IEEE Access (Jan 2022)
Directional Adversarial Training for Robust Ownership-Based Recommendation System
Abstract
Machine learning algorithms are susceptible to cyberattacks, posing security problems in computer vision, speech recognition, and recommendation systems. So far, researchers have made great strides in adopting adversarial training as a defensive strategy. Single-step adversarial training methods have been proposed as viable solutions for improving model generality and resilience. However, there has been little study to address this issue in the context of ownership-based recommendations, which may fail to capture stable results. In this work, we adapt the single-step adversarial training for ownership recommendation systems. Our main technical contributions are as follows: (1) We propose Adversarial Consumption and Production Relationship (ACPR), a model that combines factorization machine and single-step adversarial training for ownership recommendations. It enables us to take advantage of modeling consumption-production interactions with a factorization machine instead of the conventional matrix factorization method for ownership recommendations. (2) We enrich the ACPR technique with directional adversarial training and call our technique Adversarial Consumption and Production Relationship-Aware Directional Adversarial Model (ACPR-ADAM). The idea behind our ACPR-ADAM is that instead of the worst perturbation direction, the perturbation direction in the embedding space is restricted to other examples in the current embedding space, allowing us to incorporate the collaborative signal into the training process. Lastly, through extensive evaluations on Reddit and Pinterest, we demonstrate that our proposed method outperforms state-of-the-art methods. Compared with CPR and ACPR on Reddit and Pinterest datasets, our proposed ACPR-ADAM achieves 93%, 88%, and 72%, 69% enhancement in terms of AUC and HR, respectively.
Keywords
