Recommendation systems (RS) have become indispensable tools for web services to address information overload, thus enhancing user experiences and bolstering platforms' revenues. However, with their increasing ubiquity, security concerns have also emerged. As the public accessibility of RS, they are susceptible to specific malicious attacks where adversaries can manipulate user profiles, leading to biased recommendations. Recent research often integrates additional modules using generative models to craft these deceptive user profiles, ensuring them are imperceptible while causing the intended harm. Albeit their efficacy, these models face challenges of unstable training and the exploration-exploitation dilemma, which can lead to suboptimal results. In this paper, we pioneer to investigate the potential of diffusion models (DMs), for shilling attacks. Specifically, we propose a novel Target-oriented Diffusion Attack model (ToDA). It incorporates a pre-trained autoencoder that transforms user profiles into a high dimensional space, paired with a Latent Diffusion Attacker (LDA)-the core component of ToDA. LDA introduces noise into the profiles within this latent space, adeptly steering the approximation towards targeted items through cross-attention mechanisms. The global horizon, implemented by a bipartite graph, is involved in LDA and derived from the encoded user profile feature. This makes LDA possible to extend the generation outwards the on-processing user feature itself, and bridges the gap between diffused user features and target item features. Extensive experiments compared to several SOTA baselines demonstrate ToDA's effectiveness. Specific studies exploit the elaborative design of ToDA and underscore the potency of advanced generative models in such contexts.

翻译：推荐系统（RS）已成为网络服务应对信息过载不可或缺的工具，从而提升用户体验并增加平台收入。然而，随着其日益普及，安全问题也逐渐显现。由于推荐系统的公开可访问性，它们容易受到特定恶意攻击，攻击者可以操纵用户画像，导致推荐结果产生偏差。近期研究通常利用生成模型集成额外模块来构建这些欺骗性用户画像，确保其在造成预期危害的同时难以被察觉。尽管这些模型有效，但它们面临着训练不稳定和探索-利用困境的挑战，可能导致次优结果。本文率先研究了扩散模型（DMs）在托攻击中的潜力。具体而言，我们提出了一种新颖的目标导向扩散攻击模型（ToDA）。该模型包含一个预训练自编码器，将用户画像转换到高维空间，并与潜在扩散攻击器（LDA）——ToDA的核心组件——相结合。LDA在此潜在空间内向用户画像引入噪声，通过交叉注意力机制巧妙地引导近似过程朝向目标项目。通过二分图实现的全局视野被整合到LDA中，该视野源自编码后的用户画像特征。这使得LDA能够将生成过程扩展到正在处理的用户特征本身之外，并弥合扩散用户特征与目标项目特征之间的差距。与多个最先进基线模型的大量对比实验证明了ToDA的有效性。专项研究深入探讨了ToDA的精妙设计，并强调了先进生成模型在此类场景中的强大潜力。