Abstract
Deep neural networks are vulnerable to attacks, posing significant security concerns across various applications, particularly in computer vision. Adversarial training has demonstrated effectiveness in improving the robustness of deep learning models by incorporating perturbations into the input space during training. Recently, adversarial training has been successfully applied to deep recommender systems. In these systems, user and item embeddings are perturbed through a minimax game, with constraints on perturbation directions, to enhance the model’s robustness and generalization. However, they still fail to defend against iterative attacks, which have shown an over 60% increase in effectiveness in the computer vision domain. Deep recommender systems may therefore be more susceptible to iterative attacks, which might lead to generalization failures. In this paper, we adapt iterative examples for deep recommender systems. Specifically, we propose a Deep Recommender with Iteration Directional Adversarial Training (DRIDAT) that combines attention mechanism and directional adversarial training for recommendations. Firstly, we establish a consumer-product collaborative attention to convey consumers different preferences on their interested products and the distinct preferences of different consumers on the same product they like. Secondly, we train the DRIDAT objective function using adversarial learning to minimize the impact of iterative attack. In addition, the maximum direction attack could push the embedding vector of input attacks towards instances with distinct labels. We mitigate this problem by implementing suitable constraints on the direction of the attack. Finally, we perform a series of evaluations on two prominent datasets. The findings show that our methodology outperforms all other methods for all metrics.
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs00607-024-01326-6/MediaObjects/607_2024_1326_Fig1_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs00607-024-01326-6/MediaObjects/607_2024_1326_Figa_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs00607-024-01326-6/MediaObjects/607_2024_1326_Fig2_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs00607-024-01326-6/MediaObjects/607_2024_1326_Fig3_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs00607-024-01326-6/MediaObjects/607_2024_1326_Fig4_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs00607-024-01326-6/MediaObjects/607_2024_1326_Fig5_HTML.png)
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.Data availability
The data that support the findings of this study are available from the corresponding author upon reasonable request.
References
Koren Y, Bell R, Volinsky C (2009) Matrix factorization techniques for recommender systems. Computer 42(8):30–37
Ortega F, Rojo D, Valdiviezo-Diaz P, Raya L (2018) Hybrid collaborative filtering based on users rating behavior. IEEE Access, pp 69582–69591
Ding J, Feng F, He X, Yu G, Li Y, Jin D (2018) An improved sampler for Bayesian personalized ranking by leveraging view data. In: Companion proceedings of the web conference, pp 13–14
Liu H, Wu Z, Zhang X (2018) CPLR: collaborative pairwise learning to rank for personalized recommendation. Knowl-Based Syst, pp 31–40
Rendle S, Freudenthaler C, Gantner Z, Schmidt-Thieme L (2012) BPR: Bayesian personalized ranking from implicit feedback. In: Proceedings of the 25th conference on uncertainty in artificial intelligence, pp 452–461
Zhang W, Chen T, Wang J, Yu Y (2013) Optimizing top-N collaborative filtering via dynamic negative item sampling. In: Proceedings of the 36th international ACM SIGIR conference on research and development in information retrieval, pp 785–788
Zhao T, McAuley J, King I (2014) Leveraging social connections to improve personalized ranking for collaborative filtering. In: Proceedings of the 23rd ACM international conference on information and knowledge management, pp 261–270
Collobert R , Weston J (2008) A unified architecture for natural language processing: deep neural networks with multitask learning. In: Proceedings of the 25th international conference on machine learning (ICML), pp 160–167
