Existing poisoning attacks for sequential recommendation overly prioritize elevating target-item rankings, degrading users’ authentic preferences, yielding high sequence redundancy, poor realism, and neglecting sequential dependencies among items. Method: We propose a stealthy, diversity-aware bi-objective poisoning attack. First, we formally characterize the intrinsic conflict between recommendation objectives and attack goals, introducing a “dual-promotion” optimization framework. Second, we integrate diversity regularization and an autoregressive re-ranking mechanism to jointly model cross-item sequential dependencies while preserving sequence authenticity. Contribution/Results: Theoretical analysis and experiments demonstrate that our method significantly improves attack effectiveness—increasing target-item click-through rate by 2.1×—while substantially mitigating recommendation accuracy degradation (reducing accuracy loss by 37%). It overcomes the homogeneity bottleneck inherent in conventional poisoning approaches, achieving superior stealth and sequence fidelity.

Sequential recommender systems (SRSs) excel in capturing users' dynamic interests, thus playing a key role in various industrial applications. The popularity of SRSs has also driven emerging research on their security aspects, where data poisoning attack for targeted item promotion is a typical example. Existing attack mechanisms primarily focus on increasing the ranks of target items in the recommendation list by injecting carefully crafted interactions (i.e., poisoning sequences), which comes at the cost of demoting users' real preferences. Consequently, noticeable recommendation accuracy drops are observed, restricting the stealthiness of the attack. Additionally, the generated poisoning sequences are prone to substantial repetition of target items, which is a result of the unitary objective of boosting their overall exposure and lack of effective diversity regularizations. Such homogeneity not only compromises the authenticity of these sequences, but also limits the attack effectiveness, as it ignores the opportunity to establish sequential dependencies between the target and many more items in the SRS. To address the issues outlined, we propose a Diversity-aware Dual-promotion Sequential Poisoning attack method named DDSP for SRSs. Specifically, by theoretically revealing the conflict between recommendation and existing attack objectives, we design a revamped attack objective that promotes the target item while maintaining the relevance of preferred items in a user's ranking list. We further develop a diversity-aware, auto-regressive poisoning sequence generator, where a re-ranking method is in place to sequentially pick the optimal items by integrating diversity constraints.