Konsep Inti
Poisoning attacks on recommender systems pose a serious threat by manipulating the training data to corrupt the integrity of the underlying models, leading to biased recommendations that benefit the attacker's goals.
Abstrak
This survey provides a comprehensive overview of the state-of-the-art in poisoning attacks on recommender systems and the countermeasures to detect and prevent them.
The key highlights are:
A novel taxonomy of poisoning attacks is presented, which formally defines five dimensions: the adversary's goal, knowledge, capabilities, impact, and approach. This taxonomy helps to organize the 30+ attacks described in the literature.
Model-agnostic poisoning attacks are reviewed, which can be executed against any recommender system regardless of the underlying algorithm. These attacks involve injecting manipulated data into the training set to bias the model's recommendations.
Model-intrinsic poisoning attacks are examined, which target specific types of recommender systems by exploiting vulnerabilities in their training processes. These attacks can cause substantial damage to the underlying models.
Over 40 countermeasures to detect and prevent poisoning attacks are analyzed, and their effectiveness against specific types of attacks is evaluated. This provides insights into the strengths and weaknesses of different mitigation strategies.
Open research challenges and promising future directions are discussed, such as addressing concept drift, handling imbalanced data, and securing recommender systems across diverse application domains like e-commerce, social media, and news recommendations.
Statistik
"Recommender system market to increase from US$1.14 billion to US$12.03 billion by 2025."
"Fake reviews are a well-documented example of poisoning attacks to increase product recommendations."
Kutipan
"Poisoning attacks can seriously undermine the commercial success of any company falling victim to such an attack."
"Poisoning attacks pose a more severe threat to economies and society compared to profile pollution attacks."
"Recommender systems are typically public and accessible to large numbers of users, making them very vulnerable to poisoning attacks."