Filters








9,470 Hits in 2.9 sec

Practical Data Poisoning Attack against Next-Item Recommendation [article]

Hengtong Zhang, Yaliang Li, Bolin Ding, Jing Gao
2020 arXiv   pre-print
In this paper, we focus on a general next-item recommendation setting and propose a practical poisoning attack approach named LOKI against blackbox recommendation systems.  ...  However, due to the openness of the online platform, recommendation systems are vulnerable to data poisoning attacks.  ...  CONCLUSIONS In this work, we propose a data poisoning attack against blackbox next-item recommendation system.  ... 
arXiv:2004.03728v1 fatcat:xscx7fkeqjgppcqhoj4vmoqeja

Data Poisoning Attacks on Factorization-Based Collaborative Filtering [article]

Bo Li, Yining Wang, Aarti Singh, Yevgeniy Vorobeychik
2016 arXiv   pre-print
We introduce a data poisoning attack on collaborative filtering systems.  ...  Recommendation and collaborative filtering systems are important in modern information and e-commerce applications.  ...  One particular form of attacks is called data poisoning, in which a malicious party creates dummy (malicious) users in a recommendation system with carefully chosen item preferences (i.e., data) such that  ... 
arXiv:1608.08182v2 fatcat:vhlgixd4fra63miylhs3sbbfii

Exposing Private User Behaviors of Collaborative Filtering via Model Inversion Techniques

Seira Hidano, Takao Murakami, Shuichi Katsumata, Shinsaku Kiyomoto, Goichiro Hanaoka
2020 Proceedings on Privacy Enhancing Technologies  
In particular, we propose the first MI attack on factorization-based CF systems by leveraging data poisoning by Li et al. (NIPS, 2016) in a novel way.  ...  The current state-of-theart inference attack on user behaviors (e.g., ratings/purchases on sensitive items) for CF is by Calandrino et al. (S&P, 2011).  ...  In this paper, we propose a new type of data poisoning attack that links sensitive items with decoy items while avoiding the detection of data poisoning.  ... 
doi:10.2478/popets-2020-0052 fatcat:q535gxzt6zedzagvk6iy2ol7em

Poisoning Attacks to Local Differential Privacy Protocols for Key-Value Data [article]

Yongji Wu, Xiaoyu Cao, Jinyuan Jia, Neil Zhenqiang Gong
2021 arXiv   pre-print
Our results highlight the needs for new defenses against our poisoning attacks.  ...  In this work, we aim to bridge the gap by introducing novel poisoning attacks to LDP protocols for key-value data.  ...  Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the funding agencies.  ... 
arXiv:2111.11534v2 fatcat:vlxuzulnjnekvjmbpahvol23ve

Model Inversion Attacks for Online Prediction Systems: Without Knowledge of Non-Sensitive Attributes

Seira HIDANO, Takao MURAKAMI, Shuichi KATSUMATA, Shinsaku KIYOMOTO, Goichiro HANAOKA
2018 IEICE transactions on information and systems  
We show the effectiveness of our model inversion attack through experimental evaluation using two real data sets. key words: black box, model inversion, data poisoning, online ML systems  ...  [USENIX 2014] [CCS 2015] proposed a novel attack against ML systems called the model inversion attack that aims to infer sensitive attribute values of a target user.  ...  It has also been studied to boost/reduce the popularity of specific items in item recommendation systems [28] .  ... 
doi:10.1587/transinf.2017icp0013 fatcat:jjpjqswxfzaxrlps6532ohymh4

Data Poisoning Attacks to Local Differential Privacy Protocols [article]

Xiaoyu Cao, Jinyuan Jia, Neil Zhenqiang Gong
2020 arXiv   pre-print
We call our attacks data poisoning attacks. We theoretically and/or empirically show the effectiveness of our attacks. We also explore three countermeasures against our attacks.  ...  for arbitrary attacker-chosen items or identifies them as heavy hitters.  ...  The conditional probability based detection method for one target item was suggested by a reviewer. This work was supported by NSF grant No.1937786.  ... 
arXiv:1911.02046v2 fatcat:a5vxxrvljjh47ddoxzqptz2o5a

Adversarial Item Promotion: Vulnerabilities at the Core of Top-N Recommenders that Use Images to Address Cold Start [article]

Zhuoran Liu, Martha Larson
2020 arXiv   pre-print
Our experiments evaluate the danger of these attacks when mounted against three representative visually-aware recommender algorithms in a framework that uses images to address cold start.  ...  In sum, we show that using images to address cold start opens recommender systems to potential threats with clear practical implications.  ...  [43] propose effective transfer-based poisoning attacks against recommender system, but they discuss that their approach is less effective on cold items.  ... 
arXiv:2006.01888v3 fatcat:33kdwnelhrcdzggbx2iob5w7lu

A survey on Adversarial Recommender Systems: from Attack/Defense strategies to Generative Adversarial Networks [article]

