Forecasting Fails: Unveiling Evasion Attacks in Weather Prediction Models
This addresses security risks in operational weather forecasting systems, though it is incremental as it applies known adversarial attack concepts to a new domain.
This work tackles the vulnerability of AI weather forecasting models to adversarial attacks by introducing WAAPO, a framework that generates targeted perturbations that are both effective and stealthy, demonstrating that small perturbations can cause significant forecast deviations.
With the increasing reliance on AI models for weather forecasting, it is imperative to evaluate their vulnerability to adversarial perturbations. This work introduces Weather Adaptive Adversarial Perturbation Optimization (WAAPO), a novel framework for generating targeted adversarial perturbations that are both effective in manipulating forecasts and stealthy to avoid detection. WAAPO achieves this by incorporating constraints for channel sparsity, spatial localization, and smoothness, ensuring that perturbations remain physically realistic and imperceptible. Using the ERA5 dataset and FourCastNet (Pathak et al. 2022), we demonstrate WAAPO's ability to generate adversarial trajectories that align closely with predefined targets, even under constrained conditions. Our experiments highlight critical vulnerabilities in AI-driven forecasting models, where small perturbations to initial conditions can result in significant deviations in predicted weather patterns. These findings underscore the need for robust safeguards to protect against adversarial exploitation in operational forecasting systems.