Modern recommender systems (RS) have profoundly enhanced user experience across digital platforms, yet they face significant threats from poisoning attacks. These attacks, aimed at manipulating recommendation outputs for unethical gains, exploit vulnerabilities in RS through injecting malicious data or intervening model training. This survey presents a unique perspective by examining these threats through the lens of an attacker, offering fresh insights into their mechanics and impacts. Concretely, we detail a systematic pipeline that encompasses four stages of a poisoning attack: setting attack goals, assessing attacker capabilities, analyzing victim architecture, and implementing poisoning strategies. The pipeline not only aligns with various attack tactics but also serves as a comprehensive taxonomy to pinpoint focuses of distinct poisoning attacks. Correspondingly, we further classify defensive strategies into two main categories: poisoning data filtering and robust training from the defender's perspective. Finally, we highlight existing limitations and suggest innovative directions for further exploration in this field.

翻译：现代推荐系统（RS）已深刻提升了数字平台的用户体验，但其面临着来自投毒攻击的重大威胁。此类攻击旨在通过操纵推荐输出来获取不当利益，其通过注入恶意数据或干预模型训练来利用推荐系统的漏洞。本综述从攻击者的视角审视这些威胁，为理解其机制与影响提供了新的见解，从而呈现了一种独特的视角。具体而言，我们详细阐述了一个系统化的流程，该流程涵盖投毒攻击的四个阶段：设定攻击目标、评估攻击者能力、分析受害者架构以及实施投毒策略。该流程不仅与多种攻击策略相契合，还可作为一个全面的分类法，用以定位不同投毒攻击的关注焦点。相应地，我们进一步将防御策略从防御者视角分为两大类：投毒数据过滤与鲁棒训练。最后，我们指出了现有研究的局限性，并提出了该领域未来探索的创新方向。