Shilling and adversarial attacks are two main types of attacks against recommender systems (RSs). In modern RSs, existing defense methods are hindered by the following two challenges: (1) the diversity of RSs’ information sources beyond the interaction matrix, such as user comments, textual data, and visual information; and (2) most defense methods are robust only against specific types of adversarial attacks. Ensuring the robustness of RSs against new adversarial attacks across different data sources remains an open problem. To address this problem, we propose a novel method that unifies adversarial attack detection, purification, and fake user detection in RSs by utilizing a guided diffusion adversarial purification network and a self-adaptive training technique. Our approach aims to simultaneously handle both known and unknown adversarial attacks on RSs’ inputs and outputs. We conducted extensive experiments on three large-scale datasets to evaluate the effectiveness of the proposed method. The results confirm that our method can effectively eliminate adversarial perturbations on images and textual content within RSs, surpassing state-of-the-art methods by a significant margin. Moreover, it achieved the best results in three out of five evaluated shilling attack types. Finally, for attacks with realistic magnitudes, it can maintain baseline performance levels even when multiple attacks are applied simultaneously.

Keywords