Skip to main content
SpringerLink
Log in

Poisoning attacks against knowledge graph-based recommendation systems using deep reinforcement learning

  • Original Article
  • Published:
Neural Computing and Applications Aims and scope Submit manuscript

Abstract

In recent years, studies have revealed that introducing knowledge graphs (KGs) into recommendation systems as auxiliary information can improve recommendation accuracy. However, KGs are usually based on third-party data that may be manipulated by malicious individuals. In this study, we developed a poisoning attack strategy applied on a KG-based recommendation system to analyze the influence of fake links. The aim of an attacker is to recommend specific products to improve their visibility. Most related studies have focused on adversarial attacks on graph data; KG-based recommendation systems have rarely been discussed. We propose an attack model corresponding to recommendations. In the model, the current recommended status and a specified item are analyzed to estimate the effects of different attack decisions (addition or deletion of facts), thereby generating the optimal attack combination. Finally, the KG is contaminated by the attack combination so that the trained recommendation model recommends a specific item to as many people as possible. We formulated the process into a deep reinforcement learning method. Conducting experiments on the movie and the fund data sets enabled us to systematically analyze our poisoning attack strategy. The experimental results proved that the proposed strategy can effectively improve an item’s ranking in a recommendation list.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

References

  1. Mnih V, Kavukcuoglu K, Silver D, Rusu AA, Veness J, Bellemare MG, Graves A, Riedmiller M, Fidjeland AK, Ostrovski G et al (2015) Human-level control through deep reinforcement learning. Nature 518:529–533

    Article  Google Scholar 

  2. Harper F Maxwell, Konstan Joseph A (2015) The movielens datasets: history and context. ACM Trans Interact Intell Syst (TiiS) 5:1–19

    Google Scholar 

  3. Wang Q, Mao Z, Wang B, Guo L (2017) Knowledge graph embedding: a survey of approaches and applications. IEEE Trans Knowl Data Eng 29:2724–2743

    Article  Google Scholar 

  4. Ji S, Pan S, Cambria E, Marttinen P, Yu Philip S (2020) A survey on knowledge graphs: representation, acquisition and applications. arXiv preprint arXiv:2002.00388

  5. Bordes A, Usunier N, Garcia-Duran A, Weston J, Yakhnenko O (2013) Translating embeddings for modeling multi-relational data. In NIPS, pp 2787–2795

  6. Trouillon T, Welbl J, Riedel S, Gaussier É, Bouchard G (2016) Complex embeddings for simple link prediction. In: Proceedings of the 33nd international conference on machine learning (ICML), pp 2071–2080

  7. Liu Q, Jiang H, Evdokimov A, Ling Z-H, Zhu X, Wei S, Hu Y (2016) Probabilistic reasoning via deep learning: neural association models. arXiv preprint arXiv:1603.07704

  8. Bai X, Wang M, Lee I, Yang Z, Kong X, Xia F (2020) Scientific paper recommendation: a survey. arXiv e-prints

  9. Zhang S, Yao L, Sun A, Tay Y (2019) Deep learning based recommender system: a survey and new perspectives. ACM Comput Surv (CSUR) 52:1–38

    Article  Google Scholar 

  10. Zhang L, Luo T, Zhang F, Wu Y (2018) A recommendation model based on deep neural network. IEEE Access 6:9454–9463

    Article  Google Scholar 

  11. He X, Liao L, Zhang H, Nie L, Hu X, Chua TS (2017) Neural collaborative filtering. In Proceedings of the 26th international conference on world wide web, pp 173–182

  12. Hidasi B, Karatzoglou A, Baltrunas L, Tikk D (2016) Session-based recommendations with recurrent neural networks. In: 4th International conference on learning representations (ICLR)

  13. Quadrana M, Karatzoglou A, Hidasi B, Cremonesi P (2017) Personalizing session-based recommendations with hierarchical recurrent neural networks. In: Proceedings of the eleventh ACM conference on recommender systems, pp 130–137

  14. He S, Zhang M, Fang H, Liu F, Luan X, Ding Z (2020) Reinforcement learning and adaptive optimization of a class of Markov jump systems with completely unknown dynamic information. Neural Comput Appl 32(18):14311–14320

    Article  Google Scholar 

  15. Liu F, Tang R, Li X, Zhang W, Ye Y, Chen H, Guo H, Zhang Y (2018) Deep reinforcement learning based recommendation with explicit user-item interactions modeling. arXiv preprint arXiv:1810.12027

  16. Zhao X, Gu C, Zhang H, Liu X, Yang X, Tang J (2019) Deep reinforcement learning for online advertising in recommender systems. arXiv preprint arXiv:1909.03602

