Recommender systems are often susceptible to well-crafted fake profiles, leading to biased recommendations. Among existing defense methods, data-processing-based methods inevitably exclude normal samples, while model-based methods struggle to enjoy both generalization and robustness. To this end, we suggest integrating data processing and the robust model to propose a general framework, Triple Cooperative Defense (TCD), which employs three cooperative models that mutually enhance data and thereby improve recommendation robustness. Furthermore, Considering that existing attacks struggle to balance bi-level optimization and efficiency, we revisit poisoning attacks in recommender systems and introduce an efficient attack strategy, Co-training Attack (Co-Attack), which cooperatively optimizes the attack optimization and model training, considering the bi-level setting while maintaining attack efficiency. Moreover, we reveal a potential reason for the insufficient threat of existing attacks is their default assumption of optimizing attacks in undefended scenarios. This overly optimistic setting limits the potential of attacks. Consequently, we put forth a Game-based Co-training Attack (GCoAttack), which frames the proposed CoAttack and TCD as a game-theoretic process, thoroughly exploring CoAttack's attack potential in the cooperative training of attack and defense. Extensive experiments on three real datasets demonstrate TCD's superiority in enhancing model robustness. Additionally, we verify that the two proposed attack strategies significantly outperform existing attacks, with game-based GCoAttack posing a greater poisoning threat than CoAttack.

翻译：推荐系统常易受精心设计的虚假配置文件影响，导致推荐结果产生偏差。现有防御方法中，基于数据处理的方案不可避免地会排除正常样本，而基于模型的方法难以同时兼顾泛化性与鲁棒性。为此，我们提出将数据处理与鲁棒模型相结合，构建通用框架——三重协同防御（Triple Cooperative Defense, TCD），通过三个协同模型相互增强数据，从而提升推荐鲁棒性。此外，鉴于现有攻击难以平衡双层优化与效率，我们重新审视推荐系统中的投毒攻击，提出一种高效攻击策略——协同训练攻击（Co-training Attack, Co-Attack），其在保持攻击效率的同时，通过协同优化攻击参数与模型训练，兼顾双层优化设置。进一步地，我们揭示现有攻击威胁不足的潜在原因：其默认假设在无防御场景下优化攻击。这种过度乐观的设定限制了攻击潜力。为此，我们提出基于博弈的协同训练攻击（Game-based Co-training Attack, GCoAttack），将CoAttack与TCD框架建模为博弈过程，在攻击与防御的协同训练中充分挖掘CoAttack的攻击潜力。在三个真实数据集上的大量实验表明，TCD在增强模型鲁棒性方面具有优越性。同时，我们验证了两种提出的攻击策略显著优于现有攻击，其中基于博弈的GCoAttack比CoAttack具有更大的投毒威胁。