Graves A, Jaitly N (2014) Towards end-to-end speech recognition with recurrent neural networks. In: Proceedings of the 31st international conference on machine learning, pp 1764–1772
Xue F, He X, Wang X, Xu J, Liu K, Hong R (2019) Deep item-based collaborative filtering for top-n recommendation. ACM Trans Inf Syst 37(3):3
He X, He Z, Du X, Chua T.-S. (2018) Adversarial personalized ranking for recommendation. In: Proceedings of the 41st international ACM SIGIR conference on research and development in information retrieval, pp 355–364
Goodfellow IJ, Shlens J, Szegedy C (2014) Explaining and harnessing adversarial examples. arXiv:1412.6572
Szegedy C, Zaremba W, Sutskever I, Bruna J, Erhan D, Goodfellow IJ, Fergus R (2013) Intriguing properties of neural networks. arXiv:1312.6199
Miyato T, Maeda S, Koyama M, Ishii S (2018) Virtual adversarial training: a regularization method for supervised and semi-supervised learning. IEEE Trans Pattern Anal Mach Intell 41(8):1979–1993
Xu Y, Chen L, Xie F, Hu W, Zhu J, Chen C, Zheng Z (2020) Directional adversarial training for recommender systems. In: 24th European conference on artificial intelligence (ECAI), pp 553–560
Kurakin A, Goodfellow IJ, Bengio S (2017) Adversarial examples in the physical world. https://openreview.net/forum?id=HJGU3Rodl
Anelli VW, Bellogin A, Deldjoo Y, Di Noia T, Merra FA (2021) Msap: multi-step adversarial perturbations on recommender systems embeddings. In: Proceedings of the thirty-fourth international Florida artificial intelligence research society conference, pp 1–6
Koren Y, Rendle S, Bell R (2021) Advances in collaborative filtering. In: Recommender systems handbook, pp 91–142
Rendle S, Krichene W, Zhang L, Anderson J (2020) Neural collaborative filtering vs. matrix factorization revisited. In: Proceedingsof the 14th ACM conference on recommender systems, pp 240–248
Qi L, Liu Y, Zhang Y, Xu X, Bilal M, Song H (2022) Privacy-aware point-of-interest category recommendation in internet of things. IEEE Internet Things J 9(21):21398–21408
Liu Y, Zhou X, Kou H, Zhao Y, Xu X, Zhang X et al (2023) Privacy-preserving point-of-interest recommendation based on simplified graph convolutional network for geological traveling. In: AACM transactions on intelligent systems and technology
Hu Y, Koren Y, Volinsky C (2008) Collaborative filtering for implicit feedback datasets. In: 2008 Eighth IEEE international conference on Data Mining, 263-272
Pan W , Chen L (2013) GBPR: group preference based Bayesian personalized ranking for one-class collaborative filtering. In: Proceedings of the 23rd international joint conference on artificial intelligence, pp 2691–2697
Pan W, Zhong H, Xu C, Ming Z (2015) Adaptive bayesian personalized ranking for heterogeneous implicit feedbacks. Knowl-Based Syst, 173-180
Kim S, Lee J, Shim H (2019) Dual neural personalized ranking. In: Proceedings of the world wide web conference (WWW), pp 863–873
Wang P, Li S, Pan R (2018) Incorporating GAN for negative sampling in knowledge representation learning. In: Proceedings of the 32nd AAAI conference on artificial intelligence, pp 2005–2012
Ding J, Quan Y, He X, Li Y, Jin D (2019) Reinforced negative sampling for recommendation with exposure data. In: Proceedings of the 28th international joint conference on artificial intelligence (IJCAI), pp 2230–2236
He X, Liao L, Zhang H, Nie L, Hu X, Chua T (2017) Neural collaborative filtering. In: Proceedings of the 26th international conference on world wide web, pp 173–182
He X, He Z, Song J, Liu Z, Jiang YG, Chua TS (2018) Nais: Neural attentive item similarity model for recommendation. IEEE Trans Knowl Data Eng 30(12):2354–2366
Wang X, He X, Wang M, Feng F, Chua T (2019) Neural graph collaborative filtering. In: Proceedings of the 42nd international ACM SIGIR conference on research and development in information retrieval, pp 165–174
Sarwar B, Karypis G, Konstan J, Riedl J (2001) Item-based collaborative filtering recommendation algorithms. In: Proceedings of the 10th international world wide web conference (WWW), pp 285–295
