Abstract
Real-world deep learning models developed for Time Series Forecasting are used in several critical applications ranging from medical devices to the security domain. Many previous works have shown how deep learning models are prone to adversarial attacks and studied their vulnerabilities. However, the vulnerabilities of time series models for forecasting due to adversarial inputs are not extensively explored. While the attack on a forecasting model might aim to deteriorate the performance of the model, it is more effective, if the attack is focused on a specific impact on the model's output. In this paper, we propose a novel formulation of Directional, Amplitudinal, and Temporal targeted adversarial attacks on time series forecasting models. These targeted attacks create a specific impact on the amplitude and direction of the output prediction. We use the existing adversarial attack techniques from the computer vision domain and adapt them for time series. Additionally, we propose a modified version of the Auto Projected Gradient Descent attack for targeted attacks. We examine the impact of the proposed targeted attacks versus untargeted attacks. We use KS-Tests to statistically demonstrate the impact of the attack. Our experimental results show how targeted attacks on time series models are viable and are more powerful in terms of statistical similarity. It is, hence difficult to detect through statistical methods. We believe that this work opens a new paradigm in the time series forecasting domain and represents an important consideration for developing better defenses.
Abstract (translated)
为时间序列预测开发的现实世界深度学习模型被广泛用于多个关键应用,包括医疗设备到安全领域的应用。许多先前的工作已经表明,深度学习模型容易受到对抗攻击,并研究它们的脆弱性。然而,由于对抗输入的影响可能会导致时间序列模型的预测脆弱性未被广泛探索。虽然攻击可能对预测模型旨在恶化其性能,但攻击若集中在对模型输出的具体影响上则更有效。在本文中,我们提出了针对时间序列预测模型的directional、amplitudinal和Temporal定向攻击的新 formulation。这些定向攻击对输出预测的音量和方向产生特定影响。我们使用计算机视觉领域的现有对抗攻击技术,并将其适用于时间序列。此外,我们提出了针对定向攻击的Auto Projected Gradient Descent攻击的修改版。我们比较了 proposed 针对定向攻击和未针对攻击的影响。我们使用KS测试统计证明了攻击的影响。我们的实验结果显示,针对时间序列模型的定向攻击是可行的,在统计相似性方面更为强大。因此,通过统计方法难以检测。我们相信,这项工作开创了时间序列预测领域的新范式,并代表了开发更好的防御措施的重要考虑。
URL
https://arxiv.org/abs/2301.11544