recognized as an effective strategy for enhancing the robustness of Collaborative Filtering (CF) recommender systems against poisoning attacks. Besides, numerous studies have empirically shown that ACF can also improve recommendation performance compared to traditional CF. Despite these empirical successes, the theoretical understanding of ACF's effectiveness in terms of both performance and robustness remains unclear. To bridge this gap, in this paper, we first theoretically show that ACF can achieve a lower recommendation error compared to traditional CF with the same training epochs in both clean and poisoned data contexts. Furthermore, by establishing bounds for reductions in recommendation error during ACF's optimization process, we find that applying personalized magnitudes of perturbation for different users based on their embedding scales can further improve ACF's effectiveness. Building on these theoretical understandings, we propose Personalized Magnitude Adversarial Collaborative Filtering (PamaCF). Extensive experiments demonstrate that PamaCF effectively defends against various types of poisoning attacks while significantly enhancing recommendation performance.