Smooth perturbations for time series adversarial attacks

Gautier Pialla, Hassan Ismail Fawaz, Maxime Devanne, Jonathan Weber, Lhassane Idoumghar, Pierre-Alain Muller, Christoph Bergmeir, Daniel Schmidt, Geoffrey Webb, Germain Forestier

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

11 Citations (Scopus)

Abstract

Adversarial attacks represent a threat to every deep neural network. They are particularly effective if they can perturb a given model while remaining undetectable. They have been initially introduced for image classifiers, and are well studied for this task. For time series, few attacks have yet been proposed. Most that have are adaptations of attacks previously proposed for image classifiers. Although these attacks are effective, they generate perturbations containing clearly discernible patterns such as sawtooth and spikes. Adversarial patterns are not perceptible on images, but the attacks proposed to date are readily perceptible in the case of time series. In order to generate stealthier adversarial attacks for time series, we propose a new attack that produces smoother perturbations. We find that smooth perturbations are harder to detect by the naked eye. We also show how adversarial training can improve model robustness against this attack, thus making models less vulnerable.

Original languageEnglish
Title of host publication26th Pacific-Asia Conference, PAKDD 2022 Chengdu, China, May 16–19, 2022 Proceedings, Part I
EditorsJoão Gama, Tianrui Li, Yang Yu, Enhong Chen, Yu Zheng, Fei Teng
Place of PublicationCham Switzerland
PublisherSpringer
Pages485-496
Number of pages12
ISBN (Electronic)9783031059339
ISBN (Print)9783031059322
DOIs
Publication statusPublished - 2022
EventPacific-Asia Conference on Knowledge Discovery and Data Mining 2022 - Chengdu, China
Duration: 16 May 202219 May 2022
Conference number: 26th
https://link.springer.com/book/10.1007/978-3-031-05936-0 (Proceedings)
http://www.pakdd.net/ (Website)

Publication series

NameLecture Notes in Computer Science
PublisherSpringer
Volume13280
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

ConferencePacific-Asia Conference on Knowledge Discovery and Data Mining 2022
Abbreviated titlePAKDD 2022
Country/TerritoryChina
CityChengdu
Period16/05/2219/05/22
Internet address

Keywords

  • Adversarial attack
  • BIM
  • InceptionTime
  • Smooth perturbations
  • Time series

Cite this