Research On Data Poisoning Attack Methods For Recommender Systems

As one of the basic technologies of personalized service,recommender system is widely used in e-commerce websites,movies,music,social networks and other fields.However,the current research on recommender systems does not have enough security considerations.recommendation algorithms are easily affected by data poisoning attacks.Attackers,driven by interests,could artificially inject a large number of fake user profiles into the recommender system.They manipulating the recommendation results by deliberately disrupt the data distribution so that the recommendation direction is skewed according to the attacker's will.Once the recommender system is attacked by data poisoning attack,it will not only cause property losses of enterprises and users,but may also become the breeding ground for the spread of rumors and cult propaganda which could endanger social stability and public safety.Therefore,it is necessary to study the poisoning attack on recommender system.On the one hand,this research can "promote defense by attack".It could provide ideas for the detection research on data poisoning attack by testing the robustness of the recommendation algorithm.On the other hand,it can provide suggestions for improving the recommender system from a security perspective,so that spirally promoting the development of the recommendation algorithm.Because of the sparsity of the user-item rating matrix,the current research of data poisoning attack has challenges in choosing attack user profiles when targeting a certain type of recommendation algorithm.Usually,users and items are not analyzed in fine-grained importance and relevance in current research,so there is a certain blindness in the selection.To this end,this paper is devoted to the generation of fake user profiles in data poisoning attacks based on recommender systems.Based on the user's historical scoring behavior,combined with the characteristics of the recommendation model,starting from the relationship between the item and the user,this paper proposes an effective solution to the limitations of the existing data poisoning attack,and has completed the following three aspects of research work.First,through a detailed analysis of the dataset,a fine-grained user classification strategy is proposed,and this strategy are verified the feasibility and necessity on real dataset.After experiments,the result shows the threat degree of this poisoning strategy on the neighborhoodbased recommender system.with the analysis results,the feasible ideas for data poisoning attack of recommender system are summarized.Then,by combining the experimental results of fine-grained user-classified poisoning attacks,a combined data poisoning strategy is proposed based on the idea of collaborative filtering.This strategy is applied to the neighborhood-based recommender system and the deep learning-based recommender system.Through a comparative experiment,the attack effect of combined strategy is verified,meanwhile,the robustness of the recommendation algorithm is tested.Finally,a data poisoning attack system for recommender system is designed and implemented.This system can generate the corresponding poisoning hit rate for the dataset,the recommendation algorithm,and the attack method that are selected by the user,and then visualize the poisoning result.