Archivio istituzionale della ricerca dell'Università degli Studi di Palermo

Recommender systems have become pivotal in modern digital platforms, guiding user choices and driving engagement. However, their widespread adoption has also made them a prime target for adversarial attacks, especially data poisoning attacks that subtly manipulate recommendations. Existing approaches often generate unrealistic fake profiles, making them vulnerable to detection by anomaly-based defenses. In this paper, we propose a novel, model-Agnostic poisoning framework that combines contrastive learning and reinforcement learning with Proximal Policy Optimization (PPO) to craft highly realistic fake profiles derived from cross-domain user data. By interacting exclusively with a surrogate recommender trained on a compatible domain, our framework identifies and fine-Tunes influential user profiles to maximize the impact on a black-box target system. Our experimental evaluation on real-world datasets shows that our approach successfully promotes target items across diverse recommendation models with minimal injection effort, outperforming baseline strategies.

Agate, V., Lo Re, G., Morana, M., Virga, A. (2025). Model-Agnostic Poisoning Attacks on Recommender Systems via PPO. In International Conference on Wireless and Mobile Computing, Networking and Communications (pp. 1-6). IEEE Computer Society [10.1109/WiMob66857.2025.11257522].

Model-Agnostic Poisoning Attacks on Recommender Systems via PPO

Agate V.
;Lo Re G.;Morana M.;Virga A.
2025-12-01

Abstract

Recommender systems have become pivotal in modern digital platforms, guiding user choices and driving engagement. However, their widespread adoption has also made them a prime target for adversarial attacks, especially data poisoning attacks that subtly manipulate recommendations. Existing approaches often generate unrealistic fake profiles, making them vulnerable to detection by anomaly-based defenses. In this paper, we propose a novel, model-Agnostic poisoning framework that combines contrastive learning and reinforcement learning with Proximal Policy Optimization (PPO) to craft highly realistic fake profiles derived from cross-domain user data. By interacting exclusively with a surrogate recommender trained on a compatible domain, our framework identifies and fine-Tunes influential user profiles to maximize the impact on a black-box target system. Our experimental evaluation on real-world datasets shows that our approach successfully promotes target items across diverse recommendation models with minimal injection effort, outperforming baseline strategies.
dic-2025
Settore IINF-05/A - Sistemi di elaborazione delle informazioni
9798350392814
https://dx.doi.org/10.1109/WiMob66857.2025.11257522
Agate, V., Lo Re, G., Morana, M., Virga, A. (2025). Model-Agnostic Poisoning Attacks on Recommender Systems via PPO. In International Conference on Wireless and Mobile Computing, Networking and Communications (pp. 1-6). IEEE Computer Society [10.1109/WiMob66857.2025.11257522].
File in questo prodotto:
File Dimensione Formato  
paper+toc.pdf

Solo gestori archvio

Descrizione: paper + TOC
Tipologia: Versione Editoriale
Dimensione 2.11 MB
Formato Adobe PDF
  Visualizza/Apri   Richiedi una copia
2.11 MB Adobe PDF   Visualizza/Apri   Richiedi una copia

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/10447/700483
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 0
  • ???jsp.display-item.citation.isi??? ND
social impact