A novel shilling attack on black-box recommendation systems for multiple targets

In the digital era, e-platforms ubiquitously deploy recommendation systems, utilizing machine learning paradigms to tailor content according to user preferences and needs. Yet, the integrity of these systems is often compromised by shilling attacks, where malicious entities inject fake user profiles to skew product exposure and sales. This vulnerability has catalyzed research efforts to bolster the robustness and security of recommendation systems, primarily through controlled attacks and reinforcement training. This paper introduces an innovative approach to combat the inefficiency of traditional single-target shilling attacks. We propose a novel multi-target shilling strategy for black-box recommendation systems, capable of generating convincing and aggressive fake user profiles. Given the complexity of the recommendation system algorithms, we employ surrogate models to replicate and understand the target system’s behavior. The surrogate model is then subjected to attacks using our proposed methodology. An attack is deemed successful when it achieves an 80% or higher success rate against the surrogate, preluding an attack on the actual recommendation system. Our model, RWA-GAN, stands out by integrating two components: a generative adversarial network (GAN) for crafting realistic fake user profiles, and a mechanism to enhance attack success rates. This dual approach not only expedites the attack process but also ensures the generation of more authentic and well-distributed fake profiles, making the model easier to migrate. Additionally, the paper delineates several defense strategies against such attacks, contributing significantly to the discourse on enhancing the robustness of recommender systems.