Adversarial Attacks on Time Series

Time series classification models have been garnering significant importance in the research community. However, not much research has been done on generating adversarial samples for these models. These adversarial samples can become a security concern. In this paper, we propose utilizing an adversarial transformation network (ATN) on a distilled model to attack various time series classification models. The proposed attack on the classification model utilizes a distilled model as a surrogate that mimics the behavior of the attacked classical time series classification models. Our proposed methodology is applied onto 1-nearest neighbor dynamic time warping (1-NN DTW) and a fully convolutional network (FCN), all of which are trained on 42 University of California Riverside (UCR) datasets. In this paper, we show both models were susceptible to attacks on all 42 datasets. When compared to Fast Gradient Sign Method, the proposed attack generates a larger faction of successful adversarial black-box attacks. A simple defense mechanism is successfully devised to reduce the fraction of successful adversarial samples. Finally, we recommend future researchers that develop time series classification models to incorporating adversarial data samples into their training data sets to improve resilience on adversarial samples.

Automated summary

This paper proposes a method to attack time series classification models using adversarial samples, demonstrating attacks on 42 datasets. The proposed attack generates a larger fraction of successful adversarial black-box attacks compared to the Fast Gradient Sign Method, and a simple defense mechanism is successfully devised to reduce the success rate of adversarial samples. Future researchers are recommended to incorporate adversarial data samples into their training datasets to enhance resilience against adversarial samples.