Meet trick with trick: Revealing collusion intentions in highly concealed poisoning behavior
Author Identifier (ORCID)
Jianxin Li: https://orcid.org/0000-0002-9059-330X
Abstract
Recommender systems (RSs), as a high data-driven application, have been extensively developed and widely deployed in various web services, in order to help users locate products or services that they may be interested in. Meanwhile, the openness and vulnerability of RSs have given rise to the development of data poisoning attacks. However, defending these evolving threats presents potential challenges: (a) faced with highly concealed or small-scale data poisoning, the attack behavior is very difficult to characterize; (b) the identification area of attack target is difficult to be determined for highly concealed injection attacks; and (c) the prior knowledge for detecting fake injection attacks in real scenarios is very limited. Complementary to existing works, this paper proposes METT, a divide-and-conquer detection method that addresses these fundamental yet underexplored issues. We first propose to exploit causality inference based on both group-level and individual-level unfairness sequences to enhance the reliability of user-item symbiotic associations. We then develop a novel method for early detection of attack target, named ideaT. Finally, we further discriminate fake injections using a disturbance tolerance mechanism in ambiguous boundaries of behavior. Extensive experiments based on synthetic and real data demonstrate that METT outperforms competing baselines in different cases. Specifically, METT can reduce the false alarm rate (FAR) by an average of 21% for detecting S-attacks, an average of 18% for detecting profile injection attacks, an average of 26% for detecting reverse attacks, and an average of 17% for detecting optimal-injection attacks compared with competing benchmarks. Moreover, METT also has an average advantage of 10% and 20% in FARs for spotting hybrid promotion and demotion attacks, respectively. According to prior knowledge learned from synthetic data, additionally, we discover interesting findings on real data, such as suspicious duplicate behavior, benign users with duplicate behavior, and identified shilling behavior. Importantly, we reveal that the specificities of data poisoning attacks or fake injections in real-world scenarios entail important implications from a defense perspective.
Document Type
Journal Article
Date of Publication
1-1-2025
Publication Title
IEEE Transactions on Dependable and Secure Computing
Publisher
IEEE
School
School of Business and Law
RAS ID
88258
Copyright
subscription content
Comments
Yang, Z., Feng, Y., Li, J., Wang, P., & Liu, Z. (2025). Meet trick with trick: Revealing collusion intentions in highly concealed poisoning behavior. IEEE Transactions on Dependable and Secure Computing. Advance online publication. https://doi.org/10.1109/TDSC.2025.3613425