short-paper

Adversarial Attacks and Detection on Reinforcement Learning-Based Interactive Recommender Systems

Authors:

Wei Emma ZhangAuthors Info & Claims

SIGIR '20: Proceedings of the 43rd International ACM SIGIR Conference on Research and Development in Information Retrieval

Pages 1669 - 1672

https://doi.org/10.1145/3397271.3401196

Published: 25 July 2020 Publication History

Get Access

Abstract

Adversarial attacks pose significant challenges for detecting adversarial attacks at an early stage. We propose attack-agnostic detection on reinforcement learning-based interactive recommendation systems. We first craft adversarial examples to show their diverse distributions and then augment recommendation systems by detecting potential attacks with a deep learning-based classifier based on the crafted data. Finally, we study the attack strength and frequency of adversarial examples and evaluate our model on standard datasets with multiple crafting methods. Our extensive experiments show that most adversarial attacks are effective, and both attack strength and attack frequency impact the attack performance. The strategically-timed attack achieves comparative attack performance with only 1/3 to 1/2 attack frequency. Besides, our black-box detector trained with one crafting method has the generalization ability over several crafting methods.

References

[1]

Haokun Chen, Xinyi Dai, Han Cai, Weinan Zhang, Xuejian Wang, Ruiming Tang, Yuzhou Zhang, and Yong Yu. 2019. Large-scale interactive recommendation with tree-structured policy gradient. In Proceedings of the AAAI Conference on Artificial Intelligence, Vol. 33. AAAI, 3312--3320.

Digital Library

Google Scholar

[2]

Ji Gao, Jack Lanchantin, Mary Lou Soffa, and Yanjun Qi. 2018. Black-box generation of adversarial text sequences to evade deep learning classifiers. In 2018 IEEE Security and Privacy Workshops (SPW). IEEE, 50--56.

Crossref

Google Scholar

[3]

Ian J. Goodfellow, Jonathon Shlens, and Christian Szegedy. 2014. Explaining and Harnessing Adversarial Examples. (2014). arxiv: cs, stat/1412.6572 http://arxiv.org/abs/1412.6572

Google Scholar

[4]

Ruining He and Julian McAuley. 2016. Ups and downs: Modeling the visual evolution of fashion trends with one-class collaborative filtering. In proceedings of the 25th international conference on world wide web. International World Wide Web Conferences Steering Committee, 507--517.

Digital Library

Google Scholar

[5]

Sandy Huang, Nicolas Papernot, Ian Goodfellow, Yan Duan, and Pieter Abbeel. 2017. Adversarial Attacks on Neural Network Policies. (2017). http://arxiv.org/abs/1702.02284

Google Scholar

[6]

Yen-Chen Lin, Zhang-Wei Hong, Yuan-Hong Liao, Meng-Li Shih, Ming-Yu Liu, and Min Sun. 2017. Tactics of Adversarial Attack on Deep Reinforcement Learning Agents. (2017). http://arxiv.org/abs/1703.06748

Google Scholar

[7]

Tariq Mahmood and Francesco Ricci. 2007. Learning and adaptivity in interactive recommender systems. In Proceedings of the ninth international conference on Electronic commerce. ACM, 75--84.

Digital Library

Google Scholar

[8]

Seyed-Mohsen Moosavi-Dezfooli, Alhussein Fawzi, and Pascal Frossard. 2016. Deepfool: a simple and accurate method to fool deep neural networks. In Proceedings of the IEEE conference on computer vision and pattern recognition. 2574--2582.

Crossref

Google Scholar

[9]

Nicolas Papernot, Patrick McDaniel, Somesh Jha, Matt Fredrikson, Z Berkay Celik, and Ananthram Swami. 2016. The limitations of deep learning in adversarial settings. In 2016 IEEE European Symposium on Security and Privacy (EuroS&P). IEEE, 372--387.

