Adversarial Attacks for Black-Box Recommender Systems Via Copying Transferable Cross-Domain User Profiles

Wenqi Fan, Xiangyu Zhao, Qing Li, Tyler Derr, Yao Ma, Hui Liu, Jianping Wang, Jiliang Tang

Research output: Contribution to journalArticlepeer-review


As widely used in data-driven decision-making, recommender systems have been recognized for their capabilities to provide users with personalized services in many user-oriented online services, such as E-commerce (e.g., Amazon, Taobao, etc.) and Social Media sites (e.g., Facebook and Twitter). Recent works have shown that deep neural networks-based recommender systems are highly vulnerable to adversarial attacks, where adversaries can inject carefully crafted fake user profiles (i.e., a set of items that fake users have interacted with) into a target recommender system to promote or demote a set of target items. Instead of generating users with fake profiles from scratch, in this paper, we introduce a novel strategy to obtain “fake” user profiles via copying cross-domain user profiles, where a reinforcement learning based black-box attacking framework (CopyAttack+) is developed to effectively and efficiently select cross-domain user profiles from the source domain to attack the target system. Moreover, we propose to train a local surrogate system for mimicking adversarial black-box attacks in the source domain, so as to provide transferable signals with the purpose of enhancing the attacking strategy in the target black-box recommender system. Comprehensive experiments on three real-world datasets are conducted to demonstrate the effectiveness of the proposed attacking framework.

Original languageEnglish (US)
Pages (from-to)1-14
Number of pages14
JournalIEEE Transactions on Knowledge and Data Engineering
StateAccepted/In press - 2023

All Science Journal Classification (ASJC) codes

  • Information Systems
  • Computer Science Applications
  • Computational Theory and Mathematics


  • Adversarial attacks
  • Behavioral sciences
  • black-box attacks
  • Closed box
  • Computational modeling
  • cross-domain recommendations
  • Data models
  • Motion pictures
  • recommender systems
  • Recommender systems
  • Reinforcement learning
  • trustworthy recommender systems


Dive into the research topics of 'Adversarial Attacks for Black-Box Recommender Systems Via Copying Transferable Cross-Domain User Profiles'. Together they form a unique fingerprint.

Cite this