ABSTRACT
Deep learning-based recommender systems have become an integral part of several online platforms. However, their black-box nature emphasizes the need for explainable artificial intelligence (XAI) approaches to provide human-understandable reasons why a specific item gets recommended to a given user. One such method is counterfactual explanation (CF). While CFs can be highly beneficial for users and system designers, malicious actors may also exploit these explanations to undermine the system's security.
In this work, we propose H-CARS, a novel strategy to poison recommender systems via CFs. Specifically, we first train a logical-reasoning-based surrogate model on training data derived from counterfactual explanations. By reversing the learning process of the recommendation model, we thus develop a proficient greedy algorithm to generate fabricated user profiles and their associated interaction records for the aforementioned surrogate model. Our experiments, which employ a well-known CF generation method and are conducted on two distinct datasets, show that H-CARS yields significant and successful attack performance.
- Ulrich Aïvodji, Alexandre Bolot, and Sébastien Gambs. 2020. Model Extraction from Counterfactual Explanations. arXiv preprint arXiv:2009.01884 (2020).Google Scholar
- Hanxiong Chen, Shaoyun Shi, Yunqi Li, and Yongfeng Zhang. 2021. Neural Collaborative Reasoning. In Proc. of TheWebConf '21. 1516--1527.Google ScholarDigital Library
- Ziheng Chen, Fabrizio Silvestri, Jia Wang, Yongfeng Zhang, Zhenhua Huang, Hongshik Ahn, and Gabriele Tolomei. 2022. GREASE: Generate Factual and Counterfactual Explanations for GNN-based Recommendations. arXiv preprint arXiv:2208.04222 (2022).Google Scholar
- Ziheng Chen, Fabrizio Silvestri, Jia Wang, He Zhu, Hongshik Ahn, and Gabriele Tolomei. 2022. ReLAX: Reinforcement Learning Agent Explainer for Arbitrary Predictive Models. In Proc. of CIKM '22. ACM, 252--261.Google Scholar
- Vasisht Duddu and Antoine Boutet. 2022. Inferring Sensitive Attributes from Model Explanations. In Proc. of CIKM '22. ACM, 416--425.Google ScholarDigital Library
- Songyang Han, Sanbao Su, Sihong He, Shuo Han, Haizhao Yang, and Fei Miao. 2022. What is the Solution for State Adversarial Multi-Agent Reinforcement Learning? arXiv preprint arXiv:2212.02705 (2022).Google Scholar
- Xiangnan He, Lizi Liao, Hanwang Zhang, Liqiang Nie, Xia Hu, and Tat-Seng Chua. 2017. Neural Collaborative Filtering. In Proc. of WWW '17. 173--182.Google ScholarDigital Library
- Hai Huang, Jiaming Mu, Neil Zhenqiang Gong, Qi Li, Bin Liu, and Mingwei Xu. 2021. Data Poisoning Attacks to Deep Learning Based Recommender Systems. arXiv preprint arXiv:2101.02644 (2021).Google Scholar
- Ruoming Jin, Dong Li, Jing Gao, Zhi Liu, Li Chen, and Yang Zhou. 2021. Towards a Better Understanding of Linear Models for Recommendation. In Proc. of KDD'21. ACM, 776--785.Google ScholarDigital Library
- Amir-Hossein Karimi, Gilles Barthe, Borja Balle, and Isabel Valera. 2020. Model-Agnostic Counterfactual Explanations for Consequential Decisions. In Proc. of AISTATS '20, Vol. 108. PMLR, 895--905.Google Scholar
- Ruoyan Kong, Haiyi Zhu, and Joseph A Konstan. 2021. Learning to Ignore: A Case Study of Organization-Wide Bulk Email Effectiveness. Proc. of the ACM on Human-Computer Interaction 5, CSCW1 (2021), 1--23.Google ScholarDigital Library
- Thai Le, Suhang Wang, and Dongwon Lee. 2020. GRACE: Generating Concise and Informative Contrastive Sample to Explain Neural Network Model's Prediction. In Proc. of KDD '20. ACM, 238--248.Google ScholarDigital Library
- Dong Li, Ruoming Jin, Jing Gao, and Zhi Liu. 2020. On Sampling Top-k Recommendation Evaluation. In Proc. of KDD '20. ACM, 2114--2124.Google ScholarDigital Library
- Wei Li, Li Fan, Zhenyu Wang, Chao Ma, and Xiaohui Cui. 2021. Tackling Mode Collapse in Multi-Generator GANs with Orthogonal Vectors. Pattern Recognition 110 (2021), 107646.Google ScholarCross Ref
- Wei Li, Zhixuan Liang, Ping Ma, Ruobei Wang, Xiaohui Cui, and Ping Chen. 2021. Hausdorff GAN: Improving GAN Generation Quality with Hausdorff Metric. IEEE Transactions on Cybernetics (2021).Google Scholar
- Xiaohan Li, Zheng Liu, Luyi Ma, Kaushiki Nag, Stephen Guo, S Yu Philip, and Kannan Achan. 2022. Mitigating Frequency Bias in Next-Basket Recommendation via Deconfounders. In Proc. of BigData '22. IEEE, 616--625.Google ScholarCross Ref
- Xiaohan Li, Mengqi Zhang, Shu Wu, Zheng Liu, Liang Wang, and S Yu Philip. 2020. Dynamic Graph Collaborative Filtering. In Proc. of ICDM '20. IEEE, 322--331.Google ScholarCross Ref
