Abstract
The robustness of recommender systems under node injection attacks has garnered significant attention. Recently, GraphRfi, a Graph-Neural-Network-based (GNN-based) recommender system, was proposed and shown to effectively mitigate the impact of injected fake users. However, we demonstrate that GraphRfi remains vulnerable to attacks due to the supervised nature of its fraudster detection component, where obtaining clean labels is challenging in practice. In particular, we propose a powerful poisoning attack, MetaC, against both GNN-based and Martix-Faxtorization-based recommender systems. Furthermore, we analyze why GraphRfi fails under such an attack. Then, based on our insights obtained from vulnerability analysis, we design an adaptive fraudster detection module that explicitly considers label uncertainty. This module can serve as a plug-in for different recommender systems, resulting in a robust framework named Posterior-Detection Recommender (PDR). Comprehensive experiments show that our defense approach outperforms other benchmark methods under attacks. Overall, our research presents an effective framework for integrating fraudster detection into recommendation systems to achieve adversarial robustness.
Original language | English |
---|---|
Pages (from-to) | 907-919 |
Number of pages | 13 |
Journal | IEEE Transactions on Information Forensics and Security |
Volume | 19 |
DOIs | |
Publication status | Published - 23 Oct 2023 |
Keywords
- adversarial robustness
- anomaly detection
- graph neural networks
- label uncertainty
- Recommender system
ASJC Scopus subject areas
- Safety, Risk, Reliability and Quality
- Computer Networks and Communications