Adversarial Training Towards Robust Multimedia Recommender System

Tang, Jinhui; Du, Xiaoyu; He, Xiangnan; Yuan, Fajie; Tian, Qi; Chua, Tat-Seng

doi:10.1109/tkde.2019.2893638

Cited by 154 publications

(104 citation statements)

References 41 publications

(59 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Adversarial Training (AT) is a dynamic regularization technique that proactively simulates the perturbations during the training phase [15]. It has been empirically shown to be able to stabilize neural networks, and enhance their robustness against perturbations in standard classification tasks [16]- [21]. Therefore, employing a similar approach to that of AT on a graph neural network model would also be helpful to the model's robustness.…”

Section: Introductionmentioning

confidence: 99%

Graph Adversarial Training: Dynamically Regularizing Based on Graph Structure

Feng

Tang

et al. 2021

IEEE Trans. Knowl. Data Eng.

Self Cite

143

View full text Add to dashboard Cite

Recent efforts show that neural networks are vulnerable to small but intentional perturbations on input features in visual classification tasks. Due to the additional consideration of connections between examples (e.g., articles with citation link tend to be in the same class), graph neural networks could be more sensitive to the perturbations, since the perturbations from connected examples exacerbate the impact on a target example. Adversarial Training (AT), a dynamic regularization technique, can resist the worst-case perturbations on input features and is a promising choice to improve model robustness and generalization. However, existing AT methods focus on standard classification, being less effective when training models on graph since it does not model the impact from connected examples. In this work, we explore adversarial training on graph, aiming to improve the robustness and generalization of models learned on graph. We propose Graph Adversarial Training (GraphAT), which takes the impact from connected examples into account when learning to construct and resist perturbations. We give a general formulation of GraphAT, which can be seen as a dynamic regularization scheme based on the graph structure. To demonstrate the utility of GraphAT, we employ it on a state-of-the-art graph neural network model -Graph Convolutional Network (GCN). We conduct experiments on two citation graphs (Citeseer and Cora) and a knowledge graph (NELL), verifying the effectiveness of GraphAT which outperforms normal training on GCN by 4.51% in node classification accuracy. Codes are available via: https://github.com/fulifeng/GraphAT.

show abstract

Section: Introductionmentioning

confidence: 99%

Graph Adversarial Training: Dynamically Regularizing Based on Graph Structure

Feng

Tang

et al. 2021

IEEE Trans. Knowl. Data Eng.

Self Cite

143

View full text Add to dashboard Cite

show abstract

“…Adversarial training consists of injecting adversarial samples -generated via a specific attack model such as FGSM [45] or BIM [65]-into each step of the training process. It has been reported -both in RS [112] and ML [130]-that this process leads to robustness against adversarial samples (based on the specific attack type on which the model was trained on), and better generalization performance on clean samples. For instance, in [112], the authors show that the negative impact of adversarial attacks measured in terms of nDCG is reduced from -8.7% to -1.4% when using adversarial training instead of classical training.…”

Section: Cf Models Since Early Yearsmentioning

confidence: 99%

“…[AMR] Tang et al [112] put under adversarial framework another BPR model, namely visual-BPR (VBPR). VBPR is built upon BPR and extends it by incorporating visual dimensions (originally based on deep CNN feature) by using an embedding matrix.…”

Section: Adversarial Machine Learning For Attack and Defense On Rsmentioning

confidence: 99%

Adversarial Machine Learning in Recommender Systems (AML-RecSys)

Deldjoo

Noia

Merra

2020

Proceedings of the 13th International Conference on Web Search and Data Mining

View full text Add to dashboard Cite

Latent-factor models (LFM) based on collaborative filtering (CF), such as matrix factorization (MF) and deep CF methods, are widely used in modern recommender systems (RS) due to their excellent performance and recommendation accuracy. Notwithstanding their great success, in recent years, it has been shown that these methods are vulnerable to adversarial examples, i.e., subtle but non-random perturbations designed to force recommendation models to produce erroneous outputs. The main reason for this behavior is that user interaction data used for training of LFM can be contaminated by malicious activities or users' misoperation that can induce an unpredictable amount of natural noise and harm recommendation outcomes. On the other side, it has been shown that these systems, conceived originally to attack machine learning applications, can be successfully adopted to strengthen their robustness against attacks as well as to train more precise recommendation engines.In this respect, the goal of this survey is two-fold: (i) to present recent advances on AML-RS for the security of RS (i.e., attacking and defense recommendation models), (ii) to show another successful application of AML in generative adversarial networks (GANs), which use the core concept of learning in AML (i.e., the min-max game) for generative applications.In this survey, we provide an exhaustive literature review of 60 articles published in major RS and ML journals and conferences. This review serves as a reference for the RS community, working on the security of RS and recommendation models leveraging generative models to improve their quality.

show abstract

“…The main idea of adversarial learning is to simulate a minimax game with the generator attempting to imitate the genuine data distribution while the discriminator aiming to differentiate fake examples from the real data. A few pioneering works [20], [21], [36]- [41] have explored the adversarial learning in recommender systems. IRGAN [20] is the first influential IR model constructed based on GAN.…”

Section: B Adversarial Training In Recommender Systemsmentioning

confidence: 99%

“…He et al [40] adopted the thoughts of adversarial examples to recommender systems by adding perturbations to the latent factors of recommendation model, and using adversarial training to lower the risk of over-fitting. Then [41] further extended APR to multimedia recommendation, which also has been shown effective. Besides, [42], [43] investigated a new application of GAN by generating high-level augmented useritem interactions to improve collaborative filtering methods.…”

Section: B Adversarial Training In Recommender Systemsmentioning

confidence: 99%

Generating Reliable Friends via Adversarial Training to Improve Social Recommendation

Gao

Yin

et al. 2019

2019 IEEE International Conference on Data Mining (ICDM)

View full text Add to dashboard Cite

Most of the recent studies of social recommendation assume that people share similar preferences with their friends and the online social relations are helpful in improving traditional recommender systems. However, this assumption is often untenable as the online social networks are quite sparse and a majority of users only have a small number of friends. Besides, explicit friends may not share similar interests because of the randomness in the process of building social networks. Therefore, discovering a number of reliable friends for each user plays an important role in advancing social recommendation. Unlike other studies which focus on extracting valuable explicit social links, our work pays attention to identifying reliable friends in both the observed and unobserved social networks. Concretely, in this paper, we propose an end-to-end social recommendation framework based on Generative Adversarial Nets (GAN). The framework is composed of two blocks: a generator that is used to produce friends that can possibly enhance the social recommendation model, and a discriminator that is responsible for assessing these generated friends and ranking the items according to both the current user and her friends' preferences. With the competition between the generator and the discriminator, our framework can dynamically and adaptively generate reliable friends who can perfectly predict the current user' preference at a specific time. As a result, the sparsity and unreliability problems of explicit social relations can be mitigated and the social recommendation performance is significantly improved. Experimental studies on real-world datasets demonstrate the superiority of our framework and verify the positive effects of the generated reliable friends.

show abstract

Adversarial Training Towards Robust Multimedia Recommender System

Cited by 154 publications

References 41 publications

Graph Adversarial Training: Dynamically Regularizing Based on Graph Structure

Graph Adversarial Training: Dynamically Regularizing Based on Graph Structure

Adversarial Machine Learning in Recommender Systems (AML-RecSys)

Generating Reliable Friends via Adversarial Training to Improve Social Recommendation

Contact Info

Product

Resources

About