In practice, users of a Recommender System (RS) fall into a few clusters based on their preferences. In this work, we conduct a systematic study on user-cluster targeted data poisoning attacks on Matrix Factorisation (MF) based RS, where an adversary injects fake users with falsely crafted user-item feedback to promote an item to a specific user cluster. We analyse how user and item feature matrices change after data poisoning attacks and identify the factors that influence the effectiveness of the attack on these feature matrices. We demonstrate that the adversary can easily target specific user clusters with minimal effort and that some items are more susceptible to attacks than others. Our theoretical analysis has been validated by the experimental results obtained from two real-world datasets. Our observations from the study could serve as a motivating point to design a more robust RS.
翻译:在实践中,推荐系统(RS)的用户根据其偏好可分为若干群体。本研究针对基于矩阵分解(MF)的推荐系统,系统性地探究了面向用户群体的数据投毒攻击——攻击者通过注入伪造用户并构建虚假的用户-项目交互数据,以向特定用户群体推广目标项目。我们分析了数据投毒攻击后用户与项目特征矩阵的变化规律,并识别了影响攻击对这些特征矩阵有效性的关键因素。实验表明,攻击者能够以极低成本轻易针对特定用户群体实施攻击,且某些项目相比其他项目更易受到攻击影响。我们在两个真实数据集上的实验结果验证了理论分析的可靠性。本研究的发现可为设计更具鲁棒性的推荐系统提供重要参考依据。