Robust Multivariate Time-Series Forecasting: Adversarial Attacks and Defense Mechanisms
This work addresses security vulnerabilities in time-series forecasting for applications like finance or IoT, but it is incremental as it builds on existing defense techniques.
The paper tackles adversarial attacks on multivariate probabilistic forecasting models by introducing a new attack pattern that uses sparse modifications to past observations of other time series to harm target forecasts, and it develops two defense strategies—extending randomized smoothing and adversarial training—that show improved effectiveness in experiments on real-world datasets.
This work studies the threats of adversarial attack on multivariate probabilistic forecasting models and viable defense mechanisms. Our studies discover a new attack pattern that negatively impact the forecasting of a target time series via making strategic, sparse (imperceptible) modifications to the past observations of a small number of other time series. To mitigate the impact of such attack, we have developed two defense strategies. First, we extend a previously developed randomized smoothing technique in classification to multivariate forecasting scenarios. Second, we develop an adversarial training algorithm that learns to create adversarial examples and at the same time optimizes the forecasting model to improve its robustness against such adversarial simulation. Extensive experiments on real-world datasets confirm that our attack schemes are powerful and our defense algorithms are more effective compared with baseline defense mechanisms.