Adversarial Framework with Certified Robustness for Time-Series Domain via Statistical Features
This addresses a critical gap in adversarial robustness for time-series applications like mobile health, offering a novel approach with certified guarantees, though it is incremental in focusing on a specific domain.
The paper tackles the problem of adversarial robustness for deep neural networks on time-series data by proposing TSA-STAT, a framework that uses statistical features to construct adversarial examples, achieving improved attack effectiveness and providing certified robustness bounds.
Time-series data arises in many real-world applications (e.g., mobile health) and deep neural networks (DNNs) have shown great success in solving them. Despite their success, little is known about their robustness to adversarial attacks. In this paper, we propose a novel adversarial framework referred to as Time-Series Attacks via STATistical Features (TSA-STAT)}. To address the unique challenges of time-series domain, TSA-STAT employs constraints on statistical features of the time-series data to construct adversarial examples. Optimized polynomial transformations are used to create attacks that are more effective (in terms of successfully fooling DNNs) than those based on additive perturbations. We also provide certified bounds on the norm of the statistical features for constructing adversarial examples. Our experiments on diverse real-world benchmark datasets show the effectiveness of TSA-STAT in fooling DNNs for time-series domain and in improving their robustness. The source code of TSA-STAT algorithms is available at https://github.com/tahabelkhouja/Time-Series-Attacks-via-STATistical-Features