Summary of Stealthy Attack on Large Language Model Based Recommendation, by Jinghao Zhang et al.
Stealthy Attack on Large Language Model based Recommendation
by Jinghao Zhang, Yuting Liu, Qiang Liu, Shu Wu, Guibing Guo, Liang Wang
First submitted to arxiv on: 18 Feb 2024
Categories
- Main: Computation and Language (cs.CL)
- Secondary: Artificial Intelligence (cs.AI); Information Retrieval (cs.IR)
GrooveSquid.com Paper Summaries
GrooveSquid.com’s goal is to make artificial intelligence research accessible by summarizing AI papers in simpler terms. Each summary below covers the same AI paper, written at different levels of difficulty. The medium difficulty and low difficulty versions are original summaries written by GrooveSquid.com, while the high difficulty version is the paper’s original abstract. Feel free to learn from the version that suits you best!
| Summary difficulty | Written by | Summary |
|---|---|---|
| High | Paper authors | High Difficulty Summary Read the original abstract here |
| Medium | GrooveSquid.com (original content) | Medium Difficulty Summary The paper reveals that large language models (LLMs) used in recommender systems (RS) introduce new security vulnerabilities due to their reliance on item textual content. Researchers demonstrate an attack method that boosts an item’s exposure by altering its text during the testing phase, without affecting the model’s training process. The attack is stealthy and difficult to detect, as it doesn’t significantly impact recommendation performance or modify the text in a noticeable way. Comprehensive experiments across four LLM-based RS models show the effectiveness of this approach. The paper highlights a significant security gap in LLM-based RS and paves the way for future research on protecting these systems. |
| Low | GrooveSquid.com (original content) | Low Difficulty Summary The paper is about finding a new kind of problem in computer programs that help suggest things you might like, called recommender systems. These programs use big language models to decide what to recommend. The researchers found out that if someone changes the words used to describe an item during testing time, they can make people see it more often without actually changing how the program was trained. This is a sneaky attack because it doesn’t hurt the overall performance of the program and the changed words are hard to notice. The paper shows that this works across different types of programs and reveals a security gap in these systems. |
