As deep learning models have gradually become the main workhorse of time series forecasting, the potential vulnerability under adversarial attacks to forecasting and decision system accordingly has emerged as a main issue in recent years. Albeit such behaviors and defense mechanisms started to be investigated for the univariate time series forecasting, there are still few studies regarding the multivariate forecasting which is often preferred due to its capacity to encode correlations between different time series. In this work, we study and design adversarial attack on multivariate probabilistic forecasting models, taking into consideration attack budget constraints and the correlation architecture between multiple time series. Specifically, we investigate a sparse indirect attack that hurts the prediction of an item (time series) by only attacking the history of a small number of other items to save attacking cost. In order to combat these attacks, we also develop two defense strategies. First, we adopt randomized smoothing to multivariate time series scenario and verify its effectiveness via empirical experiments. Second, we leverage a sparse attacker to enable end-to-end adversarial training that delivers robust probabilistic forecasters. Extensive experiments on real dataset confirm that our attack schemes are powerful and our defend algorithms are more effective compared with other baseline defense mechanisms.
翻译:由于深层次学习模型逐渐成为时间序列预测的主要工作马,对抗性攻击对预测和决策系统的潜在脆弱性因此成为近年来的一个主要问题。尽管已开始对这种行为和防御机制进行单独时间序列预测调查,但对于多变量预测的研究仍然很少,而多变量预测往往因其能将不同时间序列之间的关联编码而偏好。在这项工作中,我们研究和设计对多变量概率预测模型的对抗性攻击,同时考虑到攻击预算限制和多个时间序列之间的关联结构。具体地说,我们调查了一种无线间接攻击,这种攻击伤害了对物品(时间序列)的预测,而只是攻击了少数其他物品的历史,以节省攻击费用。为了打击这些攻击,我们还制定了两种防御战略。首先,我们随机采用多变量时序假设,并通过实验来核实其有效性。第二,我们利用一个稀疏攻击者进行最终到终端的对抗性训练,以提供可靠的预测者。关于实际数据设置的广泛实验证实我们的攻击计划比其他基线更强大,并捍卫我们的攻击机制更为强大。