Toward Adversarially Robust Recommendation from Adaptive Fraudster Detection

Yuni Lai, Yulin Zhu, Wenqi Fan, Xiaoge Zhang, Kai Zhou

Research output: Journal article publicationJournal articleAcademic researchpeer-review

2 Citations (Scopus)

Abstract

The robustness of recommender systems under node injection attacks has garnered significant attention. Recently, GraphRfi, a Graph-Neural-Network-based (GNN-based) recommender system, was proposed and shown to effectively mitigate the impact of injected fake users. However, we demonstrate that GraphRfi remains vulnerable to attacks due to the supervised nature of its fraudster detection component, where obtaining clean labels is challenging in practice. In particular, we propose a powerful poisoning attack, MetaC, against both GNN-based and Martix-Faxtorization-based recommender systems. Furthermore, we analyze why GraphRfi fails under such an attack. Then, based on our insights obtained from vulnerability analysis, we design an adaptive fraudster detection module that explicitly considers label uncertainty. This module can serve as a plug-in for different recommender systems, resulting in a robust framework named Posterior-Detection Recommender (PDR). Comprehensive experiments show that our defense approach outperforms other benchmark methods under attacks. Overall, our research presents an effective framework for integrating fraudster detection into recommendation systems to achieve adversarial robustness.

Original languageEnglish
Pages (from-to)907-919
Number of pages13
JournalIEEE Transactions on Information Forensics and Security
Volume19
DOIs
Publication statusPublished - 23 Oct 2023

Keywords

  • adversarial robustness
  • anomaly detection
  • graph neural networks
  • label uncertainty
  • Recommender system

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Toward Adversarially Robust Recommendation from Adaptive Fraudster Detection'. Together they form a unique fingerprint.

Cite this