Abstract
In recent years, studies have revealed that introducing knowledge graphs (KGs) into recommendation systems as auxiliary information can improve recommendation accuracy. However, KGs are usually based on third-party data that may be manipulated by malicious individuals. In this study, we developed a poisoning attack strategy applied on a KG-based recommendation system to analyze the influence of fake links. The aim of an attacker is to recommend specific products to improve their visibility. Most related studies have focused on adversarial attacks on graph data; KG-based recommendation systems have rarely been discussed. We propose an attack model corresponding to recommendations. In the model, the current recommended status and a specified item are analyzed to estimate the effects of different attack decisions (addition or deletion of facts), thereby generating the optimal attack combination. Finally, the KG is contaminated by the attack combination so that the trained recommendation model recommends a specific item to as many people as possible. We formulated the process into a deep reinforcement learning method. Conducting experiments on the movie and the fund data sets enabled us to systematically analyze our poisoning attack strategy. The experimental results proved that the proposed strategy can effectively improve an item’s ranking in a recommendation list.
Similar content being viewed by others
References
Mnih V, Kavukcuoglu K, Silver D, Rusu AA, Veness J, Bellemare MG, Graves A, Riedmiller M, Fidjeland AK, Ostrovski G et al (2015) Human-level control through deep reinforcement learning. Nature 518:529–533
Harper F Maxwell, Konstan Joseph A (2015) The movielens datasets: history and context. ACM Trans Interact Intell Syst (TiiS) 5:1–19
Wang Q, Mao Z, Wang B, Guo L (2017) Knowledge graph embedding: a survey of approaches and applications. IEEE Trans Knowl Data Eng 29:2724–2743
Ji S, Pan S, Cambria E, Marttinen P, Yu Philip S (2020) A survey on knowledge graphs: representation, acquisition and applications. arXiv preprint arXiv:2002.00388
Bordes A, Usunier N, Garcia-Duran A, Weston J, Yakhnenko O (2013) Translating embeddings for modeling multi-relational data. In NIPS, pp 2787–2795
Trouillon T, Welbl J, Riedel S, Gaussier É, Bouchard G (2016) Complex embeddings for simple link prediction. In: Proceedings of the 33nd international conference on machine learning (ICML), pp 2071–2080
Liu Q, Jiang H, Evdokimov A, Ling Z-H, Zhu X, Wei S, Hu Y (2016) Probabilistic reasoning via deep learning: neural association models. arXiv preprint arXiv:1603.07704
Bai X, Wang M, Lee I, Yang Z, Kong X, Xia F (2020) Scientific paper recommendation: a survey. arXiv e-prints
Zhang S, Yao L, Sun A, Tay Y (2019) Deep learning based recommender system: a survey and new perspectives. ACM Comput Surv (CSUR) 52:1–38
Zhang L, Luo T, Zhang F, Wu Y (2018) A recommendation model based on deep neural network. IEEE Access 6:9454–9463
He X, Liao L, Zhang H, Nie L, Hu X, Chua TS (2017) Neural collaborative filtering. In Proceedings of the 26th international conference on world wide web, pp 173–182
Hidasi B, Karatzoglou A, Baltrunas L, Tikk D (2016) Session-based recommendations with recurrent neural networks. In: 4th International conference on learning representations (ICLR)
Quadrana M, Karatzoglou A, Hidasi B, Cremonesi P (2017) Personalizing session-based recommendations with hierarchical recurrent neural networks. In: Proceedings of the eleventh ACM conference on recommender systems, pp 130–137
He S, Zhang M, Fang H, Liu F, Luan X, Ding Z (2020) Reinforcement learning and adaptive optimization of a class of Markov jump systems with completely unknown dynamic information. Neural Comput Appl 32(18):14311–14320
Liu F, Tang R, Li X, Zhang W, Ye Y, Chen H, Guo H, Zhang Y (2018) Deep reinforcement learning based recommendation with explicit user-item interactions modeling. arXiv preprint arXiv:1810.12027
