An open-source framework for conducting data poisoning attacks on recommendation systems, designed to assist researchers and practitioners.
Members:
Zongwei Wang, Chongqing University, China, [email protected]
Hao Ma, Chongqing University, China, [email protected]
Supported by:
Prof. Min Gao, Chongqing University, China, [email protected]
- Two configure files attack_parser.py and recommend_parser are in the directory named conf, and you can select and configure the recommendation model and attack model by modifying the configuration files.
- Run main.py.
Recommend Model | Paper | Type |
---|---|---|
GMF | Yehuda et al. Matrix Factorization Techniques for Recommender Systems, IEEE Computer'09. | MF |
WRMF | Hu et al.Collaborative Filtering for Implicit Feedback Datasets, KDD'09. | MF |
NCF | He et al. Neural Collaborative Filtering, WWW'17. | Deep Learning |
NGCF | Wang et al. Neural Graph Collaborative Filtering, SIGIR'19. | Graph |
SGL | Wu et al. Self-supervised Graph Learning for Recommendation, SIGIR'21. | Graph + CL |
SimGCL | Yu et al. Are Graph Augmentations Necessary? Simple Graph Contrastive Learning for Recommendation, SIGIR'22. | Graph + CL |
- CL is short for contrastive learning (including data augmentation); DA is short for data augmentation only
Attack Model | Paper | Form | Method |
---|---|---|---|
RandomAttack | Lam et al. Shilling Recommender Systems for Fun and Profit. WWW'2004 | dataAttack | Heuristic |
BandwagonAttack | Gunes et al. Shilling Attacks against Recommender Systems: A Comprehensive Survey. Artif.Intell.Rev.'2014 | dataAttack | Heuristic |
PGA | Li et al. Data poisoning attacks on factorization-based collaborative filtering. NIPS'2016. | dataAttack | Direct Gradient Optimization |
AUSH | Lin C et al. Attacking recommender systems with augmented user profiles. CIKM'2020. | dataAttack | GAN |
GOAT | Wu et al. Ready for emerging threats to recommender systems? A graph convolution-based generative shilling attack. Information Sciences'2021. | dataAttack | GAN |
FedRecAttack | Rong et al. Fedrecattack: Model poisoning attack to federated recommendation. ICDE'2022. | gradientAttack | Direct Gradient Optimization |
RAPU_G | Zhang et al. Data Poisoning Attack against Recommender System Using Incomplete and Perturbed Data. KDD'2021). | dataAttack | optimization |
A_ra | Rong et al. Poisoning Deep Learning Based Recommender Model in Federated Learning Scenarios. IJCAI'2022. | gradientAttack | Direct Gradient Optimization |
Determine whether you want to implement the attack model or the recommendation model, and then add the file under the corresponding directory.
If you are an attack method, make sure:
- Whether you need information of the recommender model, and then set self.recommenderGradientRequired.
- Whether you need gradient information of training recommender model, and then set self.recommenderModelRequired.
- Make sure your attack type (gradientAttack/dataAttack).
- If gradientAttack: Reimplement function gradientattack()
- If dataAttack: Reimplement function gradientattack()
If you are an attack method, reimplement the following functions:
- init()
- train()
- save()
- predict()
- evaluate()
- test()
base==1.0.4
numba==0.53.1
numpy==1.18.0
scipy==1.4.1
torch==1.7.1