  17. Zhao W, Wu R, Liu H (2016) Paper recommendation based on the knowledge gap between a researcher’s background knowledge and research target. Inf Process Manag 52:976–988

  18. Xia F, Liu H, Lee I, Cao L (2016) Scientific article recommendation: exploiting common author relations and historical preferences. IEEE Trans Big Data 2:101–112

    Article  Google Scholar 

  19. Huang Z, Chung W, Ong T-H, Chen H (2002) A graph-based recommender system for digital library. In: Proceedings of the 2nd ACM/IEEE-CS joint conference on digital libraries, place, pp 65–73

  20. Guo Q, Zhuang F, Qin C, Zhu H, Xie X, Xiong H, He Q (2020) A survey on knowledge graph-based recommender systems. arXiv preprint arXiv:2003.00911

  21. Di Noia T, Ostuni VC, Tomeo P, Di Sciascio E (2016) Sprank: semantic path-based ranking for top-n recommendations using linked open data. ACM Trans Intell Syst Technol (TIST) 8:1–34

    Article  Google Scholar 

  22. Zhang Y, Ai Q, Chen X, Wang P (2018) Learning over knowledge-base embeddings for recommendation. arXiv preprint arXiv:1803.06540

  23. He R, Kang W-C, McAuley J (2017) Translation-based recommendation. In: Proceedings of the eleventh ACM conference on recommender systems, pp 161–169

  24. Wang H, Zhang F, Wang J, Zhao M, Li W, Xie X, Guo M (2018) Ripplenet: propagating user preferences on the knowledge graph for recommender systems. In: Proceedings of the 27th ACM international conference on information and knowledge management (CIKM), pp 417–426

  25. Wang H, Zhang F, Zhao M, Li W, Xie X, Guo M (2019) Multi-task feature learning for knowledge graph enhanced recommendation. In: The World Wide Web conference, pp 2000–2010

  26. Wang H, Zhao M, Xie X, Li W, Guo M (2019) Knowledge graph convolutional networks for recommender systems. In: The World Wide Web conference, pp 3307–3313

  27. Zhenzhen X, Jiang H, Kong X, Kang J, Wang W, Xia Feng (2016) Cross-domain item recommendation based on user similarity. Comput Sci Inf Syst 13:359–373

    Article  Google Scholar 

  28. Niu J, Wang L, Liu X, Yu S (2016) FUIR: fusing user and item information to deal with data sparsity by using side information in recommendation systems. J Netw Comput Appl 70:41–50

    Article  Google Scholar 

  29. Goodfellow I, Pouget-Abadie J, Mirza M, Xu B, Warde-Farley D, Ozair S, Courville A, Bengio Y (2014) Generative adversarial nets. Adv Neural Inf Process Syst pp 2672–2680

  30. Xie Q, Hovy E, Luong M-T, Le QV, (2020) Self-training with noisy student improves ImageNet classification. In: 2020 IEEE/CVF conference on computer vision and pattern recognition (CVPR), pp 10684–10695

  31. Chivukula AS, Liu W (2019) Adversarial deep learning models with multiple adversaries. IEEE Trans Knowl Data Eng 31:1066–1079

    Article  Google Scholar 

  32. Szegedy C, Zaremba W, Sutskever I, Bruna J, Erhan D, Goodfellow I, Fergus R (2014) Intriguing properties of neural networks. In: 2nd International conference on learning representations (ICLR)

  33. Goodfellow IJ, Shlens J, Szegedy C (2015) Explaining and harnessing adversarial examples. In: 3rd International conference on learning representations (ICLR)

  34. Shafahi A, Huang WR, Najibi M, Suciu O, Studer C, Dumitras T, Goldstein T (2018) Poison frogs! Targeted clean- label poisoning attacks on neural networks. In Proceedings of the 32nd Conference on Neural Information Processing Systems, Montreal, Canada, pp 6103–6113

  35. Carlini N, Wagner D (2017) Towards evaluating the robustness of neural networks. In: 2017 IEEE symposium on security and privacy (SP), pp 39–57

  36. Athalye A, Engstrom L, Ilyas A, Kwok K (2018) Synthesizing robust adversarial examples. In: Proceedings of the 35th international conference on machine learning (ICML), pp 284–293

  37. Sharif M, Bhagavatula S, Bauer L, Reiter MK (2016) Accessorize to a crime: real and stealthy attacks on state-of-the-art face recognition. In: Proceedings of the 2016 ACM sigsac conference on computer and communications security, pp 1528–1540

  38. Sun L, Wang J, Yu PS, Li B (2018) Adversarial attack and defense on graph data: a survey. arXiv preprint arXiv:1812.10528