Yashar Deldjoo and Tommaso Di Noia and Felice Antonio Merra
2020 arXiv   pre-print
The goal of this survey is two-fold: (i) to present recent advances on adversarial machine learning (AML) for the security of RS (i.e., attacking and defense recommendation models), (ii) to show another  ...  and recommendation accuracy.  ...  • Poisoning attack. Data poisoning attacks are realized by injecting false data points into the training data with the goal to corrupt/degrade the model (e.g., the classifier).  ... 
arXiv:2005.10322v2 fatcat:4wqcluqgnbbwpkicunn42et5te

Online Data Poisoning Attack [article]

Xuezhou Zhang, Xiaojin Zhu, Laurent Lessard
2019 arXiv   pre-print
We study data poisoning attacks in the online setting where training items arrive sequentially, and the attacker may perturb the current item to manipulate online learning.  ...  Importantly, the attacker has no knowledge of future training items nor the data generating distribution.  ...  Related Work Data poisoning attacks have been studied against a wide range of learning systems. Poisoning attacks against SVM in both online and offline settings have been developed in [3, 27, 4] .  ... 
arXiv:1903.01666v2 fatcat:fimail4tyvgwnnra7dyc5i23sa

Attacking Recommender Systems with Augmented User Profiles [article]

Chen Lin, Si Chen, Hui Li, Yanghua Xiao, Lianyun Li, Qian Yang
2020 arXiv   pre-print
In this paper we study the shilling attack: a subsistent and profitable attack where an adversarial party injects a number of user profiles to promote or demote a target item.  ...  Recommendation Systems (RS) have become an essential part of many online services.  ...  Shilling attack is also called data poisoning [6] or profile injection attack [7] in the literature.  ... 
arXiv:2005.08164v1 fatcat:auooejmsfzcatc2jpe6bxoyt5m

Data Leverage: A Framework for Empowering the Public in its Relationship with Technology Companies [article]

Nicholas Vincent, Hanlin Li, Nicole Tilly, Stevie Chancellor, Brent Hecht
2021 arXiv   pre-print
Many powerful computing technologies rely on implicit and explicit data contributions from the public.  ...  In this paper, we synthesize emerging research that seeks to better understand and help people action this data leverage.  ...  Data poisoning attacks against many types of ML systems have been studied in detail [10, 19, 99, 112, 113, 115] .  ... 
arXiv:2012.09995v2 fatcat:ken4p6t2kjdppaniydm5s4mw6y

Vulnerability-Aware Poisoning Mechanism for Online RL with Unknown Dynamics [article]

Yanchao Sun, Da Huo, Furong Huang
2021 arXiv   pre-print
Poisoning attacks on Reinforcement Learning (RL) systems could take advantage of RL algorithm's vulnerabilities and cause failure of the learning.  ...  policy, with a limited attacking budget.  ...  For example, in an RL-based recommender system, the RL agent recommends an item (i.e., an action) for a user (i.e., a state), and the user may or may not choose to click on the recommended item (i.e.,  ... 
arXiv:2009.00774v3 fatcat:ki6t6mwmt5ebho5k3szpxuurfi

Data Poisoning Attacks in Contextual Bandits [article]

Yuzhe Ma, Kwang-Sung Jun, Lihong Li, Xiaojin Zhu
2018 arXiv   pre-print
We study offline data poisoning attacks in contextual bandits, a class of reinforcement learning problems with important applications in online recommendation and adaptive medical treatment, among others  ...  Experiments on both synthetic and real-world data demonstrate the efficiency of the attack algorithm.  ...  The website unknowingly updates its policy with the poisoned data. On the next day it behaves as the attacker wanted.  ... 
arXiv:1808.05760v2 fatcat:n53turgrrjfudkvtpp7zirqvha

Predictive Blacklisting as an Implicit Recommendation System

Fabio Soldo, Anh Le, Athina Markopoulou
2010 2010 Proceedings IEEE INFOCOM  
poisoning attacks.  ...  A widely used defense practice against malicious traffic on the Internet is to maintain blacklists, i.e., lists of prolific attack sources that have generated malicious activity in the past and are considered  ...  INTRODUCTION A widely used defense practice against malicious traffic on the Internet today is through blacklists: lists of the most prolific attack sources are compiled, shared, and eventually blocked  ... 
doi:10.1109/infcom.2010.5461982 dblp:conf/infocom/SoldoLM10 fatcat:ehxhhjytnreqrm7k5wlz2hybfq

Ready for Emerging Threats to Recommender Systems? A Graph Convolution-based Generative Shilling Attack [article]

Fan Wu, Min Gao, Junliang Yu, Zongwei Wang, Kecheng Liu, Xu Wange
2021 arXiv   pre-print
from recommendations.  ...  To explore the robustness of recommender systems, researchers have proposed various shilling attack models and analyzed their adverse effects.  ...  Shilling Attacks Shilling attack is a fraudulent practice that poisons recommender systems by injecting a number of fake user profiles [13] .  ... 
arXiv:2107.10457v1 fatcat:gs2et2ofevfqnnk47gmj6y4nxq
« Previous Showing results 1 — 15 out of 9,470 results