Privacy Risks in Time Series Forecasting: User- and Record-Level Membership Inference

• URL: http://arxiv.org/abs/2509.04169v1
• Date: Thu, 04 Sep 2025 12:43:45 GMT
• Title: Privacy Risks in Time Series Forecasting: User- and Record-Level Membership Inference
• Authors: Nicolas Johansson, Tobias Olsson, Daniel Nilsson, Johan Östman, Fazeleh Hoseini,
• Abstract summary: We introduce two new membership inference attacks for time series forecasting.<n>We benchmark these methods against adapted versions of other leading attacks from the classification setting.<n>Our results show that forecasting models are vulnerable, with user-level attacks often achieving perfect detection.
• Score: 2.5510639595356595
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Membership inference attacks (MIAs) aim to determine whether specific data were used to train a model. While extensively studied on classification models, their impact on time series forecasting remains largely unexplored. We address this gap by introducing two new attacks: (i) an adaptation of multivariate LiRA, a state-of-the-art MIA originally developed for classification models, to the time-series forecasting setting, and (ii) a novel end-to-end learning approach called Deep Time Series (DTS) attack. We benchmark these methods against adapted versions of other leading attacks from the classification setting. We evaluate all attacks in realistic settings on the TUH-EEG and ELD datasets, targeting two strong forecasting architectures, LSTM and the state-of-the-art N-HiTS, under both record- and user-level threat models. Our results show that forecasting models are vulnerable, with user-level attacks often achieving perfect detection. The proposed methods achieve the strongest performance in several settings, establishing new baselines for privacy risk assessment in time series forecasting. Furthermore, vulnerability increases with longer prediction horizons and smaller training populations, echoing trends observed in large language models.

