Data Hybrid Attacks Based on Sensitive Users in Recommender Systems

Recommender systems, which make precise recommendations through historical interaction data of users and items, have been widely used in real life. But at the same time, because of the open nature of the systems, they are vulnerable to malicious attacks. To explore the robustness of recommender systems, researchers have proposed various attack methods and analyzed their adverse effects. Although the current attack methods can make good results on rating-based recommender systems, they lack thinking about an attack for a social recommendation. Social relationships have a non-negligible role in recommender systems, but there is still little related research, which only constructs fake rating profiles and fake relationship profiles with simple rules, without considering the mutual influence of rating and social information. To address the above problem, we study the attack method with deeply hidden features and propose a hybrid attack method based on sensitive users. It can further enhance the hidden features of fake users, and then use social attacks to assist in attacking social recommendation methods. Empirical results on three public datasets show that our method outperforms traditional methods in terms of attack effectiveness and has excellent anti-detection capability. Ultimately, we hope that our method could enable more analysis for such a hybrid attack and guides for investigating effective prevention measures.