南京大学学报(自然科学版)2024,Vol.60Issue(6):881-899,19.DOI:10.13232/j.cnki.jnju.2024.06.001
针对推荐系统的隐蔽虚假用户数据的黑盒对抗攻击
Black-box adversarial attacks with imperceptible fake user profiles for recommender systems
摘要
Abstract
Attackers inject the designed adversarial sample into the target recommendation system to achieve illegal goals,seriously affecting the security and reliability of the recommendation system.It is difficult for attackers to obtain detailed knowledge of the target model in actual scenarios,so using gradient optimization to generate adversarial samples in the local surrogate model has become an effective black-box attack strategy.However,these methods suffer from gradients falling into local minima,limiting the transferability of the adversarial samples.This reduces the attack's effectiveness and often ignores the imperceptibility of the generated adversarial samples.To address these challenges,we propose a novel attack algorithm called PGMRS-KL that combines pre-gradient-guided momentum gradient optimization strategy and fake user generation constrained by Kullback-Leibler divergence.Specifically,the algorithm combines the accumulated gradient direction with the previous step's gradient direction to iteratively update the adversarial samples.It uses KL loss to minimize the distribution distance between fake and real user data,achieving high transferability and imperceptibility of the adversarial samples.Experimental results demonstrate the superiority of our approach over state-of-the-art gradient-based attack algorithms in terms of attack transferability and the generation of imperceptible fake user data.关键词
推荐系统/对抗样本/可转移性/不可察觉性Key words
recommendation systems/adversarial examples/transferability/imperceptible分类
信息技术与安全科学引用本文复制引用
钱付兰,刘景刚,陈海,陈文斌,赵姝,张燕平..针对推荐系统的隐蔽虚假用户数据的黑盒对抗攻击[J].南京大学学报(自然科学版),2024,60(6):881-899,19.基金项目
The National Natural Science Foundation of China(61876001),Opening Foundation of State Key Laboratory of Cognitive Intelligence,Opening Foundation of State Key Laboratory of Cognitive Intelligence(iED2022-006),Scientific Research Planning Project of Anhui Province(2022AH050072) (61876001)
