2026.03.05

Stealthy Attacks in Large Language Model-Based Cross-Domain Recommender Systems with Retrieval Augmented Generation

This study proposes realistic attacks on a graph-based Retrieval-Augmented Generation (RAG) system used in large language model (LLM)-based cross-domain recommender systems. In this setting, the retriever collects related information from a shared graph that connects users, items, and text across different domains. Although attackers do not have internal system access, they can interact through normal user interfaces, such as posting ratings or reviews. This work explored how seemingly harmless interactions can gradually influence what information the system retrieves. Two complementary techniques are considered. First, a cross-domain textual attack subtly edits the text of a target item so it resembles popular items in another domain. Second, a cross-domain graph connectivity attack introduces fake users who link the target item with well-known items across domains. Rather than focusing on final ranking outcomes, this work examines how these small manipulations shift learned item representations inside the graph model and quietly bias retrieval behavior while maintaining normal overall performance.

派遣先滞在期間

Date of Departure: 2025/11/08
Date of Return: 2026/01/23

国、都市等

The United Kingdom, Birmingham

機関名、受入先、会議名等

Asst. Prof. Panagiotis Andriotis, Ph.D.
School of Computer Science, the University of Birmingham

‍派遣中に学んだことや得られたもの

During my visit, I experienced both academic growth and cultural exchange. Arriving during the university’s 125th anniversary and the Christmas season, I felt warmly welcomed by the vibrant campus atmosphere. Academically, I participated in research discussions, attended a helpful viva preparation session, and made steady progress toward my Ph.D. Engaging in social activities and interacting with faculty members broadened my perspective and helped me smoothly adapt to the UK research environment.