Research On Security Of Recommendation System Based On Adversarial Machine Learning

The recommendation system can mine users' historical behavior data and actively recommend valuable information that users may be interested in.Due to the excellent nature,recommendation system is widely used in web applications such as E-commerce,which brings great convenience to users.At the same time,it is followed by more and more malicious attacks against the recommendation system,making the recommendation system security assessment very important.In recent years,the academic community has conducted related research,but the existing work is directed to a specific traditional recommendation algorithm,which cannot be applied to the recommendation algorithm based on graph convolutional neural network.In addition,the recommendation system of the e-commerce platform often involves image data,for example,using product image information to assist recommendation or using image verification code to prevent sybil users from logging in,etc.,which leads to more complicated attack and defense problems of the recommendation system in actual scenes.Most of the current researches are limited to the countermeasures of the theoretical level of recommendation algorithms,and do not take into account the attack and defense confrontation problems of image classification model that may exist in the actual system.Based on the above background,this paper studies the security of the proposed algorithm based on graph convolutional neural network,and studies the black-box confrontation attack and defense strategy for image classification model.Based on the summary of the existing research work,this paper first studies the confrontation attack of the graph convolutional neural network based recommendation algorithm,and then carries out the research on the strict black-box attack method and the corresponding defense strategy for the image classification model.The main contents include:(1)Summarizing and analyzing the main contributions and deficiencies of the existing research work on the security of the recommended system.Including the summary and analysis of the research on adversarial attack against recommendation algorithms,the summary analysis of the research on adversarial attack against convolutional neural network models,and the summary analysis of the research on adversarial attack against image classification models.(2)Aiming at the adversarial attack problem of recommendation algorithm based on graph convolutional neural network,an imitation attack algorithm based on commodity-score co-occurrence is proposed.The main idea of the algorithm is controlling the sybil users to rate scores to the victim products.This paper conducted comparison experiments on two real data sets,the comparison analysis was carried out from different angles of different attack algorithms,different attack capabilities and different types of attack targets.The experimental results show that the proposed algorithm can effectively improve the average rate of improvement of predicted scores of victim products.(3)Aiming at the problem of attack and defense against the image classification model existing in the recommendation system,an extended scheme of strict black box attack model is proposed,which supplements the attacker query times as a measure of the attack algorithm.On this basis,the black-box confrontation attack algorithm based on greedy cutting-plane method and the corresponding dynamic defense strategy are proposed.Through the offensive and defensive experiments on data sets in different fields,it is proved that the attack algorithm is superior to the state of the art black-box attack algorithm in the average number of queries and attack quality,and the defense strategy proposed in this paper can effectively alleviate the impact of this type of attack.