Alapfogalmak
Diffusion models can be effectively harnessed to generate imperceptible user profiles that manipulate recommendation systems towards targeted items.
Kivonat
The paper introduces a novel Target-oriented Diffusion Attack (ToDA) model to address the security vulnerabilities of recommendation systems. ToDA leverages the capabilities of diffusion models to generate fake user profiles that can effectively manipulate the recommendations while maintaining imperceptibility.
Key highlights:
- ToDA incorporates a latent diffusion attacker that encodes user profiles into a high-dimensional space and gradually adds noise to steer the generation towards targeted items.
- ToDA employs a target-oriented approximator that utilizes cross-attention to incorporate global information about the target items, extending the narrow focus of conventional diffusion models.
- Extensive experiments demonstrate that ToDA outperforms state-of-the-art shilling attack methods across multiple recommendation system models and datasets.
- Detailed analysis showcases the effectiveness of ToDA's components, the impact of hyperparameters, and the imperceptibility of the generated user profiles.
Statisztikák
"Recommendation systems have become indispensable tools to address information overload, thus enhancing user experiences and bolstering platforms' revenues."
"Attackers are able to glean interaction histories of users and subsequently construct fabricated user profiles (i.e., a sequence of user-item interactions) as inputs to the recommendation system, thereby promoting or demoting the target items."
"Diffusion models (DMs) have emerged as a cutting-edge technique for generating data across various domains, like computer vision and natural language processing."
Idézetek
"Introducing DMs into shilling attack tasks presents unique challenges. As illustrated in Figure 1 (b), we summarize the following two main challenges: 1) The inherent nature of DMs is benign. They are designed to understand and replicate patterns without any malicious intent. 2) DMs typically have a narrow focus, often concentrating on a single sample during generation (i.e., local view)."
"To address the above challenges, we propose a novel Target-oriented Diffusion Attack model, termed ToDA. As shown in Figure 1 (c), ToDA derives targeted profiles step by step during the reverse procedure, where the global view graph and target information are incorporated."