Improving adversarially robust sequential recommendation through generalizable perturbations

Xun Yao; Ruyi He; Xinrong Hu; Jie Yang; Yi Guo; Zijian Huang

doi:10.1109/BigData59044.2023.10386799

Improving adversarially robust sequential recommendation through generalizable perturbations

Xun Yao, Ruyi He, Xinrong Hu, Jie Yang, Yi Guo, Zijian Huang

Western Sydney University

Research output: Chapter in Book / Conference Paper › Conference Paper › peer-review

Abstract

Sequential recommendation is of great importance for a variety of purposes, such as application engineering, resource optimization, and marketing. Yet, existing sequence-based recommendation models are susceptible to adversarial attacks, which aim to perturb input sequences and mislead trained models, resulting in incorrect predictions. Defense methods are accordingly adopted to enhance model robustness. Nevertheless, these methods encounter challenges, such as error propagation (from the model output to generate adversarial samples), the high system complexity, and the difficulty of maintaining the model generalizability. To bridge this gap, this paper introduces a simple yet effective adversarial defense algorithm, termed Perturbation-Driven Sequential Recommendation (PDSR). In the training process, PDSR leverages a simple perturbation-generation module to create adversarial samples, eliminating the need for gradient estimation, thus streamlining the process. Additionally, it also incorporates a robust encoder designed to increase tolerance towards representation variations by ensuring alignment between original and perturbed representations, thereby boosting model generalizability. Comprehensive experiments are conducted based on a combination of five benchmark datasets, two attack methods, and four sequential recommendation models. When compared to four state-of-the-art defense baselines, PDSR demonstrates notable improvements in defense performance.

Original language	English
Title of host publication	Proceedings of the 2023 IEEE International Conference on Big Data
Editors	Jingrui He, Themis Palpanas, Xiaohua Hu, Alfredo Cuzzocrea, Dejing Dou, Dominik Slezak, Wei Wang, Aleksandra Gruca, Jerry Chun-Wei Lin, Rakesh Agrawal
Place of Publication	U.S.
Publisher	IEEE
Pages	1299-1307
Number of pages	9
ISBN (Electronic)	9798350324457
DOIs	https://doi.org/10.1109/BigData59044.2023.10386799
Publication status	Published - 2023
Event	IEEE International Conference on Big Data - Sorrento, Italy Duration: 15 Dec 2023 → 18 Dec 2023

Conference

Conference	IEEE International Conference on Big Data
Country/Territory	Italy
City	Sorrento
Period	15/12/23 → 18/12/23

Keywords

Adversarial Attack
Encoding Alignment
Model Robustness
Perturbation
Sequential Recommendation

Access to Document

10.1109/BigData59044.2023.10386799

Cite this

Yao, X., He, R., Hu, X., Yang, J., Guo, Y., & Huang, Z. (2023). Improving adversarially robust sequential recommendation through generalizable perturbations. In J. He, T. Palpanas, X. Hu, A. Cuzzocrea, D. Dou, D. Slezak, W. Wang, A. Gruca, J. C.-W. Lin, & R. Agrawal (Eds.), Proceedings of the 2023 IEEE International Conference on Big Data (pp. 1299-1307). IEEE. https://doi.org/10.1109/BigData59044.2023.10386799

Yao, Xun ; He, Ruyi ; Hu, Xinrong et al. / Improving adversarially robust sequential recommendation through generalizable perturbations. Proceedings of the 2023 IEEE International Conference on Big Data. editor / Jingrui He ; Themis Palpanas ; Xiaohua Hu ; Alfredo Cuzzocrea ; Dejing Dou ; Dominik Slezak ; Wei Wang ; Aleksandra Gruca ; Jerry Chun-Wei Lin ; Rakesh Agrawal. U.S. : IEEE, 2023. pp. 1299-1307

@inproceedings{97f7a917ebc04b7ba0ec6243e13128bb,

title = "Improving adversarially robust sequential recommendation through generalizable perturbations",

abstract = "Sequential recommendation is of great importance for a variety of purposes, such as application engineering, resource optimization, and marketing. Yet, existing sequence-based recommendation models are susceptible to adversarial attacks, which aim to perturb input sequences and mislead trained models, resulting in incorrect predictions. Defense methods are accordingly adopted to enhance model robustness. Nevertheless, these methods encounter challenges, such as error propagation (from the model output to generate adversarial samples), the high system complexity, and the difficulty of maintaining the model generalizability. To bridge this gap, this paper introduces a simple yet effective adversarial defense algorithm, termed Perturbation-Driven Sequential Recommendation (PDSR). In the training process, PDSR leverages a simple perturbation-generation module to create adversarial samples, eliminating the need for gradient estimation, thus streamlining the process. Additionally, it also incorporates a robust encoder designed to increase tolerance towards representation variations by ensuring alignment between original and perturbed representations, thereby boosting model generalizability. Comprehensive experiments are conducted based on a combination of five benchmark datasets, two attack methods, and four sequential recommendation models. When compared to four state-of-the-art defense baselines, PDSR demonstrates notable improvements in defense performance.",

keywords = "Adversarial Attack, Encoding Alignment, Model Robustness, Perturbation, Sequential Recommendation",

author = "Xun Yao and Ruyi He and Xinrong Hu and Jie Yang and Yi Guo and Zijian Huang",

year = "2023",

doi = "10.1109/BigData59044.2023.10386799",

language = "English",

pages = "1299--1307",

editor = "Jingrui He and Themis Palpanas and Xiaohua Hu and Alfredo Cuzzocrea and Dejing Dou and Dominik Slezak and Wei Wang and Aleksandra Gruca and Lin, {Jerry Chun-Wei} and Rakesh Agrawal",

booktitle = "Proceedings of the 2023 IEEE International Conference on Big Data",

publisher = "IEEE",

note = "IEEE International Conference on Big Data ; Conference date: 15-12-2023 Through 18-12-2023",

