Collaborative filtering recommender systems (CFRSs) are known to be highly vulnerable to profile injection attacks, in which malicious users insert fake profiles into the rating database in order to bias the systems' output, since their openness, and attack detection is still a challenging problem in CFRSs. In order to provide more accurate recommendations, many schemas have been proposed to detect such shilling attacks. However, almost all of them are proposed to detect one or several specific attack types, and few of them can handle hybrid attack types, which usually happen in practice. With this problem in mind, we propose a novel L2, 1-norm regularized matrix completion incorporating prior information (LRMCPI) model to detect shilling attacks by combining matrix completion and L2, 1-norm. The proposed LRMCPI formalizes the attack detection problem as a missing value estimation problem, and it is appropriate because the user-item rating matrix is approximately low-rank and attack profiles could be considered as structural noise. The proposed LRMCPI model not only can better recover the rating matrix using correct rating value but also can detect the positions where the attackers are injected. We evaluate our model on three well-known data sets with different density and the experimental results show that our model outperforms baseline algorithms in both single and hybrid attack types.