Adversarial Collaborative Filtering (ACF), which typically applies adversarial perturbations at user and item embeddings through adversarial training, is widely recognized as an effective strategy for enhancing the robustness of Collaborative Filtering (CF) recommender systems against poisoning attacks. Besides, numerous studies have empirically shown that ACF can also improve recommendation performance compared to traditional CF. Despite these empirical successes, the theoretical understanding of ACF's effectiveness in terms of both performance and robustness remains unclear. To bridge this gap, in this paper, we first theoretically show that ACF can achieve a lower recommendation error compared to traditional CF with the same training epochs in both clean and poisoned data contexts. Furthermore, by establishing bounds for reductions in recommendation error during ACF's optimization process, we find that applying personalized magnitudes of perturbation for different users based on their embedding scales can further improve ACF's effectiveness. Building on these theoretical understandings, we propose Personalized Magnitude Adversarial Collaborative Filtering (PamaCF). Extensive experiments demonstrate that PamaCF effectively defends against various types of poisoning attacks while significantly enhancing recommendation performance.

翻译：对抗协同过滤（ACF）通常通过对抗训练在用户和物品嵌入向量上施加对抗性扰动，被广泛认为是增强协同过滤（CF）推荐系统抵御投毒攻击鲁棒性的有效策略。此外，大量研究经验表明，与传统CF相比，ACF还能提升推荐性能。尽管取得了这些经验性成功，关于ACF在性能和鲁棒性方面有效性的理论理解仍不清晰。为弥补这一空白，本文首先从理论上证明，在相同训练轮次下，无论面对干净数据还是投毒数据，ACF都能实现比传统CF更低的推荐误差。进一步地，通过建立ACF优化过程中推荐误差减少量的边界，我们发现基于用户嵌入向量规模为其施加个性化的扰动幅度，能够进一步提升ACF的有效性。基于这些理论认识，我们提出了个性化幅度对抗协同过滤（PamaCF）。大量实验表明，PamaCF能有效防御多种类型的投毒攻击，同时显著提升推荐性能。