Abstract:Recommender systems have become an integral part of online services due to their ability to help users locate specific information in a sea of data. However, existing studies show that some recommender systems are vulnerable to poisoning attacks particularly those that involve learning schemes. A poisoning attack is where an adversary injects carefully crafted data into the process of training a model, with the goal of manipulating the system’s final recommendations. Based on recent advancements in artificial intelligence (AI), such attacks have gained importance recently. At present, we do not have a full and clear picture of why adversaries mount such attacks, nor do we have comprehensive knowledge of the full capacity to which such attacks can undermine a model or the impacts that might have. While numerous countermeasures to poisoning attacks have been developed, they have not yet been systematically linked to the properties of the attacks. Consequently, assessing the respective risks and potential success of mitigation strategies is difficult, if not impossible. This survey aims to fill this gap by primarily focusing on poisoning attacks and their countermeasures. This is in contrast to prior surveys that mainly focus on attacks and their detection methods. Through an exhaustive literature review, we provide a novel taxonomy for poisoning attacks, formalise its dimensions, and accordingly organise 31 attacks described in the literature. Further, we review 43 countermeasures to detect and/or prevent poisoning attacks, evaluating their effectiveness against specific types of attacks. This comprehensive survey should serve as a point of reference for protecting recommender systems against poisoning attacks. The article concludes with a discussion on open issues in the field and impactful directions for future research. A rich repository of resources associated with poisoning attacks is available at https://github.com/tamlhp/awesome-recsys-poisoning.

Manipulating Recommender Systems: A Survey of Poisoning Attacks and Countermeasures

Manipulating Recommender Systems: A Survey of Poisoning Attacks and Countermeasures

Poisoning Attacks and Defenses in Recommender Systems: A Survey

Poisoning Attacks against Recommender Systems: A Survey

Poisoning Deep Learning Based Recommender Model in Federated Learning Scenarios.

Data Poisoning Attacks in Internet-of-Vehicle Networks: Taxonomy, State-of-The-Art, and Future Directions.

FedRecAttack: Model Poisoning Attack to Federated Recommendation

PoisonRec: an Adaptive Data Poisoning Framework for Attacking Black-box Recommender Systems

Poisoning Attacks to Graph-Based Recommender Systems

Poisoning GNN-based Recommender Systems with Generative Surrogate-based Attacks

Poisoning Decentralized Collaborative Recommender System and Its Countermeasures

Influence-Driven Data Poisoning for Robust Recommender Systems

Fight Fire with Fire: Towards Robust Recommender Systems Via Adversarial Poisoning Training

Data Poisoning Attacks to Deep Learning Based Recommender Systems

Poison-Tolerant Collaborative Filtering Against Poisoning Attacks on Recommender Systems

Threats to Training: A Survey of Poisoning Attacks and Defenses on Machine Learning Systems

PipAttack: Poisoning Federated Recommender Systems forManipulating Item Promotion

PORE: Provably Robust Recommender Systems against Data Poisoning Attacks

Manipulating Federated Recommender Systems: Poisoning with Synthetic Users and Its Countermeasures

Poisoning QoS-aware cloud API recommender system with generative adversarial network attack

Revisiting Adversarially Learned Injection Attacks Against Recommender Systems