Model-Agnostic Poisoning Attacks on Recommender Systems via PPO

Abstract

Recommender systems have become pivotal in modern digital platforms, guiding user choices and driving engagement. However, their widespread adoption has also made them a prime target for adversarial attacks, especially data poisoning attacks that subtly manipulate recommendations. Existing approaches often generate unrealistic fake profiles, making them vulnerable to detection by anomaly-based defenses. In this paper, we propose a novel, model-Agnostic poisoning framework that combines contrastive learning and reinforcement learning with Proximal Policy Optimization (PPO) to craft highly realistic fake profiles derived from cross-domain user data. By interacting exclusively with a surrogate recommender trained on a compatible domain, our framework identifies and fine-Tunes influential user profiles to maximize the impact on a black-box target system. Our experimental evaluation on real-world datasets shows that our approach successfully promotes target items across diverse recommendation models with minimal injection effort, outperforming baseline strategies.