Penalized GANs with latent perturbation for robust shilling attack generation in recommender systems

Shilling attacks pose a significant threat to the integrity and reliability of recommender systems by injecting fake user profiles to promote or demote targeted items. Existing generative approaches often suffer from unstable training dynamics and limited realism in the synthesized profiles. In this...

Full description

Saved in:
Bibliographic Details
Published inDiscover Computing Vol. 28; no. 1; pp. 176 - 24
Main Authors Nawara, Dina, Kashef, Rasha
Format Journal Article
LanguageEnglish
Published Dordrecht Springer Netherlands 01.12.2025
Springer Nature B.V
Springer
Subjects
Collaboration
Computer Science
Data Mining and Knowledge Discovery
Data Structures and Information Theory
Datasets
GAN
GCN
Generative adversarial networks
Gradient penalty
Heuristic
Information Storage and Retrieval
Knowledge
Natural Language Processing (NLP)
Pattern Recognition
Perturbation
Perturbations
Ratings & rankings
Recommender systems
Shilling attacks
System reliability
User behavior
User profiles
GCN
Perturbations
GAN
Shilling attacks
Recommender systems
Gradient penalty
Online AccessGet full text

Cover

More Information
Summary:Shilling attacks pose a significant threat to the integrity and reliability of recommender systems by injecting fake user profiles to promote or demote targeted items. Existing generative approaches often suffer from unstable training dynamics and limited realism in the synthesized profiles. In this paper, we propose PGAN, a novel Penalized Generative Adversarial Network enhanced with latent space perturbations to generate high-quality, diverse, and undetectable shilling attack profiles. PGAN incorporates a gradient penalty to stabilize discriminator training and applies controlled noise perturbations in the generator’s latent space to improve robustness and attack diversity. We evaluate PGAN on real-world datasets and demonstrate that it consistently outperforms traditional statistical attacks and baseline GAN-based models across multiple evaluation metrics, including Hit Ratio@K, Prediction Shift, and attack success rate. Experimental results also confirm the realism of the generated profiles through similarity analysis with genuine users. Our proposed model outperforms traditional and state-of-the-art methods, achieving HR@10 scores of 0.2051 and 0.2076 on the MovieLens and Amazon datasets, respectively.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:2948-2992
1386-4564
2948-2984
2948-2992
1573-7659
DOI:10.1007/s10791-025-09702-2