Shilling Attacks on GNN-Based Recommender Systems with Graph Contrastive Learning
摘要
As Graph Neural Networks (GNN) have become increasingly popular in recommender systems (RSs) due to their ability to capture complex user-item relationships, they have also introduced new vulnerabilities. Specifically, the reliance on graph-structured data makes these systems particularly susceptible to shilling attack, where attackers can manipulate recommendation outcomes by injecting fake users or fabricating interactions. However, existing shilling attacks for GNN-based RSs often fail to fully exploit the graph structure, limiting their effectiveness. In this paper, we propose GraphFaux, a shilling attack for GNN-based RSs that uses graph structural learning to optimize fake interactions, affecting the recommendations of more users. It combines Generative Adversarial Networks (GANs) and Graph Structure Contrastive Learning (GSCL) to generate fake users that closely resemble real users. We use GANs to generate fake user features by combining the target item features with real user behavior. A scoring model then calculates the interaction probabilities for the edges, resulting in a more realistic and effective attack. Additionally, through structural learning, we construct two distinct views and employ contrastive learning to capture fine-grained user-item relationships within the graph. This multi-perspective refinement enhances the fake interactions, optimizing the connections between fake users and target items. Extensive evaluations across three datasets and different recommendation models demonstrate that GraphFaux achieves an average improvement of 11.7%, even compared to state-of-the-art shilling attack methods.