BACKTIME: Backdoor Attacks on Multivariate Time Series Forecasting

• URL: http://arxiv.org/abs/2410.02195v1
• Date: Thu, 3 Oct 2024 04:16:49 GMT
• Title: BACKTIME: Backdoor Attacks on Multivariate Time Series Forecasting
• Authors: Xiao Lin, Zhining Liu, Dongqi Fu, Ruizhong Qiu, Hanghang Tong,
• Abstract summary: We propose an effective attack method named BackTime. By subtly injecting a few stealthy triggers into the MTS data, BackTime can alter the predictions of the forecasting model according to the attacker's intent. BackTime first identifies vulnerable timestamps in the data for poisoning, and then adaptively synthesizes stealthy and effective triggers.
• Score: 43.43987251457314
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Multivariate Time Series (MTS) forecasting is a fundamental task with numerous real-world applications, such as transportation, climate, and epidemiology. While a myriad of powerful deep learning models have been developed for this task, few works have explored the robustness of MTS forecasting models to malicious attacks, which is crucial for their trustworthy employment in high-stake scenarios. To address this gap, we dive deep into the backdoor attacks on MTS forecasting models and propose an effective attack method named BackTime.By subtly injecting a few stealthy triggers into the MTS data, BackTime can alter the predictions of the forecasting model according to the attacker's intent. Specifically, BackTime first identifies vulnerable timestamps in the data for poisoning, and then adaptively synthesizes stealthy and effective triggers by solving a bi-level optimization problem with a GNN-based trigger generator. Extensive experiments across multiple datasets and state-of-the-art MTS forecasting models demonstrate the effectiveness, versatility, and stealthiness of \method{} attacks. The code is available at \url{https://github.com/xiaolin-cs/BackTime}.

