Recently, a series of pioneer studies have shown the potency of pre-trained models in sequential recommendation, illuminating the path of building an omniscient unified pre-trained recommendation model for different downstream recommendation tasks. Despite these advancements, the vulnerabilities of classical recommender systems also exist in pre-trained recommendation in a new form, while the security of pre-trained recommendation model is still unexplored, which may threaten its widely practical applications. In this study, we propose a novel framework for backdoor attacking in pre-trained recommendation. We demonstrate the provider of the pre-trained model can easily insert a backdoor in pre-training, thereby increasing the exposure rates of target items to target user groups. Specifically, we design two novel and effective backdoor attacks: basic replacement and prompt-enhanced, under various recommendation pre-training usage scenarios. Experimental results on real-world datasets show that our proposed attack strategies significantly improve the exposure rates of target items to target users by hundreds of times in comparison to the clean model.

翻译：近期，一系列开创性研究表明，预训练模型在序列推荐任务中具有显著潜力，为构建适用于不同下游推荐任务的无所不包的统一预训练推荐模型指明了方向。尽管取得了这些进展，经典推荐系统的脆弱性在预训练推荐中以新形式重新显现，而预训练推荐模型的安全性迄今尚未得到探索，这可能危及其在众多实际应用中的广泛部署。本研究提出了一种针对预训练推荐系统的后门攻击新框架。我们证明，预训练模型的提供者可轻易在预训练阶段植入后门，从而显著提升目标物品对目标用户群体的曝光率。具体而言，我们针对不同的预训练推荐使用场景，设计了两种新颖且有效的后门攻击方法：基础替换攻击与提示增强攻击。在真实数据集上的实验结果表明，相较于干净模型，我们所提出的攻击策略能将目标物品对目标用户的曝光率提升数百倍。