Manipulating Recommender Systems: A Survey of Poisoning Attacks and Countermeasures-Reference-Cited by-同舟云学术

Manipulating Recommender Systems: A Survey of Poisoning Attacks and Countermeasures

Published:2024-07-25 Issue: Volume: Page:
ISSN:0360-0300
Container-title:ACM Computing Surveys
language:en
Short-container-title:ACM Comput. Surv.

Author:

Nguyen Thanh Toan¹^ORCID,Quoc Viet Hung Nguyen²^ORCID,Nguyen Thanh Tam³^ORCID,Huynh Thanh Trung⁴^ORCID,Nguyen Thanh Thi⁵^ORCID,Weidlich Matthias⁶^ORCID,Yin Hongzhi⁷^ORCID

Affiliation:

1. Faculty of Information Technology, HUTECH University, Ho Chi Minh City, Vietnam

2. Griffith University - Gold Coast Campus, Southport, Australia

3. Griffith University - Gold Coast Campus, Southport Australia

4. Ecole Polytechnique Federale de Lausanne, Lausanne, Switzerland

5. School of Information Technology, Deakin University Faculty of Science Engineering and Built Environment, Waurn Ponds, Australia

6. Humboldt-Universitat zu Berlin, Berlin, Germany

7. The University of Queensland, Saint Lucia, Australia

Abstract

Recommender systems have become an integral part of online services due to their ability to help users locate specific information in a sea of data. However, existing studies show that some recommender systems are vulnerable to poisoning attacks particularly those that involve learning schemes. A poisoning attack is where an adversary injects carefully crafted data into the process of training a model, with the goal of manipulating the system’s final recommendations. Based on recent advancements in artificial intelligence (AI), such attacks have gained importance recently. At present, we do not have a full and clear picture of why adversaries mount such attacks, nor do we have comprehensive knowledge of the full capacity to which such attacks can undermine a model or the impacts that might have. While numerous countermeasures to poisoning attacks have been developed, they have not yet been systematically linked to the properties of the attacks. Consequently, assessing the respective risks and potential success of mitigation strategies is difficult, if not impossible. This survey aims to fill this gap by primarily focusing on poisoning attacks and their countermeasures. This is in contrast to prior surveys that mainly focus on attacks and their detection methods. Through an exhaustive literature review, we provide a novel taxonomy for poisoning attacks, formalise its dimensions, and accordingly organise 31 attacks described in the literature. Further, we review 43 countermeasures to detect and/or prevent poisoning attacks, evaluating their effectiveness against specific types of attacks. This comprehensive survey should serve as a point of reference for protecting recommender systems against poisoning attacks. The article concludes with a discussion on open issues in the field and impactful directions for future research. A rich repository of resources associated with poisoning attacks is available at https://github.com/tamlhp/awesome-recsys-poisoning.

Publisher

Association for Computing Machinery (ACM)

Link

https://dl.acm.org/doi/pdf/10.1145/3677328

Reference166 articles.

1. [n. d.]. https://www.industryarc.com/Research/Recommendation-Engine-Market-Research-500995

2. [n. d.]. http://news.bbc.co.uk/2/hi/entertainment/1368666.stm

3. [n. d.]. https://www.pentasecurity.com/blog/top-5-ai-powered-cyber-threats-how-to-prevent-them/

4. [n. d.]. https://github.com/tamlhp/awesome-recsys-poisoning

5. Behnoush Abdollahi and Olfa Nasraoui. 2018. Transparency in fair machine learning: the case of explainable recommender systems. In Human and machine learning. Springer, 21–35.

Cited by 2 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Adversarial Item Promotion on Visually-Aware Recommender Systems by Guided Diffusion;ACM Transactions on Information Systems;2024-08-19

2. Optimal Attacks Classification in Edge Internet of Things Networks Using Deep Learning Algorithm;2024 IEEE Symposium on Industrial Electronics & Applications (ISIEA);2024-07-06