Shilling Attacks on Recommender Systems

Summary

The post discusses shilling attacks on recommender systems, where attackers create fake profiles to manipulate collaborative‑filtering algorithms for promotion or sabotage. It explains various attack types—random, segmented, bandwagon, and average—and shows that user‑user filtering is especially vulnerable, needing only a few hundred bogus accounts. Detection methods using machine‑learning and pattern analysis, such as PCA, are explored, though attackers now employ sophisticated language models to evade defenses. The author, featuring insights from Walmart engineer Aditya Chichani, highlights the ongoing arms race between offensive and defensive research in this high‑stakes domain.