Crossref

Google Scholar

[10]

Anay Pattanaik, Zhenyi Tang, Shuijing Liu, Gautham Bommannan, and Girish Chowdhary. 2017. Robust Deep Reinforcement Learning with Adversarial Attacks. (2017). http://arxiv.org/abs/1712.03632

Google Scholar

[11]

Christian Szegedy, Wojciech Zaremba, Ilya Sutskever, Joan Bruna, Dumitru Erhan, Ian Goodfellow, and Rob Fergus. 2013. Intriguing Properties of Neural Networks. (2013). arxiv: cs/1312.6199 http://arxiv.org/abs/1312.6199

Google Scholar

[12]

Nima Taghipour and Ahmad Kardan. 2008. A hybrid web recommender system based on q-learning. In Proceedings of the 2008 ACM symposium on Applied computing. ACM, 1164--1168.

Digital Library

Google Scholar

[13]

Cynthia A Thompson, Mehmet H Goker, and Pat Langley. 2004. A personalized system for conversational recommendations. Journal of Artificial Intelligence Research, Vol. 21 (2004), 393--428.

Crossref

Google Scholar

[14]

Yikun Xian, Zuohui Fu, S Muthukrishnan, Gerard de Melo, and Yongfeng Zhang. 2019. Reinforcement Knowledge Graph Reasoning for Explainable Recommendation. arXiv preprint arXiv:1906.05237 (2019).

Google Scholar

Cited By

View all

Liu PLi XZang BDiao G(2024)Privacy-preserving sports data fusion and prediction with smart devices in distributed environmentJournal of Cloud Computing10.1186/s13677-024-00671-313:1Online publication date: 21-May-2024
https://doi.org/10.1186/s13677-024-00671-3
Chen XWang SMcAuley JJannach DYao L(2024)On the Opportunities and Challenges of Offline Reinforcement Learning for Recommender SystemsACM Transactions on Information Systems10.1145/366199642:6(1-26)Online publication date: 19-Aug-2024
https://dl.acm.org/doi/10.1145/3661996
Ge YLiu SFu ZTan JLi ZXu SLi YXian YZhang Y(2024)A Survey on Trustworthy Recommender SystemsACM Transactions on Recommender Systems10.1145/3652891Online publication date: 13-Apr-2024
https://doi.org/10.1145/3652891
Show More Cited By

Index Terms

Adversarial Attacks and Detection on Reinforcement Learning-Based Interactive Recommender Systems
1. Information systems
  1. Information retrieval
    1. Retrieval tasks and goals
      1. Recommender systems
2. Theory of computation
  1. Theory and algorithms for application domains
    1. Machine learning theory
      1. Reinforcement learning
        Adversarial learning

Recommendations

XSS adversarial example attacks based on deep reinforcement learning
Abstract
Cross-site scripting (XSS) attack is one of the most serious security problems in web applications. Although deep neural network (DNN) has been used in XSS attack detection and achieved unprecedented success, it is vulnerable to ...
Universal Distributional Decision-Based Black-Box Adversarial Attack with Reinforcement Learning
Neural Information Processing
Abstract
The vulnerability of the high-performance machine learning models implies a security risk in applications with real-world consequences. Research on adversarial attacks is beneficial in guiding the development of machine learning models on the one ...
Adversarial attacks on malware detection models for smartphones using reinforcement learning: PhD forum abstract
SenSys '20: Proceedings of the 18th Conference on Embedded Networked Sensor Systems

Malware analysis and detection is a rat race between malware designer and anti-malware community. Most of the current Smartphone antivirus(s) are based on the signature, heuristic and behaviour based mechanisms which are unable to detect advanced ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

SIGIR '20: Proceedings of the 43rd International ACM SIGIR Conference on Research and Development in Information Retrieval

July 2020

2548 pages

ISBN:9781450380164

DOI:10.1145/3397271

General Chairs:
Jimmy Huang
York University, Canada
,
Yi Chang
Jilin University, China
,
Xueqi Cheng
Chinese Academy of Sciences, China
,
Program Chairs:
Jaap Kamps
University of Amsterdam, Netherlands
,
Vanessa Murdock
Amazon, U.S.A.
,
Ji-Rong Wen
Renmin University of China, China
,
Yiqun Liu
Tsinghua University, China

