Litcius/Paper detail

Black-Box Attacks on Sequential Recommenders via Data-Free Model Extraction

Zhenrui Yue, Zhankui He, Huimin Zeng, Julian McAuley

202159 citationsDOIOpen Access PDF

Abstract

We investigate whether model extraction can be used to ‘steal’ the weights of sequential recommender systems, and the potential threats posed to victims of such attacks. This type of risk has attracted attention in image and text classification, but to our knowledge not in recommender systems. We argue that sequential recommender systems are subject to unique vulnerabilities due to the specific autoregressive regimes used to train them. Unlike many existing recommender attackers, which assume the dataset used to train the victim model is exposed to attackers, we consider a data-free setting, where training data are not accessible. Under this setting, we propose an API-based model extraction method via limited-budget synthetic data generation and knowledge distillation. We investigate state-of-the-art models for sequential recommendation and show their vulnerability under model extraction and downstream attacks.

Topics & Concepts

Computer scienceRecommender systemVulnerability (computing)Autoregressive modelSynthetic dataData miningArtificial intelligenceMachine learningInformation retrievalComputer securityEconomicsEconometricsAdversarial Robustness in Machine LearningMachine Learning in HealthcareTopic Modeling