Shilling Recommender Systems by Generating Side-feature-aware Fake User Profiles
Yuanrong Wang, Yingpeng Du
TL;DR
This paper tackles shilling attacks on recommender systems that leverage side information by introducing a side-feature–aware fake profile generator. It extends the Leg-UP framework with FiLM-conditioned generation inside a VAE–GAN pipeline and employs a projection discriminator (or spectral normalization) to ensure realism and stealth when injecting fake users with both ratings and side features. A differentiable surrogate model guides attack training, enabling gradient-based optimization despite non-differentiable baselines. Experiments on benchmark data show the proposed method achieves strong attack performance and stealth, outperforming purely rating-based baselines and maintaining effectiveness across multiple target items and datasets. The work highlights the importance of modeling side features in attacks and suggests pathways for future defense research against side-feature–aware poisoning in recommender systems.
Abstract
Recommender systems (RS) greatly influence users' consumption decisions, making them attractive targets for malicious shilling attacks that inject fake user profiles to manipulate recommendations. Existing shilling methods can generate effective and stealthy fake profiles when training data only contain rating matrix, but they lack comprehensive solutions for scenarios where side features are present and utilized by the recommender. To address this gap, we extend the Leg-UP framework by enhancing the generator architecture to incorporate side features, enabling the generation of side-feature-aware fake user profiles. Experiments on benchmarks show that our method achieves strong attack performance while maintaining stealthiness.