Related papers

• Amortized Predictability-aware Training Framework for Time Series Forecasting and Classification [10.816479922364097]
  We propose a general Amortized Predictability-aware Training Framework (APTF) for both time series forecasting (TSF) and time series classification (TSC)<n>APTF introduces two key designs that enable the model to focus on high-predictability samples while still learning appropriately from low-predictability ones.
  arXiv  Detail & Related papers  (2026-02-18T06:59:05Z)
• Targeted Manipulation: Slope-Based Attacks on Financial Time-Series Data [0.0]
  This paper introduces two new slope-based methods aimed to alter the trends of the predicted stock forecast generated by an N-HiTS model.<n>Compared to the normal N-HiTS predictions, the two new methods can manipulate N-HiTS predictions by doubling the slope.<n>These new slope attacks can bypass standard security mechanisms, such as a discriminator that filters real and perturbed inputs.
  arXiv  Detail & Related papers  (2025-11-24T17:26:20Z)
• A Unified Frequency Domain Decomposition Framework for Interpretable and Robust Time Series Forecasting [81.73338008264115]
  Current approaches for time series forecasting, whether in the time or frequency domain, predominantly use deep learning models based on linear layers or transformers.<n>We propose FIRE, a unified frequency domain decomposition framework that provides a mathematical abstraction for diverse types of time series.<n>Fire consistently outperforms state-of-the-art models on long-term forecasting benchmarks.
  arXiv  Detail & Related papers  (2025-10-11T09:59:25Z)
• Accuracy Law for the Future of Deep Time Series Forecasting [65.46625911002202]
  Time series forecasting inherently faces a non-zero error lower bound due to its partially observable and uncertain nature.<n>This paper focuses on a fundamental question: how to estimate the performance upper bound of deep time series forecasting.<n>Based on rigorous statistical tests of over 2,800 newly trained deep forecasters, we discover a significant exponential relationship between the minimum forecasting error of deep models and the complexity of window-wise series patterns.
  arXiv  Detail & Related papers  (2025-10-03T05:18:47Z)
• ChronosX: Adapting Pretrained Time Series Models with Exogenous Variables [30.679739751673655]
  This paper introduces a new method to incorporate covariates into pretrained time series forecasting models.<n>Our proposed approach incorporates covariate information into pretrained forecasting models through modular blocks.<n>In evaluations on both synthetic and real datasets, our approach effectively incorporates covariate information into pretrained models, outperforming existing baselines.
  arXiv  Detail & Related papers  (2025-03-15T12:34:19Z)
• A hierarchical approach for assessing the vulnerability of tree-based classification models to membership inference attack [0.552480439325792]
  Machine learning models can inadvertently expose confidential properties of their training data, making them vulnerable to membership inference attacks (MIA)<n>This article presents two new complementary approaches for efficiently identifying vulnerable tree-based models.
  arXiv  Detail & Related papers  (2025-02-13T15:16:53Z)
• ReAugment: Model Zoo-Guided RL for Few-Shot Time Series Augmentation and Forecasting [74.00765474305288]
  We present a pilot study on using reinforcement learning (RL) for time series data augmentation.<n>Our method, ReAugment, tackles three critical questions: which parts of the training set should be augmented, how the augmentation should be performed, and what advantages RL brings to the process.
  arXiv  Detail & Related papers  (2024-09-10T07:34:19Z)
• Privacy Backdoors: Enhancing Membership Inference through Poisoning Pre-trained Models [112.48136829374741]
  In this paper, we unveil a new vulnerability: the privacy backdoor attack. When a victim fine-tunes a backdoored model, their training data will be leaked at a significantly higher rate than if they had fine-tuned a typical model. Our findings highlight a critical privacy concern within the machine learning community and call for a reevaluation of safety protocols in the use of open-source pre-trained models.
  arXiv  Detail & Related papers  (2024-04-01T16:50:54Z)
• Predictive Churn with the Set of Good Models [61.00058053669447]
  This paper explores connections between two seemingly unrelated concepts of predictive inconsistency.<n>The first, known as predictive multiplicity, occurs when models that perform similarly produce conflicting predictions for individual samples.<n>The second concept, predictive churn, examines the differences in individual predictions before and after model updates.
  arXiv  Detail & Related papers  (2024-02-12T16:15:25Z)
• Learn from the Past: A Proxy Guided Adversarial Defense Framework with Self Distillation Regularization [53.04697800214848]
  Adversarial Training (AT) is pivotal in fortifying the robustness of deep learning models. AT methods, relying on direct iterative updates for target model's defense, frequently encounter obstacles such as unstable training and catastrophic overfitting. We present a general proxy guided defense framework, LAST' (bf Learn from the Pbf ast)
  arXiv  Detail & Related papers  (2023-10-19T13:13:41Z)
• TWINS: A Fine-Tuning Framework for Improved Transferability of Adversarial Robustness and Generalization [89.54947228958494]
  This paper focuses on the fine-tuning of an adversarially pre-trained model in various classification tasks. We propose a novel statistics-based approach, Two-WIng NormliSation (TWINS) fine-tuning framework. TWINS is shown to be effective on a wide range of image classification datasets in terms of both generalization and robustness.
  arXiv  Detail & Related papers  (2023-03-20T14:12:55Z)
• Targeted Attacks on Timeseries Forecasting [0.6719751155411076]
  We propose a novel formulation of Directional, Amplitudinal, and Temporal targeted adversarial attacks on time series forecasting models. These targeted attacks create a specific impact on the amplitude and direction of the output prediction. Our experimental results show how targeted attacks on time series models are viable and are more powerful in terms of statistical similarity.
  arXiv  Detail & Related papers  (2023-01-27T06:09:42Z)
• Robust Multivariate Time-Series Forecasting: Adversarial Attacks and Defense Mechanisms [17.75675910162935]
  A new attack pattern negatively impacts the forecasting of a target time series. We develop two defense strategies to mitigate the impact of such attack. Experiments on real-world datasets confirm that our attack schemes are powerful.
  arXiv  Detail & Related papers  (2022-07-19T22:00:41Z)
• Adversarial Attack and Defense of Structured Prediction Models [58.49290114755019]
  In this paper, we investigate attacks and defenses for structured prediction tasks in NLP. The structured output of structured prediction models is sensitive to small perturbations in the input. We propose a novel and unified framework that learns to attack a structured prediction model using a sequence-to-sequence model.
  arXiv  Detail & Related papers  (2020-10-04T15:54:03Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.