Zhao X, Gu C, Zhang H, Liu X, Yang X, Tang J (2019) Deep reinforcement learning for online advertising in recommender systems. arXiv preprint arXiv:1909.03602
Zhao W, Wu R, Liu H (2016) Paper recommendation based on the knowledge gap between a researcher’s background knowledge and research target. Inf Process Manag 52:976–988
Xia F, Liu H, Lee I, Cao L (2016) Scientific article recommendation: exploiting common author relations and historical preferences. IEEE Trans Big Data 2:101–112
Huang Z, Chung W, Ong T-H, Chen H (2002) A graph-based recommender system for digital library. In: Proceedings of the 2nd ACM/IEEE-CS joint conference on digital libraries, place, pp 65–73
Guo Q, Zhuang F, Qin C, Zhu H, Xie X, Xiong H, He Q (2020) A survey on knowledge graph-based recommender systems. arXiv preprint arXiv:2003.00911
Di Noia T, Ostuni VC, Tomeo P, Di Sciascio E (2016) Sprank: semantic path-based ranking for top-n recommendations using linked open data. ACM Trans Intell Syst Technol (TIST) 8:1–34
Zhang Y, Ai Q, Chen X, Wang P (2018) Learning over knowledge-base embeddings for recommendation. arXiv preprint arXiv:1803.06540
He R, Kang W-C, McAuley J (2017) Translation-based recommendation. In: Proceedings of the eleventh ACM conference on recommender systems, pp 161–169
Wang H, Zhang F, Wang J, Zhao M, Li W, Xie X, Guo M (2018) Ripplenet: propagating user preferences on the knowledge graph for recommender systems. In: Proceedings of the 27th ACM international conference on information and knowledge management (CIKM), pp 417–426
Wang H, Zhang F, Zhao M, Li W, Xie X, Guo M (2019) Multi-task feature learning for knowledge graph enhanced recommendation. In: The World Wide Web conference, pp 2000–2010
Wang H, Zhao M, Xie X, Li W, Guo M (2019) Knowledge graph convolutional networks for recommender systems. In: The World Wide Web conference, pp 3307–3313
Zhenzhen X, Jiang H, Kong X, Kang J, Wang W, Xia Feng (2016) Cross-domain item recommendation based on user similarity. Comput Sci Inf Syst 13:359–373
Niu J, Wang L, Liu X, Yu S (2016) FUIR: fusing user and item information to deal with data sparsity by using side information in recommendation systems. J Netw Comput Appl 70:41–50
Goodfellow I, Pouget-Abadie J, Mirza M, Xu B, Warde-Farley D, Ozair S, Courville A, Bengio Y (2014) Generative adversarial nets. Adv Neural Inf Process Syst pp 2672–2680
Xie Q, Hovy E, Luong M-T, Le QV, (2020) Self-training with noisy student improves ImageNet classification. In: 2020 IEEE/CVF conference on computer vision and pattern recognition (CVPR), pp 10684–10695
Chivukula AS, Liu W (2019) Adversarial deep learning models with multiple adversaries. IEEE Trans Knowl Data Eng 31:1066–1079
Szegedy C, Zaremba W, Sutskever I, Bruna J, Erhan D, Goodfellow I, Fergus R (2014) Intriguing properties of neural networks. In: 2nd International conference on learning representations (ICLR)
Goodfellow IJ, Shlens J, Szegedy C (2015) Explaining and harnessing adversarial examples. In: 3rd International conference on learning representations (ICLR)
Shafahi A, Huang WR, Najibi M, Suciu O, Studer C, Dumitras T, Goldstein T (2018) Poison frogs! Targeted clean- label poisoning attacks on neural networks. In Proceedings of the 32nd Conference on Neural Information Processing Systems, Montreal, Canada, pp 6103–6113
Carlini N, Wagner D (2017) Towards evaluating the robustness of neural networks. In: 2017 IEEE symposium on security and privacy (SP), pp 39–57
Athalye A, Engstrom L, Ilyas A, Kwok K (2018) Synthesizing robust adversarial examples. In: Proceedings of the 35th international conference on machine learning (ICML), pp 284–293
Sharif M, Bhagavatula S, Bauer L, Reiter MK (2016) Accessorize to a crime: real and stealthy attacks on state-of-the-art face recognition. In: Proceedings of the 2016 ACM sigsac conference on computer and communications security, pp 1528–1540
