An Adversarial Model with Diffusion for Robust Recommendation against Shilling Attack

Thi-Hanh Le; Padipat Sitkrongwong; Panagiotis Andriotis; Quang-Thuy Ha; Atsuhiro Takasu

doi:10.1145/3672608.3707821

An Adversarial Model with Diffusion for Robust Recommendation against Shilling Attack

Thi-Hanh Le^*, Padipat Sitkrongwong, Panagiotis Andriotis, Quang-Thuy Ha, Atsuhiro Takasu

^*Corresponding author for this work

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Recommender systems (RSs) are extensively utilized in e-commerce to predict users' future preferences for unseen items based on historical user-item interactions. These systems, however, are vulnerable to manipulations by malicious actors, such as unsolicited users or vendors, through various shilling attacks. Such attacks intentionally skew recommendations by injecting biased data to promote or demote certain products or services. To address this issue, we propose a generative model called Diff-WassGAN, designed to mitigate the impact of shilling attacks within an adversarial learning framework. Diff-WassGAN uses a combination of Diffusion model (DiffRec) and a GAN framework (CFGAN) to leverage the adversarial advantages of GAN and the personalization advantages of DiffRec. We employ a diffusion model as the generator to process the inherently noisy and sparse historical user-item interactions. The discriminator is a multi-layer perceptron that employs Wasserstein distance as its loss function. We conducted preliminary experiments using four well-known evaluation datasets: MovieLens 100K, MovieLens 1M, Amazon-apps, and Yelp. By simulating various attack scenarios by integrating fake interactions in the dataset, we demonstrate that our Diff-WassGAN model outperforms baseline models across most datasets and attack types, showing better resistance against shilling attacks.

Original language	English
Title of host publication	SAC '25
Subtitle of host publication	Proceedings of the 40th ACM/SIGAPP Symposium on Applied Computing
Publisher	Association for Computing Machinery (ACM)
Pages	2061-2068
Number of pages	8
ISBN (Electronic)	9798400706295
DOIs	https://doi.org/10.1145/3672608.3707821
Publication status	Published - 14 May 2025
Event	The 40th ACM/SIGAPP Symposium On Applied Computing - University of Catania, Catania, Italy Duration: 31 Mar 2025 → 4 Apr 2025 https://www.sigapp.org/sac/sac2025/index.php

Publication series

Name	SAC: Symposium on Applied Computing
Publisher	Association for Computing Machinery
Volume	25

Conference

Conference	The 40th ACM/SIGAPP Symposium On Applied Computing
Abbreviated title	SAC2025
Country/Territory	Italy
City	Catania
Period	31/03/25 → 4/04/25
Internet address	https://www.sigapp.org/sac/sac2025/index.php

Access to Document

10.1145/3672608.3707821Licence: None: All rights reserved

Best Paper Award
Andriotis, P. (Recipient), 4 Apr 2025
Prize: National/international honour

Cite this

Le, T.-H., Sitkrongwong, P., Andriotis, P., Ha, Q.-T., & Takasu, A. (2025). An Adversarial Model with Diffusion for Robust Recommendation against Shilling Attack. In SAC '25: Proceedings of the 40th ACM/SIGAPP Symposium on Applied Computing (pp. 2061-2068). (SAC: Symposium on Applied Computing; Vol. 25). Association for Computing Machinery (ACM). https://doi.org/10.1145/3672608.3707821

@inproceedings{6d13d76ce48f416cad441465c4e91539,

title = "An Adversarial Model with Diffusion for Robust Recommendation against Shilling Attack",

abstract = "Recommender systems (RSs) are extensively utilized in e-commerce to predict users' future preferences for unseen items based on historical user-item interactions. These systems, however, are vulnerable to manipulations by malicious actors, such as unsolicited users or vendors, through various shilling attacks. Such attacks intentionally skew recommendations by injecting biased data to promote or demote certain products or services. To address this issue, we propose a generative model called Diff-WassGAN, designed to mitigate the impact of shilling attacks within an adversarial learning framework. Diff-WassGAN uses a combination of Diffusion model (DiffRec) and a GAN framework (CFGAN) to leverage the adversarial advantages of GAN and the personalization advantages of DiffRec. We employ a diffusion model as the generator to process the inherently noisy and sparse historical user-item interactions. The discriminator is a multi-layer perceptron that employs Wasserstein distance as its loss function. We conducted preliminary experiments using four well-known evaluation datasets: MovieLens 100K, MovieLens 1M, Amazon-apps, and Yelp. By simulating various attack scenarios by integrating fake interactions in the dataset, we demonstrate that our Diff-WassGAN model outperforms baseline models across most datasets and attack types, showing better resistance against shilling attacks.",

author = "Thi-Hanh Le and Padipat Sitkrongwong and Panagiotis Andriotis and Quang-Thuy Ha and Atsuhiro Takasu",

