Adversarial Attacks for Black-Box Recommender Systems via Copying Transferable Cross-Domain User Profiles

Wenqi Fan, Xiangyu Zhao, Qing Li, Tyler Derr, Yao Ma, Hui Liu, Jianping Wang, Jiliang Tang

Research output: Contribution to journalArticlepeer-review

1 Scopus citations


As widely used in data-driven decision-making, recommender systems have been recognized for their capabilities to provide users with personalized services in many user-oriented online services, such as E-commerce (e.g., Amazon, Taobao, etc.) and Social Media sites (e.g., Facebook and Twitter). Recent works have shown that deep neural networks-based recommender systems are highly vulnerable to adversarial attacks, where adversaries can inject carefully crafted fake user profiles (i.e., a set of items that fake users have interacted with) into a target recommender system to promote or demote a set of target items. Instead of generating users with fake profiles from scratch, in this article, we introduce a novel strategy to obtain 'fake' user profiles via copying cross-domain user profiles, where a reinforcement learning based black-box attacking framework (CopyAttack+) is developed to effectively and efficiently select cross-domain user profiles from the source domain to attack the target system. Moreover, we propose to train a local surrogate system for mimicking adversarial black-box attacks in the source domain, so as to provide transferable signals with the purpose of enhancing the attacking strategy in the target black-box recommender system. Comprehensive experiments on three real-world datasets are conducted to demonstrate the effectiveness of the proposed attacking framework.

Original languageEnglish (US)
Pages (from-to)12415-12429
Number of pages15
JournalIEEE Transactions on Knowledge and Data Engineering
Issue number12
StatePublished - Dec 1 2023

All Science Journal Classification (ASJC) codes

  • Information Systems
  • Computer Science Applications
  • Computational Theory and Mathematics


  • Recommender systems
  • adversarial attacks
  • black-box attacks
  • cross-domain recommendations
  • trustworthy recommender systems


Dive into the research topics of 'Adversarial Attacks for Black-Box Recommender Systems via Copying Transferable Cross-Domain User Profiles'. Together they form a unique fingerprint.

Cite this