Sun L, Wang J, Yu PS, Li B (2018) Adversarial attack and defense on graph data: a survey. arXiv preprint arXiv:1812.10528
Jin W, Li Y, Xu H, Wang Y, Tang J (2020) Adversarial attacks and defenses on graphs: a review and empirical study. arXiv preprint arXiv:2003.00653
Bojchevski A, Günnemann S (2019) Adversarial attacks on node embeddings via graph poisoning. In: Proceedings of the 36th international conference on machine learning (ICML), pp 695–704
Chen Y, Nadji Y, Kountouras A, Monrose F, Perdisci R, Antonakakis M, Vasiloglou N (2017) Practical attacks against graph-based clustering. In: Proceedings of the 2017 ACM SIGSAC conference on computer and communications security, pp 1125–1142
Chen J, Shi Z, Wu Y, Xu X, Zheng H (2018) Link prediction adversarial attack. arXiv preprint arXiv:1810.01110
Zügner D, Akbarnejad A, Günnemann S (2018) Adversarial attacks on neural networks for graph data. In: Proceedings of the 24th ACM SIGKDD international conference on knowledge discovery & data mining, pp 2847–2856
Kipf TN, Welling M (2017) Semi-supervised classification with graph convolutional networks. In: 5th International conference on learning representations (ICLR)
Dai H, Li H, Tian T, Huang X, Wang L, Zhu J, Song L (2018) Adversarial attack on graph structured data. In: Proceedings of the 35th international conference on machine learning (ICML), pp 1123–1132
Zhang H, Zheng T, Gao J, Miao C, Su L, Li Y, Ren K (2019) Data poisoning attack against knowledge graph embedding. In: Proceedings of the 28th international joint conference on artificial intelligence (IJCAI), pp 4853–4859
Xian X, Wu T, Qiao S, Wang W, Wang C, Liu Y, Xu G (2021) DeepEC: Adversarial attacks against graph structure prediction models. Neurocomputing 437:168–185
Chen L, Xu Y, Xie F, Huang M, Zheng Z (2021) Data poisoning attacks on neighborhood-based recommender systems. Trans Emerg Telecommun Technol 32(6):e3872
Huang H, Mu J, Gong NZ, Li Q, Liu B, Xu M(2021) Data poisoning attacks to deep learning based recommender systems. arXiv preprint arXiv:2101.02644
Fang M, Yang G, Gong NZ, Liu J (2018) Poisoning attacks to graph-based recommender systems. In: Proceedings of the 34th annual computer security applications conference, pp 381–392
Tang J, Du X, He X, Yuan F, Tian Q, Chua T-S (2019) Adversarial training towards robust multimedia recommender system. IEEE Trans Knowl Data Eng 32:855–867
Anelli VW, Deldjoo Y, Noia T Di, Di Sciascio E, Merra FA. Semantics-aware shilling attacks against collaborative recommender systems via knowledge graphs
Tang J, Wen H, Wang K (2020) Revisiting adversarially learned injection attacks against recommender systems. In: Fourteenth ACM conference on recommender systems, pp 318–327
Fang M, Gong NZ, Liu J (2020) Influence function based data poisoning attacks to top-n recommender systems. In: Proceedings of the web conference 2020, pp 3019–3025
Acknowledgements
This work was supported in part by the Ministry of Science and Technology, Taiwan, under Contract MOST 110-2221-E-A49 -101 and Contract MOST 110-2622-8-009 -014 -TM1; and in part by the Financial Technology (FinTech) Innovation Research Center, National Yang Ming Chiao Tung University.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
All authors certify that they have no affiliations with or involvement in any organization or entity with any financial interest or non-financial interest in the subject matter or materials discussed in this manuscript.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Wu, ZW., Chen, CT. & Huang, SH. Poisoning attacks against knowledge graph-based recommendation systems using deep reinforcement learning. Neural Comput & Applic 34, 3097–3115 (2022). https://doi.org/10.1007/s00521-021-06573-8
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00521-021-06573-8