year = "2025",

month = may,

day = "14",

doi = "10.1145/3672608.3707821",

language = "English",

series = "SAC: Symposium on Applied Computing",

publisher = "Association for Computing Machinery (ACM)",

pages = "2061--2068",

booktitle = "SAC '25",

address = "United States",

note = "The 40th ACM/SIGAPP Symposium On Applied Computing, SAC2025 ; Conference date: 31-03-2025 Through 04-04-2025",

url = "https://www.sigapp.org/sac/sac2025/index.php",

}

Le, T-H, Sitkrongwong, P, Andriotis, P, Ha, Q-T & Takasu, A 2025, An Adversarial Model with Diffusion for Robust Recommendation against Shilling Attack. in SAC '25: Proceedings of the 40th ACM/SIGAPP Symposium on Applied Computing. SAC: Symposium on Applied Computing, vol. 25, Association for Computing Machinery (ACM), pp. 2061-2068, The 40th ACM/SIGAPP Symposium On Applied Computing, Catania, Italy, 31/03/25. https://doi.org/10.1145/3672608.3707821

An Adversarial Model with Diffusion for Robust Recommendation against Shilling Attack. / Le, Thi-Hanh; Sitkrongwong, Padipat; Andriotis, Panagiotis et al.
SAC '25: Proceedings of the 40th ACM/SIGAPP Symposium on Applied Computing. Association for Computing Machinery (ACM), 2025. p. 2061-2068 (SAC: Symposium on Applied Computing; Vol. 25).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - An Adversarial Model with Diffusion for Robust Recommendation against Shilling Attack

AU - Le, Thi-Hanh

AU - Sitkrongwong, Padipat

AU - Andriotis, Panagiotis

AU - Ha, Quang-Thuy

AU - Takasu, Atsuhiro

PY - 2025/5/14

Y1 - 2025/5/14

N2 - Recommender systems (RSs) are extensively utilized in e-commerce to predict users' future preferences for unseen items based on historical user-item interactions. These systems, however, are vulnerable to manipulations by malicious actors, such as unsolicited users or vendors, through various shilling attacks. Such attacks intentionally skew recommendations by injecting biased data to promote or demote certain products or services. To address this issue, we propose a generative model called Diff-WassGAN, designed to mitigate the impact of shilling attacks within an adversarial learning framework. Diff-WassGAN uses a combination of Diffusion model (DiffRec) and a GAN framework (CFGAN) to leverage the adversarial advantages of GAN and the personalization advantages of DiffRec. We employ a diffusion model as the generator to process the inherently noisy and sparse historical user-item interactions. The discriminator is a multi-layer perceptron that employs Wasserstein distance as its loss function. We conducted preliminary experiments using four well-known evaluation datasets: MovieLens 100K, MovieLens 1M, Amazon-apps, and Yelp. By simulating various attack scenarios by integrating fake interactions in the dataset, we demonstrate that our Diff-WassGAN model outperforms baseline models across most datasets and attack types, showing better resistance against shilling attacks.

AB - Recommender systems (RSs) are extensively utilized in e-commerce to predict users' future preferences for unseen items based on historical user-item interactions. These systems, however, are vulnerable to manipulations by malicious actors, such as unsolicited users or vendors, through various shilling attacks. Such attacks intentionally skew recommendations by injecting biased data to promote or demote certain products or services. To address this issue, we propose a generative model called Diff-WassGAN, designed to mitigate the impact of shilling attacks within an adversarial learning framework. Diff-WassGAN uses a combination of Diffusion model (DiffRec) and a GAN framework (CFGAN) to leverage the adversarial advantages of GAN and the personalization advantages of DiffRec. We employ a diffusion model as the generator to process the inherently noisy and sparse historical user-item interactions. The discriminator is a multi-layer perceptron that employs Wasserstein distance as its loss function. We conducted preliminary experiments using four well-known evaluation datasets: MovieLens 100K, MovieLens 1M, Amazon-apps, and Yelp. By simulating various attack scenarios by integrating fake interactions in the dataset, we demonstrate that our Diff-WassGAN model outperforms baseline models across most datasets and attack types, showing better resistance against shilling attacks.

UR - https://dl.acm.org/conference/sac

UR - https://www.sigapp.org/sac/sac2025/

UR - https://www.scopus.com/pages/publications/105006409773

U2 - 10.1145/3672608.3707821

DO - 10.1145/3672608.3707821

M3 - Conference contribution

T3 - SAC: Symposium on Applied Computing

SP - 2061

EP - 2068

BT - SAC '25

PB - Association for Computing Machinery (ACM)

T2 - The 40th ACM/SIGAPP Symposium On Applied Computing

Y2 - 31 March 2025 through 4 April 2025

ER -

An Adversarial Model with Diffusion for Robust Recommendation against Shilling Attack

Abstract

Publication series

Conference

Access to Document

Fingerprint

Prizes

Best Paper Award

Cite this