Koren Y (2008) Factorization meets the neighborhood: a multifaceted collaborative filtering model. In: Proceedings of the 14th ACM SIGKDD international conference on knowledge discovery and data mining, pp 426–434
Christakopoulou E, Karypis G (2018) Local latent space models for top-n recommendation. In: Proceedings of the 24th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, 1235-1243
Ning X, Karypis G (2011) Slim: sparse linear methods for top-n recommender systems. In: 2011 IEEE 11th international conference on data mining, pp 497–506
Christakopoulou E, Karypis G (2016) Local item-item models for top-n recommendation. In: Proceedings of the 10th ACM conference on recommender systems, pp 67–74
Kabbur S, Ning X, Karypis G (2013) Fism: factored item similarity models for top-n recommender systems. In: The 19th ACM SIGKDD international conference on knowledge discovery and data mining (KDD), pp 659–667
Christakopoulou E, Karypis G (2014) Hoslim: Higher-order sparse linear method for top-n recommender systems. In: Pacific-Asia conference on knowledge discovery and data mining, pp 38–49
Huang L, Joseph AD, Nelson B, Rubinstein BI, Tygar JD (2011) Adversarial machine learning. In: Proceedings of the 4th ACM workshop on security and artificial intelligence, pp 43–58
Akhtar N, Mian AS (2018) Threat of adversarial attacks on deep learning in computer vision: a survey. IEEE Access 6:14410–14430
Zhang W, Sheng Q, Alhazmi AA, Li C (2020) Adversarial attacks on deep-learning models in natural language processing: a survey. ACM Trans Intell Syst Technol 11(3):41
Deldjoo Y, Noia TD, Merra FA (2020) Adversarial machine learning in recommender systems (aml-recsys). In: The thirteenth ACM international conference on web search and data mining, pp 869–872
Madry A, et al (2018) Towards deep learning models resistant to adversarial attacks. In: Proceedings of the 35th international conference on machine learning, pp 297–306
Carlini N, Wagner DA (2017) Towards evaluating the robustness of neural networks. In: IEEE symposium on security and privacy, pp 39–57
Yuan X et al (2019) Adversarial examples: attacks and defenses for deep learning. IEEE Trans Neural Netw Learn Syst 30(9):2805–2824
Agyemang P, Wu Z, Luo K, Ma Y, Fang L (2023) Robust multimedia recommender system based on dynamic collaborative filtering and directed adversarial learning. Int J Mach Learn Cybern, pp 1–15. https://doi.org/10.1007/s13042-023-01868-9
Agyemang P, Zhao X, Fang L, Wu Z (2022) Ownership recommendation via iterative adversarial training. Neural Process Lett 54(1):637–655
Wang Q, Yin H, Hu Z, Lian D, Wang H, Huang Z (2018) Neural memory streaming recommender networks with adversarial training. In: Proceedings of the 24th ACM SIGKDD international conference on knowledge discovery and data mining, pp 2467–2475
Chae DK, Kang JS, Kim SW, Choi J (2019) Rating augmentation with generative adversarial networks towards accurate collaborative filtering. In: The World wide web conference, pp 2616–2622
Du Y, Fang M, Yi J, Xu C, Cheng J, Tao D (2018) Enhancing the robustness of neural collaborative filtering systems under malicious attacks. IEEE Trans Multimedia 21(3):555–565
Sun Z, Wu B, Hu S, Zhang M, Ye Y (2023) Attentive adversarial collaborative filtering. IEEE Trans Syst Man Cybern: Syst 53(7):4064–4076
Chae DK, Kang JS, Kim SW, Lee JT (2018) Cfgan: a generic collaborative filtering framework based on generative adversarial networks. In: Proceedings of the 27th ACM international conference on information and knowledge management, pp 137–146
Acknowledgements
This research was supported by Zhejiang Provincial Natural Science Foundation of China under Grant No. LZ22F010005.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no Conflict of interest.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Paul, A., Wan, Y., Wu, Z. et al. Deep recommendation with iteration directional adversarial training. Computing 106, 3151–3174 (2024). https://doi.org/10.1007/s00607-024-01326-6
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00607-024-01326-6