A large language model-based detection method for poisoning attacks in recommender systems
摘要
Recommender systems are vulnerable to poisoning attacks due to their open nature, allowing attackers to inject malicious user profiles to deliberately manipulate recommendation results. Existing detection methods mainly focus on rating behaviors while neglecting key semantic information such as item labels, making them ineffective in handling complex or highly camouflaged attacks. To address the limitations of existing detection methods, which overly rely on ratings and insufficiently exploit the semantic association information contained in item labels, we employ a pretrained large language model to encode label semantics and fuse rating information with label semantic information to jointly identify malicious users, thereby proposing PAD-LLM, a poisoning attack detection method based on large language model-based label semantic encoding. First, we adopt a Text-to-Text Transfer Transformer model to semantically encode label text sequences and fuse them with rating behaviors to construct a user-item-label three-dimensional tensor representation, thereby enabling unified modeling of multi-source heterogeneous data. On this basis, we design a local–global joint feature extraction framework, in which three-dimensional depthwise separable convolution and multi-head Performer are used to jointly model local interaction patterns and global dependency structures, while a gated residual mechanism is introduced to achieve dynamic fusion. Furthermore, we incorporate contrastive learning to enhance the inter-class separability of latent representations, thereby improving the identification capability for malicious user profiles. We conduct comparative experiments on the MovieLens-1 M and Amazon datasets. The results demonstrate that PAD-LLM achieves better detection performance than baseline methods under multiple poisoning attack settings.