Saved in:
Bibliographic Details
Main Authors: Li, Runze, Jin, Di, Wang, Xiaobao, He, Dongxiao, Feng, Bingdao, Wang, Zhen
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2506.08401
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866916787554091008
author Li, Runze
Jin, Di
Wang, Xiaobao
He, Dongxiao
Feng, Bingdao
Wang, Zhen
author_facet Li, Runze
Jin, Di
Wang, Xiaobao
He, Dongxiao
Feng, Bingdao
Wang, Zhen
contents Graph recommendation systems have been widely studied due to their ability to effectively capture the complex interactions between users and items. However, these systems also exhibit certain vulnerabilities when faced with attacks. The prevailing shilling attack methods typically manipulate recommendation results by injecting a large number of fake nodes and edges. However, such attack strategies face two primary challenges: low stealth and high destructiveness. To address these challenges, this paper proposes a novel graph backdoor attack method that aims to enhance the exposure of target items to the target user in a covert manner, without affecting other unrelated nodes. Specifically, we design a single-node trigger generator, which can effectively expose multiple target items to the target user by inserting only one fake user node. Additionally, we introduce constraint conditions between the target nodes and irrelevant nodes to mitigate the impact of fake nodes on the recommendation system's performance. Experimental results show that the exposure of the target items reaches no less than 50% in 99% of the target users, while the impact on the recommendation system's performance is controlled within approximately 5%.
format Preprint
id arxiv_https___arxiv_org_abs_2506_08401
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Single-Node Trigger Backdoor Attacks in Graph-Based Recommendation Systems
Li, Runze
Jin, Di
Wang, Xiaobao
He, Dongxiao
Feng, Bingdao
Wang, Zhen
Artificial Intelligence
Graph recommendation systems have been widely studied due to their ability to effectively capture the complex interactions between users and items. However, these systems also exhibit certain vulnerabilities when faced with attacks. The prevailing shilling attack methods typically manipulate recommendation results by injecting a large number of fake nodes and edges. However, such attack strategies face two primary challenges: low stealth and high destructiveness. To address these challenges, this paper proposes a novel graph backdoor attack method that aims to enhance the exposure of target items to the target user in a covert manner, without affecting other unrelated nodes. Specifically, we design a single-node trigger generator, which can effectively expose multiple target items to the target user by inserting only one fake user node. Additionally, we introduce constraint conditions between the target nodes and irrelevant nodes to mitigate the impact of fake nodes on the recommendation system's performance. Experimental results show that the exposure of the target items reaches no less than 50% in 99% of the target users, while the impact on the recommendation system's performance is controlled within approximately 5%.
title Single-Node Trigger Backdoor Attacks in Graph-Based Recommendation Systems
topic Artificial Intelligence
url https://arxiv.org/abs/2506.08401