A Black-Box Attack Model for Visually-Aware Recommender Systems

Rami Cohen, Oren Sar Shalom, Dietmar Jannach, Amihood Amir

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

20 Scopus citations

Abstract

Due to the advances in deep learning, visually-aware recommender systems (RS) have recently attracted increased research interest. Such systems combine collaborative signals with images, usually represented as feature vectors outputted by pre-trained image models. Since item catalogs can be huge, recommendation service providers often rely on images that are supplied by the item providers. In this work, we show that relying on such external sources can make an RS vulnerable to attacks, where the goal of the attacker is to unfairly promote certain pushed items. Specifically, we demonstrate how a new visual attack model can effectively influence the item scores and rankings in a black-box approach, i.e., without knowing the parameters of the model. The main underlying idea is to systematically create small human-imperceptible perturbations of the pushed item image and to devise appropriate gradient approximation methods to incrementally raise the pushed item's score. Experimental evaluations on two datasets show that the novel attack model is effective even when the contribution of the visual features to the overall performance of the recommender system is modest.

Original languageEnglish
Title of host publicationWSDM 2021 - Proceedings of the 14th ACM International Conference on Web Search and Data Mining
PublisherAssociation for Computing Machinery, Inc
Pages94-102
Number of pages9
ISBN (Electronic)9781450382977
DOIs
StatePublished - 3 Aug 2021
Event14th ACM International Conference on Web Search and Data Mining, WSDM 2021 - Virtual, Online, Israel
Duration: 8 Mar 202112 Mar 2021

Publication series

NameWSDM 2021 - Proceedings of the 14th ACM International Conference on Web Search and Data Mining

Conference

Conference14th ACM International Conference on Web Search and Data Mining, WSDM 2021
Country/TerritoryIsrael
CityVirtual, Online
Period8/03/2112/03/21

Bibliographical note

Publisher Copyright:
© 2021 ACM.

Keywords

  • adversarial examples
  • attacks
  • recommender systems

Fingerprint

Dive into the research topics of 'A Black-Box Attack Model for Visually-Aware Recommender Systems'. Together they form a unique fingerprint.

Cite this