Enhancing the Security of Recommender Systems: Attack and Defence

The School of EECS is hosting the following PhD Progress Review 1 Confirmation Seminar:

Enhancing the Security of Recommender Systems: Attack and Defence

Speaker: Yuchuan Zhao
Host: Dr. Xin Yu

Abstract:

As e-commerce and web applications continue to flourish, Recommender Systems (RecSys) have become vital for delivering personalized suggestions that match user preferences. However, this central role makes them appealing targets for adversaries who seek to compromise model integrity and manipulate recommendation outcomes. Data poisoning attack which is one of the most prevalent threats involves injecting crafted, misleading information that can promote undesirable items or suppress legitimate ones, potentially undermining user trust and business objectives. Meanwhile, recent advances in large language models (LLMs) have expanded the capabilities of RecSys but also introduced new security vulnerabilities. By relying heavily on semantic understanding, LLM-based recommendation methods expose themselves to text-based manipulation, making them susceptible to sophisticated attacks. Considering these growing threats, establishing robust defenses has become paramount. Effective countermeasures safeguard recommendation accuracy, preserve user confidence, and maintain the stability of recommender platforms in ever-changing environments. 

In this report, we focus on data poisoning attack in sequential recommendation (SRSs). Existing attacks typically aim to boost target item rankings by injecting crafted sequences, often at the cost of degrading users’ genuine preferences – resulting in noticeable drops in recommendation accuracy and reduced stealth. Moreover, the generated poisoning sequences are prone to substantial repetition of target items, which is a result of the unitary objective of boosting their overall exposure and lack of effective diversity regularizations. Such homogeneity not only compromises the authenticity of these sequences but also limits the attack effectiveness. To address these challenges, we propose a Diversity-aware Dual-promotion Sequential Poisoning attack method named DDSP for SRSs. DDSP improves stealthiness and effectiveness by balancing target item promotion with preserving users’ true preferences and enhancing sequence diversity through auto-regressive generator and diversity re-ranking strategy. We also outline our preliminary approaches to two additional research directions: attacks on LLM-based RecSys and defences against adversarial threats, which will serve as the technical foundations for the remainder of this project.

Bio: Yuchuan Zhao is a second-year PhD student in the School of Electrical Engineering and Computer Science (EECS) at the University of Queensland, supervised by Dr Rocky Chen, Prof. Hongzhi Yin, and Dr Junliang Yu. She is currently working on data poisoning attack on sequential recommendation. Previously, she obtained her master’s degree from Anhui University, China.