Abstract
Recommender systems (RSs), as crucial components of online services, can help users efficiently obtain information they may like. In reality, RSs face long-term threats. Attackers manipulate recommendation results by injecting malicious data in order to obtain benefits. At present, research on the security of RSs lacks a comprehensive understanding of attack capabilities. Moreover, existing defense strategies have not yet been systematically associated with attack characteristics. More importantly, existing defense methods rarely focus on real unlabeled data in practical application scenarios for anomaly detection and forensics. Therefore, this survey systematically analyzes the security of RSs and provides new insights. Specifically, we first categorize attack models from an attack perspective into: attack strategies based on targets, attack strategies against security and privacy, attack strategies based on prior knowledge, and attack strategies against other RSs. From a perspective of defense, existing detection models, second, can be divided into: behavioral representation based on statistics, detection based on hidden features, detection against privacy attacks, anomaly discovery based on association mining, and abnormality forensics for real-world data. Finally, we propose several potential research directions aimed at providing guidance for the security research of RSs.
Document Type
Journal Article
Date of Publication
1-1-2026
Volume
38
Issue
2
Publication Title
IEEE Transactions on Knowledge and Data Engineering
Publisher
IEEE
School
School of Business and Law
Funders
National Natural Science Foundation of China (62172331) / Fundamental Research Funds for the Central Universities (300102404301)
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
First Page
889
Last Page
910
Comments
Feng, Y., Yang, Z., Li, K., Li, J., Wang, P., & Liu, Z. (2025). Attacks and detections in recommender systems: A comprehensive analysis for models, progresses, and trends. IEEE Transactions on Knowledge and Data Engineering, 38(2), 889–910. https://doi.org/10.1109/TKDE.2025.3639434