GBCG: Granular Ball and Counterfactual Guided Profile Injection Attack in Recommender Systems
摘要
Recommender systems are vulnerable to shilling attacks, where adversaries inject fabricated user profiles to manipulate recommendation outcomes. Existing attacks often exhibit limited effectiveness under resource constraints, weak transferability, and poor stealthiness. This paper introduces GBCG (Granular Ball and Counterfactual Guided) attack, a generative shilling framework that achieves efficient and stealthy attacks in black-box and budget-limited settings. GBCG integrates three interdependent modules forming a unified attack pipeline. Granular-ball computing partitions the item embedding space into multi-granular clusters, providing structural priors that refine the candidate space. Counterfactual gain estimation, built upon these priors, evaluates each candidate’s marginal contribution to target exposure through sampled user feedback and guides the selection of high-impact items. A WGAN-GP-based generator, conditioned on the selected items, learns real users’ rating distributions to synthesize realistic fake profiles. Experiments on multiple public datasets and representative recommender systems show that GBCG consistently outperforms mainstream baselines in effectiveness, generalization, and stealthiness. Ablation and visualization analyses further confirm its validity, establishing GBCG as a robust benchmark for evaluating the security of recommender systems. Our code is available at: https://github.com/KREML0/GBCG .