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 25 July 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper

Conference

SIGIR '20

Sponsor:

SIGIR

SIGIR '20: The 43rd International ACM SIGIR conference on research and development in Information Retrieval

July 25 - 30, 2020

Virtual Event, China

Acceptance Rates

Overall Acceptance Rate 792 of 3,983 submissions, 20%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

27
Total Citations
View Citations
674
Total Downloads

Downloads (Last 12 months)80
Downloads (Last 6 weeks)8

Reflects downloads up to 18 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Liu PLi XZang BDiao G(2024)Privacy-preserving sports data fusion and prediction with smart devices in distributed environmentJournal of Cloud Computing10.1186/s13677-024-00671-313:1Online publication date: 21-May-2024
https://doi.org/10.1186/s13677-024-00671-3
Chen XWang SMcAuley JJannach DYao L(2024)On the Opportunities and Challenges of Offline Reinforcement Learning for Recommender SystemsACM Transactions on Information Systems10.1145/366199642:6(1-26)Online publication date: 19-Aug-2024
https://dl.acm.org/doi/10.1145/3661996
Ge YLiu SFu ZTan JLi ZXu SLi YXian YZhang Y(2024)A Survey on Trustworthy Recommender SystemsACM Transactions on Recommender Systems10.1145/3652891Online publication date: 13-Apr-2024
https://doi.org/10.1145/3652891
Wang WWang CFeng FShi WDing DChua TChua TNgo CKa-Wei Lee RKumar RLauw H(2024)Uplift Modeling for Target User Attacks on Recommender SystemsProceedings of the ACM Web Conference 202410.1145/3589334.3645403(3343-3354)Online publication date: 13-May-2024
https://dl.acm.org/doi/10.1145/3589334.3645403
Lin YLiu YLin FZou LWu PZeng WChen HMiao C(2024)A Survey on Reinforcement Learning for Recommender SystemsIEEE Transactions on Neural Networks and Learning Systems10.1109/TNNLS.2023.328016135:10(13164-13184)Online publication date: Oct-2024
https://doi.org/10.1109/TNNLS.2023.3280161
Ayemowa MIbrahim RKhan M(2024)Analysis of Recommender System Using Generative Artificial Intelligence: A Systematic Literature ReviewIEEE Access10.1109/ACCESS.2024.341696212(87742-87766)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3416962
Boratto LFabbri FFenu GMarras MMedda G(2024)Robustness in Fairness Against Edge-Level Perturbations in GNN-Based RecommendationAdvances in Information Retrieval10.1007/978-3-031-56063-7_3(38-55)Online publication date: 23-Mar-2024
https://doi.org/10.1007/978-3-031-56063-7_3
Cui MZhang YHu ZBi NDu TLuo KLiu J(2024)Attribute expansion relation extraction approach for smart engineering decision‐making in edge environmentsConcurrency and Computation: Practice and Experience10.1002/cpe.8253Online publication date: 26-Sep-2024
https://doi.org/10.1002/cpe.8253
Yao MYu HBian H(2023)Defending against adversarial attacks on graph neural networks via similarity propertyAI Communications10.3233/AIC-22012036:1(27-39)Online publication date: 1-Jan-2023
https://dl.acm.org/doi/10.3233/AIC-220120
Xiao LCao YGai YLiu JZhong PMoghimi M(2023)Review on the application of cloud computing in the sports industryJournal of Cloud Computing10.1186/s13677-023-00531-612:1Online publication date: 2-Nov-2023
https://doi.org/10.1186/s13677-023-00531-6
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

XSS adversarial example attacks based on deep reinforcement learning

Universal Distributional Decision-Based Black-Box Adversarial Attack with Reinforcement Learning

Adversarial attacks on malware detection models for smartphones using reinforcement learning: PhD forum abstract