Recent studies have shown that recommender systems (RSs) are highly vulnerable to data poisoning attacks. Understanding attack tactics helps improve the robustness of RSs. We intend to develop efficient attack methods that use limited resources to generate high-quality fake user profiles to achieve 1) transferability among black-box RSs 2) and imperceptibility among detectors. In order to achieve these goals, we introduce textual reviews of products to enhance the generation quality of the profiles. Specifically, we propose a novel attack framework named R-Trojan, which formulates the attack objectives as an optimization problem and adopts a tailored transformer-based generative adversarial network (GAN) to solve it so that high-quality attack profiles can be produced. Comprehensive experiments on real-world datasets demonstrate that R-Trojan greatly outperforms state-of-the-art attack methods on various victim RSs under black-box settings and show its good imperceptibility.

翻译：近期研究表明，推荐系统极易受到数据投毒攻击。理解攻击策略有助于提升推荐系统的鲁棒性。本文旨在利用有限资源开发高效攻击方法，生成高质量虚假用户画像，以实现：（1）在黑盒推荐系统间的可迁移性；（2）对检测器的隐蔽性。为实现上述目标，我们引入产品文本评论以增强用户画像生成质量。具体而言，我们提出一种名为R-trojan的新型攻击框架，该框架将攻击目标形式化为优化问题，并采用基于Transformer的生成对抗网络进行求解，从而生成高质量攻击画像。在真实数据集上的综合实验表明，R-Trojan在黑盒场景下对各种目标推荐系统的攻击性能均显著优于现有最优攻击方法，且展现出良好的隐蔽性。