- Ana Lucic, Harrie Oosterhuis, Hinda Haned, and Maarten de Rijke. 2022. FOCUS: Flexible Optimizable Counterfactual Explanations for Tree Ensembles. In Proc. of AAAI '22. AAAI Press, 5313--5322.Google Scholar
- Ramaravind Kommiya Mothilal, Amit Sharma, and Chenhao Tan. 2020. Explaining Machine Learning Classifiers through Diverse Counterfactual Explanations. In Proc. of FAT* '20. ACM, 607--617.Google ScholarDigital Library
- Shanlei Mu, Yaliang Li, Wayne Xin Zhao, Jingyuan Wang, Bolin Ding, and Ji-Rong Wen. 2022. Alleviating Spurious Correlations in Knowledge-Aware Recommendations through Counterfactual Generator. In Proc. of SIGIR '22. ACM, 1401--1411.Google ScholarDigital Library
- Martin Pawelczyk, Himabindu Lakkaraju, and Seth Neel. 2022. On the Privacy Risks of Algorithmic Recourse. arXiv preprint arXiv:2211.05427 (2022).Google Scholar
- Federico Siciliano, Maria Sofia Bucarelli, Gabriele Tolomei, and Fabrizio Silvestri. 2022. NEWRON: A New Generalization of the Artificial Neuron to Enhance the Interpretability of Neural Networks. In Proc. of IJCNN '22. IEEE, 1--17.Google ScholarCross Ref
- Jiaxi Tang, Hongyi Wen, and Ke Wang. 2020. Revisiting Adversarially Learned Injection Attacks against Recommender Systems. In Proc. of RecSys '20. ACM, 318--327.Google ScholarDigital Library
- Gabriele Tolomei and Fabrizio Silvestri. 2021. Generating Actionable Interpretations from Ensembles of Decision Trees. IEEE TKDE 33, 4 (2021), 1540--1553.Google Scholar
- Gabriele Tolomei, Fabrizio Silvestri, Andrew Haines, and Mounia Lalmas. 2017. Interpretable Predictions of Tree-based Ensembles via Actionable Feature Tweaking. In Proc. of KDD '17. ACM, 465--474.Google ScholarDigital Library
- Khanh Hiep Tran, Azin Ghazimatin, and Rishiraj Saha Roy. 2021. Counterfactual Explanations for Neural Recommenders. In Proc. of SIGIR '21. ACM, 1627--1631.Google ScholarDigital Library
- Xinghua Wang, Zhaohui Peng, Senzhang Wang, Philip S Yu, Wenjing Fu, Xiaokang Xu, and Xiaoguang Hong. 2020. CDLFM: Cross-Domain Recommendation for Cold-Start Users via Latent Feature Mapping. Knowledge and Information Systems 62 (2020), 1723--1750.Google ScholarDigital Library
- Yongjie Wang, Hangwei Qian, and Chunyan Miao. 2022. DualCF: Efficient Model Extraction Attack from Counterfactual Explanations. In Proc. of FAccT '22. ACM, 1318--1329.Google ScholarDigital Library
- Xin Xin, Xiangnan He, Yongfeng Zhang, Yongdong Zhang, and Joemon Jose. 2019. Relational Collaborative Filtering: Modeling Multiple Item Relations for Recommendation. In Proc. of SIGIR '19. ACM, 125--134.Google ScholarDigital Library
- Hengtong Zhang, Changxin Tian, Yaliang Li, Lu Su, Nan Yang, Wayne Xin Zhao, and Jing Gao. 2021. Data Poisoning Attack against Recommender System Using Incomplete and Perturbed Data. In Proc. of KDD '21. ACM, 2154--2164.Google ScholarDigital Library
- Hongke Zhao, Qi Liu, Yong Ge, Ruoyan Kong, and Enhong Chen. 2016. Group Preference Aggregation: A Nash Equilibrium Approach. In Proc. of ICDM '16. IEEE, 679--688.Google ScholarCross Ref
- Xuejun Zhao, Wencan Zhang, Xiaokui Xiao, and Brian Lim. 2021. Exploiting Explanations for Model Inversion Attacks. In Proc. of ICCV '21. IEEE, 682--692.Google ScholarCross Ref
Index Terms
- The Dark Side of Explanations: Poisoning Recommender Systems with Counterfactual Examples
Recommendations
Poisoning GNN-based Recommender Systems with Generative Surrogate-based Attacks
With recent advancements in graph neural networks (GNN), GNN-based recommender systems (gRS) have achieved remarkable success in the past few years. Despite this success, existing research reveals that gRSs are still vulnerable to poison attacks, in which ...
Personalized explanations for hybrid recommender systems
IUI '19: Proceedings of the 24th International Conference on Intelligent User InterfacesRecommender systems have become pervasive on the web, shaping the way users see information and thus the decisions they make. As these systems get more complex, there is a growing need for transparency. In this paper, we study the problem of generating ...
Generating and Understanding Personalized Explanations in Hybrid Recommender Systems
Special Issue on IUI 2019 HighlightsRecommender systems are ubiquitous and shape the way users access information and make decisions. As these systems become more complex, there is a growing need for transparency and interpretability. In this article, we study the problem of generating ...
Comments