Time series adversarial attacks: an investigation of smooth perturbations and defense approaches
Metadatos
Mostrar el registro completo del ítemEditorial
Springer Nature
Materia
Time series Adversarial attack Smooth perturbations InceptionTime BIM
Fecha
2023-10-24Referencia bibliográfica
Pialla, G., Ismail Fawaz, H., Devanne, M. et al. Time series adversarial attacks: an investigation of smooth perturbations and defense approaches. Int J Data Sci Anal (2023). [https://doi.org/10.1007/s41060-023-00438-0]
Patrocinador
Open Access funding enabled and organized by CAUL and its Member Institutions; ArtIC project “Artificial Intelligence for Care” (Grant ANR-20-THIA-0006-01); Co-funded by Région Grand Est, Inria Nancy - Grand Est, IHU of Strasbourg, University of Strasbourg and the University of Haute-AlsaceResumen
Adversarial attacks represent a threat to every deep neural network. They are particularly effective if they can perturb a given
model while remaining undetectable. They have been initially introduced for image classifiers, and are well studied for this
task. For time series, few attacks have yet been proposed. Most that have are adaptations of attacks previously proposed
for image classifiers. Although these attacks are effective, they generate perturbations containing clearly discernible patterns
such as sawtooth and spikes. Adversarial patterns are not perceptible on images, but the attacks proposed to date are readily
perceptible in the case of time series. In order to generate stealthier adversarial attacks for time series, we propose a new
attack that produces smoother perturbations. We introduced a function to measure the smoothness for time series. Using it,
we find that smooth perturbations are harder to detect both visually, by the naked eye and by deep learning models. We also
show two ways of protection against adversarial attacks: the first one by detecting the attacks using a deep model; the second
one by using adversarial training to improve the robustness of a model against a specific attack, thus making it less vulnerable.