Open Access

ARTICLE

Robust Recommendation Adversarial Training Based on Self-Purification Data Sanitization

Haiyan Long¹, Gang Chen^2,*, Hai Chen^3,*

1 School of Information Engineering, Liaodong University, Liaoning, 118003, China
2 School of Aerospace Engineering, Xiamen University, Xiamen, 361005, China
3 School of Computer Science and Technology, Anhui University, Hefei, 230039, China

* Corresponding Authors: Gang Chen. Email: ; Hai Chen. Email:

Computers, Materials & Continua 2026, 87(1), 31 https://doi.org/10.32604/cmc.2025.073243

Received 13 September 2025; Accepted 17 November 2025; Issue published 10 February 2026

Abstract

The performance of deep recommendation models degrades significantly under data poisoning attacks. While adversarial training methods such as Vulnerability-Aware Training (VAT) enhance robustness by injecting perturbations into embeddings, they remain limited by coarse-grained noise and a static defense strategy, leaving models susceptible to adaptive attacks. This study proposes a novel framework, Self-Purification Data Sanitization (SPD), which integrates vulnerability-aware adversarial training with dynamic label correction. Specifically, SPD first identifies high-risk users through a fragility scoring mechanism, then applies self-purification by replacing suspicious interactions with model-predicted high-confidence labels during training. This closed-loop process continuously sanitizes the training data and breaks the protection ceiling of conventional adversarial training. Experiments demonstrate that SPD significantly improves the robustness of both Matrix Factorization (MF) and LightGCN models against various poisoning attacks. We show that SPD effectively suppresses malicious gradient propagation and maintains recommendation accuracy. Evaluations on Gowalla and Yelp2018 confirm that SPD-trained models withstand multiple attack strategies—including Random, Bandwagon, DP, and Rev attacks—while preserving performance.

---

Keywords

---