Concealed Adversarial attacks on neural networks for sequential data
This work addresses the challenge of designing robust time series models for applications like finance and medicine, though it is incremental as it builds on existing adversarial attack methods.
The authors tackled the problem of adversarial attacks on neural networks for time series data being easily detectable, and developed a concealed adversarial attack that produces realistic perturbations hard to detect by humans or models, achieving superior concealability-efficiency trade-off across six UCR datasets and four architectures.
The emergence of deep learning led to the broad usage of neural networks in the time series domain for various applications, including finance and medicine. While powerful, these models are prone to adversarial attacks: a benign targeted perturbation of input data leads to significant changes in a classifier's output. However, formally small attacks in the time series domain become easily detected by the human eye or a simple detector model. We develop a concealed adversarial attack for different time-series models: it provides more realistic perturbations, being hard to detect by a human or model discriminator. To achieve this goal, the proposed adversarial attack maximizes an aggregation of a classifier and a trained discriminator loss. To make the attack stronger, we also propose a training procedure for a discriminator that provides broader coverage of possible attacks. Extensive benchmarking on six UCR time series datasets across four diverse architectures - including recurrent, convolutional, state-space, and transformer-based models - demonstrates the superiority of our attack for a concealability-efficiency trade-off. Our findings highlight the growing challenge of designing robust time series models, emphasizing the need for improved defenses against realistic and effective attacks.