Recently, Large Language Model (LLM)-empowered recommender systems have revolutionized personalized recommendation frameworks and attracted extensive attention. Despite the remarkable success, existing LLM-empowered RecSys have been demonstrated to be highly vulnerable to minor perturbations. To mitigate the negative impact of such vulnerabilities, one potential solution is to employ collaborative signals based on item-item co-occurrence to purify the malicious collaborative knowledge from the user's historical interactions inserted by attackers. On the other hand, due to the capabilities to expand insufficient internal knowledge of LLMs, Retrieval-Augmented Generation (RAG) techniques provide unprecedented opportunities to enhance the robustness of LLM-empowered recommender systems by introducing external collaborative knowledge. Therefore, in this paper, we propose a novel framework (RETURN) by retrieving external collaborative signals to purify the poisoned user profiles and enhance the robustness of LLM-empowered RecSys in a plug-and-play manner. Specifically, retrieval-augmented perturbation positioning is proposed to identify potential perturbations within the users' historical sequences by retrieving external knowledge from collaborative item graphs. After that, we further retrieve the collaborative knowledge to cleanse the perturbations by using either deletion or replacement strategies and introduce a robust ensemble recommendation strategy to generate final robust predictions. Extensive experiments on three real-world datasets demonstrate the effectiveness of the proposed RETURN.

翻译：近年来，大型语言模型（LLM）赋能的推荐系统革新了个性化推荐框架，并引起了广泛关注。尽管取得了显著成功，但现有LLM赋能的推荐系统已被证明极易受到微小扰动的攻击。为减轻此类脆弱性带来的负面影响，一种潜在的解决方案是利用基于物品-物品共现的协同信号，以净化攻击者注入用户历史交互中的恶意协同知识。另一方面，由于检索增强生成（RAG）技术能够扩展LLM内部知识的不足，其通过引入外部协同知识，为增强LLM赋能推荐系统的鲁棒性提供了前所未有的机遇。因此，本文提出一种新颖框架（RETURN），通过检索外部协同信号以净化被污染的用户画像，并以即插即用的方式提升LLM赋能推荐系统的鲁棒性。具体而言，我们提出检索增强的扰动定位方法，通过从协同物品图中检索外部知识，以识别用户历史序列中的潜在扰动。随后，我们进一步检索协同知识，采用删除或替换策略清洗扰动，并引入一种鲁棒的集成推荐策略以生成最终的鲁棒预测。在三个真实世界数据集上的大量实验证明了所提RETURN框架的有效性。