Related papers

• R-TPT: Improving Adversarial Robustness of Vision-Language Models through Test-Time Prompt Tuning [97.49610356913874]
  We propose a robust test-time prompt tuning (R-TPT) for vision-language models (VLMs) R-TPT mitigates the impact of adversarial attacks during the inference stage. We introduce a plug-and-play reliability-based weighted ensembling strategy to strengthen the defense.
  arXiv  Detail & Related papers  (2025-04-15T13:49:31Z)
• Revisiting Backdoor Attacks on Time Series Classification in the Frequency Domain [13.76843963426352]
  Time series classification (TSC) is a cornerstone of modern web applications. Deep neural networks (DNNs) have greatly enhanced the performance of TSC models in critical domains.
  arXiv  Detail & Related papers  (2025-03-12T18:05:32Z)
• Learning in Multiple Spaces: Few-Shot Network Attack Detection with Metric-Fused Prototypical Networks [47.18575262588692]
  We propose a novel Multi-Space Prototypical Learning framework tailored for few-shot attack detection. By leveraging Polyak-averaged prototype generation, the framework stabilizes the learning process and effectively adapts to rare and zero-day attacks. Experimental results on benchmark datasets demonstrate that MSPL outperforms traditional approaches in detecting low-profile and novel attack types.
  arXiv  Detail & Related papers  (2024-12-28T00:09:46Z)
• Adversarial Vulnerabilities in Large Language Models for Time Series Forecasting [14.579802892916101]
  Large Language Models (LLMs) have recently demonstrated significant potential in time series forecasting. However, their robustness and reliability in real-world applications remain under-explored. We introduce a targeted adversarial attack framework for LLM-based time series forecasting.
  arXiv  Detail & Related papers  (2024-12-11T04:53:15Z)
• Long-Tailed Backdoor Attack Using Dynamic Data Augmentation Operations [50.1394620328318]
  Existing backdoor attacks mainly focus on balanced datasets. We propose an effective backdoor attack named Dynamic Data Augmentation Operation (D$2$AO) Our method can achieve the state-of-the-art attack performance while preserving the clean accuracy.
  arXiv  Detail & Related papers  (2024-10-16T18:44:22Z)
• Learning to Learn Transferable Generative Attack for Person Re-Identification [17.26567195924685]
  Existing attacks merely consider cross-dataset and cross-model transferability, ignoring the cross-test capability to perturb models trained in different domains. To powerfully examine the robustness of real-world re-id models, the Meta Transferable Generative Attack (MTGA) method is proposed. Our MTGA outperforms the SOTA methods by 21.5% and 11.3% on mean mAP drop rate, respectively.
  arXiv  Detail & Related papers  (2024-09-06T11:57:17Z)
• PeFAD: A Parameter-Efficient Federated Framework for Time Series Anomaly Detection [51.20479454379662]
  We propose a. Federated Anomaly Detection framework named PeFAD with the increasing privacy concerns. We conduct extensive evaluations on four real datasets, where PeFAD outperforms existing state-of-the-art baselines by up to 28.74%.
  arXiv  Detail & Related papers  (2024-06-04T13:51:08Z)
• Timer: Generative Pre-trained Transformers Are Large Time Series Models [83.03091523806668]
  This paper aims at the early development of large time series models (LTSM) During pre-training, we curate large-scale datasets with up to 1 billion time points. To meet diverse application needs, we convert forecasting, imputation, and anomaly detection of time series into a unified generative task.
  arXiv  Detail & Related papers  (2024-02-04T06:55:55Z)
• FreqFed: A Frequency Analysis-Based Approach for Mitigating Poisoning Attacks in Federated Learning [98.43475653490219]
  Federated learning (FL) is susceptible to poisoning attacks. FreqFed is a novel aggregation mechanism that transforms the model updates into the frequency domain. We demonstrate that FreqFed can mitigate poisoning attacks effectively with a negligible impact on the utility of the aggregated model.
  arXiv  Detail & Related papers  (2023-12-07T16:56:24Z)
• Targeted Attacks on Timeseries Forecasting [0.6719751155411076]
  We propose a novel formulation of Directional, Amplitudinal, and Temporal targeted adversarial attacks on time series forecasting models. These targeted attacks create a specific impact on the amplitude and direction of the output prediction. Our experimental results show how targeted attacks on time series models are viable and are more powerful in terms of statistical similarity.
  arXiv  Detail & Related papers  (2023-01-27T06:09:42Z)
• Ti-MAE: Self-Supervised Masked Time Series Autoencoders [16.98069693152999]
  We propose a novel framework named Ti-MAE, in which the input time series are assumed to follow an integrate distribution. Ti-MAE randomly masks out embedded time series data and learns an autoencoder to reconstruct them at the point-level. Experiments on several public real-world datasets demonstrate that our framework of masked autoencoding could learn strong representations directly from the raw data.
  arXiv  Detail & Related papers  (2023-01-21T03:20:23Z)
• Backdoor Attacks on Time Series: A Generative Approach [33.51299834575577]
  We present a novel generative approach for time series backdoor attacks against deep learning based time series classifiers. Backdoor attacks have two main goals: high stealthiness and high attack success rate. We show that our proposed attack is resistant to potential backdoor defenses.
  arXiv  Detail & Related papers  (2022-11-15T06:00:28Z)
• Adversarial Examples in Deep Learning for Multivariate Time Series Regression [0.0]
  This work explores the vulnerability of deep learning (DL) regression models to adversarial time series examples. We craft adversarial time series examples for CNN, Long Short-Term Memory (LSTM), and Gated Recurrent Unit (GRU) The obtained results show that all the evaluated DL regression models are vulnerable to adversarial attacks, transferable, and thus can lead to catastrophic consequences.
  arXiv  Detail & Related papers  (2020-09-24T19:09:37Z)
• Clinical Risk Prediction with Temporal Probabilistic Asymmetric Multi-Task Learning [80.66108902283388]
  Multi-task learning methods should be used with caution for safety-critical applications, such as clinical risk prediction. Existing asymmetric multi-task learning methods tackle this negative transfer problem by performing knowledge transfer from tasks with low loss to tasks with high loss. We propose a novel temporal asymmetric multi-task learning model that performs knowledge transfer from certain tasks/timesteps to relevant uncertain tasks, based on feature-level uncertainty.
  arXiv  Detail & Related papers  (2020-06-23T06:01:36Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.