MSAP: Multi-Step Adversarial Perturbations on Recommender Systems Embeddings

Recommender systems (RSs) have attained exceptional performance in learning users' preferences and finding the most suitable products. Recent advances adversarial machine (AML) computer vision raised interests recommenders' security.It has been demonstrated that widely adopted model-based recommenders, e.g., BPR-MF, are not robust to perturbations added on learned parameters, embeddings, which can cause drastic reduction of recommendation accuracy.However, state-of-the-art method, named fast gradient sign method (FGSM), builds perturbation with a single-step procedure. In this work, we extend FGSM proposing multi-step (MSAP) procedures study robustness under powerful methods. Letting fixed magnitude, illustrate MSAP is much more harmful than corrupting BPR-MF. Then, assess efficacy robustified version i.e., AMF. Finally, analyze variations fairness measurements each perturbed recommender. Code data available at https://github.com/sisinflab/MSAP.