Denoise to Protect: A Method to Robustify Visual Recommenders from Adversaries

Proceedings of the 46th International ACM SIGIR Conference on Research and Development in Information Retrieval Pub Date : 2023-07-18 DOI:10.1145/3539618.3591971

Felice Antonio Merra, V. W. Anelli, Tommaso Di Noia, Daniele Malitesta, Alberto Carlo Maria Mancino

{"title":"Denoise to Protect: A Method to Robustify Visual Recommenders from Adversaries","authors":"Felice Antonio Merra, V. W. Anelli, Tommaso Di Noia, Daniele Malitesta, Alberto Carlo Maria Mancino","doi":"10.1145/3539618.3591971","DOIUrl":null,"url":null,"abstract":"While the integration of product images enhances the recommendation performance of visual-based recommender systems (VRSs), this can make the model vulnerable to adversaries that can produce noised images capable to alter the recommendation behavior. Recently, stronger and stronger adversarial attacks have emerged to raise awareness of these risks; however, effective defense methods are still an urgent open challenge. In this work, we propose \"Adversarial Image Denoiser\" (AiD), a novel defense method that cleans up the item images by malicious perturbations. In particular, we design a training strategy whose denoising objective is to minimize both the visual differences between clean and adversarial images and preserve the ranking performance in authentic settings. We perform experiments to evaluate the efficacy of AiD using three state-of-the-art adversarial attacks mounted against standard VRSs. Code and datasets at https://github.com/sisinflab/Denoise-to-protect-VRS.","PeriodicalId":425056,"journal":{"name":"Proceedings of the 46th International ACM SIGIR Conference on Research and Development in Information Retrieval","volume":"70 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 46th International ACM SIGIR Conference on Research and Development in Information Retrieval","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3539618.3591971","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

While the integration of product images enhances the recommendation performance of visual-based recommender systems (VRSs), this can make the model vulnerable to adversaries that can produce noised images capable to alter the recommendation behavior. Recently, stronger and stronger adversarial attacks have emerged to raise awareness of these risks; however, effective defense methods are still an urgent open challenge. In this work, we propose "Adversarial Image Denoiser" (AiD), a novel defense method that cleans up the item images by malicious perturbations. In particular, we design a training strategy whose denoising objective is to minimize both the visual differences between clean and adversarial images and preserve the ranking performance in authentic settings. We perform experiments to evaluate the efficacy of AiD using three state-of-the-art adversarial attacks mounted against standard VRSs. Code and datasets at https://github.com/sisinflab/Denoise-to-protect-VRS.

查看原文本刊更多论文

噪声保护:一种鲁棒化视觉推荐的方法

虽然产品图像的集成增强了基于视觉的推荐系统(vrs)的推荐性能，但这可能使模型容易受到对手的攻击，这些对手可以产生能够改变推荐行为的噪声图像。最近，出现了越来越强烈的对抗性攻击，提高了对这些风险的认识;然而，有效的防御方法仍然是一个紧迫的公开挑战。在这项工作中，我们提出了“对抗图像去噪”(AiD)，这是一种新的防御方法，通过恶意扰动来清除项目图像。特别是，我们设计了一种训练策略，其去噪目标是最小化干净图像和对抗图像之间的视觉差异，并保持真实设置中的排名性能。我们使用三种最先进的对抗性攻击来评估AiD对标准vrs的有效性。代码和数据集在https://github.com/sisinflab/Denoise-to-protect-VRS。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 46th International ACM SIGIR Conference on Research and Development in Information Retrieval

自引率

0.00%

发文量