Submit

Login Login

Register Register

Home / Journals / CMC / Online First / doi:10.32604/cmc.2025.073243
Journal Menu
Special Issues
Table of Content

All issues

Online First

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Open Access

ARTICLE

Robust Recommendation Adversarial Training Based on Self-Purification Data Sanitization

Haiyan Long1, Gang Chen2,*, Hai Chen3,*
1 School of Information Engineering, Liaodong University, Liaoning, 118003, China
2 School of Aerospace Engineering, Xiamen University, Xiamen, 361005, China
3 School of Computer Science and Technology, Anhui University, Hefei, 230039, China
* Corresponding Author: Gang Chen. Email: email; Hai Chen. Email: email

Computers, Materials & Continua https://doi.org/10.32604/cmc.2025.073243

Received 13 September 2025; Accepted 17 November 2025; Published online 12 December 2025

Abstract

The performance of deep recommendation models degrades significantly under data poisoning attacks. While adversarial training methods such as Vulnerability-Aware Training (VAT) enhance robustness by injecting perturbations into embeddings, they remain limited by coarse-grained noise and a static defense strategy, leaving models susceptible to adaptive attacks. This study proposes a novel framework, Self-Purification Data Sanitization (SPD), which integrates vulnerability-aware adversarial training with dynamic label correction. Specifically, SPD first identifies high-risk users through a fragility scoring mechanism, then applies self-purification by replacing suspicious interactions with model-predicted high-confidence labels during training. This closed-loop process continuously sanitizes the training data and breaks the protection ceiling of conventional adversarial training. Experiments demonstrate that SPD significantly improves the robustness of both Matrix Factorization (MF) and LightGCN models against various poisoning attacks. We show that SPD effectively suppresses malicious gradient propagation and maintains recommendation accuracy. Evaluations on Gowalla and Yelp2018 confirm that SPD-trained models withstand multiple attack strategies—including Random, Bandwagon, DP, and Rev attacks—while preserving performance.

Keywords

Robustness; adversarial defense; recommendation system; poisoning attack; self-purification

  • 72

    View

  • 17

    Download

  • 0

    Like

Related articles
Copyright© 2025 Tech Science Press
© 1997-2025 TSP (Henderson, USA) unless otherwise stated

Share Link