}

Yao, X, He, R, Hu, X, Yang, J, Guo, Y & Huang, Z 2023, Improving adversarially robust sequential recommendation through generalizable perturbations. in J He, T Palpanas, X Hu, A Cuzzocrea, D Dou, D Slezak, W Wang, A Gruca, JC-W Lin & R Agrawal (eds), Proceedings of the 2023 IEEE International Conference on Big Data. IEEE, U.S., pp. 1299-1307, IEEE International Conference on Big Data, Sorrento, Italy, 15/12/23. https://doi.org/10.1109/BigData59044.2023.10386799

Improving adversarially robust sequential recommendation through generalizable perturbations. / Yao, Xun; He, Ruyi; Hu, Xinrong et al.
Proceedings of the 2023 IEEE International Conference on Big Data. ed. / Jingrui He; Themis Palpanas; Xiaohua Hu; Alfredo Cuzzocrea; Dejing Dou; Dominik Slezak; Wei Wang; Aleksandra Gruca; Jerry Chun-Wei Lin; Rakesh Agrawal. U.S.: IEEE, 2023. p. 1299-1307.

Research output: Chapter in Book / Conference Paper › Conference Paper › peer-review

TY - GEN

T1 - Improving adversarially robust sequential recommendation through generalizable perturbations

AU - Yao, Xun

AU - He, Ruyi

AU - Hu, Xinrong

AU - Yang, Jie

AU - Guo, Yi

AU - Huang, Zijian

PY - 2023

Y1 - 2023

N2 - Sequential recommendation is of great importance for a variety of purposes, such as application engineering, resource optimization, and marketing. Yet, existing sequence-based recommendation models are susceptible to adversarial attacks, which aim to perturb input sequences and mislead trained models, resulting in incorrect predictions. Defense methods are accordingly adopted to enhance model robustness. Nevertheless, these methods encounter challenges, such as error propagation (from the model output to generate adversarial samples), the high system complexity, and the difficulty of maintaining the model generalizability. To bridge this gap, this paper introduces a simple yet effective adversarial defense algorithm, termed Perturbation-Driven Sequential Recommendation (PDSR). In the training process, PDSR leverages a simple perturbation-generation module to create adversarial samples, eliminating the need for gradient estimation, thus streamlining the process. Additionally, it also incorporates a robust encoder designed to increase tolerance towards representation variations by ensuring alignment between original and perturbed representations, thereby boosting model generalizability. Comprehensive experiments are conducted based on a combination of five benchmark datasets, two attack methods, and four sequential recommendation models. When compared to four state-of-the-art defense baselines, PDSR demonstrates notable improvements in defense performance.

AB - Sequential recommendation is of great importance for a variety of purposes, such as application engineering, resource optimization, and marketing. Yet, existing sequence-based recommendation models are susceptible to adversarial attacks, which aim to perturb input sequences and mislead trained models, resulting in incorrect predictions. Defense methods are accordingly adopted to enhance model robustness. Nevertheless, these methods encounter challenges, such as error propagation (from the model output to generate adversarial samples), the high system complexity, and the difficulty of maintaining the model generalizability. To bridge this gap, this paper introduces a simple yet effective adversarial defense algorithm, termed Perturbation-Driven Sequential Recommendation (PDSR). In the training process, PDSR leverages a simple perturbation-generation module to create adversarial samples, eliminating the need for gradient estimation, thus streamlining the process. Additionally, it also incorporates a robust encoder designed to increase tolerance towards representation variations by ensuring alignment between original and perturbed representations, thereby boosting model generalizability. Comprehensive experiments are conducted based on a combination of five benchmark datasets, two attack methods, and four sequential recommendation models. When compared to four state-of-the-art defense baselines, PDSR demonstrates notable improvements in defense performance.

KW - Adversarial Attack

KW - Encoding Alignment

KW - Model Robustness

KW - Perturbation

KW - Sequential Recommendation

UR - http://www.scopus.com/inward/record.url?scp=85184977635&partnerID=8YFLogxK

UR - https://ezproxy.uws.edu.au/login?url=https://doi.org/10.1109/BigData59044.2023.10386799

U2 - 10.1109/BigData59044.2023.10386799

DO - 10.1109/BigData59044.2023.10386799

M3 - Conference Paper

AN - SCOPUS:85184977635

SP - 1299

EP - 1307

BT - Proceedings of the 2023 IEEE International Conference on Big Data

A2 - He, Jingrui

A2 - Palpanas, Themis

A2 - Hu, Xiaohua

A2 - Cuzzocrea, Alfredo

A2 - Dou, Dejing

A2 - Slezak, Dominik

A2 - Wang, Wei

A2 - Gruca, Aleksandra

A2 - Lin, Jerry Chun-Wei

A2 - Agrawal, Rakesh

PB - IEEE

CY - U.S.

T2 - IEEE International Conference on Big Data

Y2 - 15 December 2023 through 18 December 2023

ER -

Yao X, He R, Hu X, Yang J, Guo Y, Huang Z. Improving adversarially robust sequential recommendation through generalizable perturbations. In He J, Palpanas T, Hu X, Cuzzocrea A, Dou D, Slezak D, Wang W, Gruca A, Lin JCW, Agrawal R, editors, Proceedings of the 2023 IEEE International Conference on Big Data. U.S.: IEEE. 2023. p. 1299-1307 doi: 10.1109/BigData59044.2023.10386799

Improving adversarially robust sequential recommendation through generalizable perturbations

Abstract

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this