Modern recommender systems (RS) have seen substantial success, yet they remain vulnerable to malicious activities, notably poisoning attacks. These attacks involve injecting malicious data into the training datasets of RS, thereby compromising their integrity and manipulating recommendation outcomes for gaining illicit profits. This survey paper provides a systematic and up-to-date review of the research landscape on Poisoning Attacks against Recommendation (PAR). A novel and comprehensive taxonomy is proposed, categorizing existing PAR methodologies into three distinct categories: Component-Specific, Goal-Driven, and Capability Probing. For each category, we discuss its mechanism in detail, along with associated methods. Furthermore, this paper highlights potential future research avenues in this domain. Additionally, to facilitate and benchmark the empirical comparison of PAR, we introduce an open-source library, ARLib, which encompasses a comprehensive collection of PAR models and common datasets. The library is released at https://github.com/CoderWZW/ARLib.

翻译：现代推荐系统（RS）取得了显著成功，但仍易受恶意活动影响，特别是投毒攻击。此类攻击通过在推荐系统的训练数据集中注入恶意数据，破坏其完整性并操纵推荐结果以获取非法利益。本文对推荐系统投毒攻击（PAR）研究现状进行了系统且最新的综述。我们提出了一种新颖且全面的分类体系，将现有PAR方法分为三类：组件特定型、目标驱动型和能力探测型。针对每类方法，我们详细讨论了其机制及相关技术。此外，本文还指出了该领域潜在的未来研究方向。为促进PAR的实证比较与基准测试，我们开发了开源库ARLib，其中包含全面的PAR模型集合及常用数据集。该库已发布于https://github.com/CoderWZW/ARLib。