Fake Co-visitation Injection Attacks to Recommender Systems

Recommender systems have become an essential component in a wide range of web services. It is believed that recommender systems recommend a user items (e.g., videos on YouTube, products on Amazon) that match the user's preference. In this work, we propose new attacks to recommender systems. Our attacks exploit fundamental vulnerabilities of recommender systems and can spoof a recommender system to make recommendations as an attacker desires. Our key idea is to inject fake co-visitations to the system. Given a bounded number of fake co-visitations that an attacker can inject, two key challenges are 1) which items the attacker should inject fake co-visitations to, and 2) how many fake co-visitations an attacker should inject to each item. We address these challenges via modelling our attacks as constrained linear optimization problems, by solving which the attacker can perform attacks with maximal threats. We demonstrate the feasibility and effectiveness of our attacks via evaluations on both synthetic data and real-world recommender systems on several popular web services including YouTube, eBay, Amazon, Yelp, and LinkedIn. We also discuss strategies to mitigate our attacks. Permission to freely reproduce all or part of this paper for noncommercial purposes is granted provided that copies bear this notice and the full citation on the first page. Reproduction for commercial purposes is strictly prohibited without the prior written consent of the Internet Society, the first-named author (for reproduction of an entire paper only), and the author's employer if the paper was prepared within the scope of employment.