Link: http://arxiv.org/abs/2508.15252v1
PDF Link: http://arxiv.org/pdf/2508.15252v1
Summary: Recent studies have shown that recommender systems (RSs) are highlyvulnerable to data poisoning attacks, where malicious actors inject fake userprofiles, including a group of well-designed fake ratings, to manipulaterecommendations.
Due to security and privacy constraints in practice, attackerstypically possess limited knowledge of the victim system and thus need to craftprofiles that have transferability across black-box RSs.
To maximize the attackimpact, the profiles often remains imperceptible.
However, generating suchhigh-quality profiles with the restricted resources is challenging.
Some workssuggest incorporating fake textual reviews to strengthen the profiles; yet, thepoor quality of the reviews largely undermines the attack effectiveness andimperceptibility under the practical setting.
To tackle the above challenges, in this paper, we propose to enhance thequality of the review text by harnessing in-context learning (ICL) capabilitiesof multimodal foundation models.
To this end, we introduce a demonstrationretrieval algorithm and a text style transfer strategy to augment the navieICL.
Specifically, we propose a novel practical attack framework named RAGAN togenerate high-quality fake user profiles, which can gain insights into therobustness of RSs.
The profiles are generated by a jailbreaker andcollaboratively optimized on an instructional agent and a guardian to improvethe attack transferability and imperceptibility.
Comprehensive experiments onvarious real-world datasets demonstrate that RAGAN achieves thestate-of-the-art poisoning attack performance.
Published on arXiv on: 2025-08-21T05:25:22Z