  39. Jin W, Li Y, Xu H, Wang Y, Tang J (2020) Adversarial attacks and defenses on graphs: a review and empirical study. arXiv preprint arXiv:2003.00653

  40. Bojchevski A, Günnemann S (2019) Adversarial attacks on node embeddings via graph poisoning. In: Proceedings of the 36th international conference on machine learning (ICML), pp 695–704

  41. Chen Y, Nadji Y, Kountouras A, Monrose F, Perdisci R, Antonakakis M, Vasiloglou N (2017) Practical attacks against graph-based clustering. In: Proceedings of the 2017 ACM SIGSAC conference on computer and communications security, pp 1125–1142

  42. Chen J, Shi Z, Wu Y, Xu X, Zheng H (2018) Link prediction adversarial attack. arXiv preprint arXiv:1810.01110

  43. Zügner D, Akbarnejad A, Günnemann S (2018) Adversarial attacks on neural networks for graph data. In: Proceedings of the 24th ACM SIGKDD international conference on knowledge discovery & data mining, pp 2847–2856

  44. Kipf TN, Welling M (2017) Semi-supervised classification with graph convolutional networks. In: 5th International conference on learning representations (ICLR)

  45. Dai H, Li H, Tian T, Huang X, Wang L, Zhu J, Song L (2018) Adversarial attack on graph structured data. In: Proceedings of the 35th international conference on machine learning (ICML), pp 1123–1132

  46. Zhang H, Zheng T, Gao J, Miao C, Su L, Li Y, Ren K (2019) Data poisoning attack against knowledge graph embedding. In: Proceedings of the 28th international joint conference on artificial intelligence (IJCAI), pp 4853–4859

  47. Xian X, Wu T, Qiao S, Wang W, Wang C, Liu Y, Xu G (2021) DeepEC: Adversarial attacks against graph structure prediction models. Neurocomputing 437:168–185

    Article  Google Scholar 

  48. Chen L, Xu Y, Xie F, Huang M, Zheng Z (2021) Data poisoning attacks on neighborhood-based recommender systems. Trans Emerg Telecommun Technol 32(6):e3872

    Google Scholar 

  49. Huang H, Mu J, Gong NZ, Li Q, Liu B, Xu M(2021) Data poisoning attacks to deep learning based recommender systems. arXiv preprint arXiv:2101.02644

  50. Fang M, Yang G, Gong NZ, Liu J (2018) Poisoning attacks to graph-based recommender systems. In: Proceedings of the 34th annual computer security applications conference, pp 381–392

  51. Tang J, Du X, He X, Yuan F, Tian Q, Chua T-S (2019) Adversarial training towards robust multimedia recommender system. IEEE Trans Knowl Data Eng 32:855–867

    Article  Google Scholar 

  52. Anelli VW, Deldjoo Y, Noia T Di, Di Sciascio E, Merra FA. Semantics-aware shilling attacks against collaborative recommender systems via knowledge graphs

  53. Tang J, Wen H, Wang K (2020) Revisiting adversarially learned injection attacks against recommender systems. In: Fourteenth ACM conference on recommender systems, pp 318–327

  54. Fang M, Gong NZ, Liu J (2020) Influence function based data poisoning attacks to top-n recommender systems. In: Proceedings of the web conference 2020, pp 3019–3025

Download references

Acknowledgements

This work was supported in part by the Ministry of Science and Technology, Taiwan, under Contract MOST 110-2221-E-A49 -101 and Contract MOST 110-2622-8-009 -014 -TM1; and in part by the Financial Technology (FinTech) Innovation Research Center, National Yang Ming Chiao Tung University.

Author information

Authors and Affiliations

  1. Institute of Information Management, National Yang Ming Chiao Tung University, Hsinchu, Taiwan, 30010

    Zih-Wun Wu

  2. Department of Computer Science, National Yang Ming Chiao Tung University, Hsinchu, Taiwan, 30010

    Chiao-Ting Chen

  3. Department of Information Management and Finance, National Yang Ming Chiao Tung University, Hsinchu, Taiwan, 30010

    Szu-Hao Huang

Authors
  1. Zih-Wun Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chiao-Ting Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Szu-Hao Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Szu-Hao Huang.

Ethics declarations

Conflict of interest

All authors certify that they have no affiliations with or involvement in any organization or entity with any financial interest or non-financial interest in the subject matter or materials discussed in this manuscript.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Wu, ZW., Chen, CT. & Huang, SH. Poisoning attacks against knowledge graph-based recommendation systems using deep reinforcement learning. Neural Comput & Applic 34, 3097–3115 (2022). https://doi.org/10.1007/s00521-021-06573-8

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00521-021-06573-8

Keywords

Search

Navigation