Saved in:
Bibliographic Details
Main Authors: Zhao, Shilong, Sun, Fei, Zhang, Kaike, Jing, Shaoling, Su, Du, Shi, Zhichao, Yin, Zhiyi, Shen, Huawei, Cheng, Xueqi
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2507.16969
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866913955406938112
author Zhao, Shilong
Sun, Fei
Zhang, Kaike
Jing, Shaoling
Su, Du
Shi, Zhichao
Yin, Zhiyi
Shen, Huawei
Cheng, Xueqi
author_facet Zhao, Shilong
Sun, Fei
Zhang, Kaike
Jing, Shaoling
Su, Du
Shi, Zhichao
Yin, Zhiyi
Shen, Huawei
Cheng, Xueqi
contents Recent studies have demonstrated the vulnerability of sequential recommender systems to Model Extraction Attacks (MEAs). MEAs collect responses from recommender systems to replicate their functionality, enabling unauthorized deployments and posing critical privacy and security risks. Black-box attacks in prior MEAs are ineffective at exposing recommender system vulnerabilities due to random sampling in data selection, which leads to misaligned synthetic and real-world distributions. To overcome this limitation, we propose LLM4MEA, a novel model extraction method that leverages Large Language Models (LLMs) as human-like rankers to generate data. It generates data through interactions between the LLM ranker and target recommender system. In each interaction, the LLM ranker analyzes historical interactions to understand user behavior, and selects items from recommendations with consistent preferences to extend the interaction history, which serves as training data for MEA. Extensive experiments demonstrate that LLM4MEA significantly outperforms existing approaches in data quality and attack performance, reducing the divergence between synthetic and real-world data by up to 64.98% and improving MEA performance by 44.82% on average. From a defensive perspective, we propose a simple yet effective defense strategy and identify key hyperparameters of recommender systems that can mitigate the risk of MEAs.
format Preprint
id arxiv_https___arxiv_org_abs_2507_16969
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle LLM4MEA: Data-free Model Extraction Attacks on Sequential Recommenders via Large Language Models
Zhao, Shilong
Sun, Fei
Zhang, Kaike
Jing, Shaoling
Su, Du
Shi, Zhichao
Yin, Zhiyi
Shen, Huawei
Cheng, Xueqi
Information Retrieval
Recent studies have demonstrated the vulnerability of sequential recommender systems to Model Extraction Attacks (MEAs). MEAs collect responses from recommender systems to replicate their functionality, enabling unauthorized deployments and posing critical privacy and security risks. Black-box attacks in prior MEAs are ineffective at exposing recommender system vulnerabilities due to random sampling in data selection, which leads to misaligned synthetic and real-world distributions. To overcome this limitation, we propose LLM4MEA, a novel model extraction method that leverages Large Language Models (LLMs) as human-like rankers to generate data. It generates data through interactions between the LLM ranker and target recommender system. In each interaction, the LLM ranker analyzes historical interactions to understand user behavior, and selects items from recommendations with consistent preferences to extend the interaction history, which serves as training data for MEA. Extensive experiments demonstrate that LLM4MEA significantly outperforms existing approaches in data quality and attack performance, reducing the divergence between synthetic and real-world data by up to 64.98% and improving MEA performance by 44.82% on average. From a defensive perspective, we propose a simple yet effective defense strategy and identify key hyperparameters of recommender systems that can mitigate the risk of MEAs.
title LLM4MEA: Data-free Model Extraction Attacks on Sequential Recommenders via Large Language Models
topic Information Retrieval
url https://arxiv.org/abs/2507.16969