Abstract
Adversarial attacks represent a threat to every deep neural network. They are particularly effective if they can perturb a given model while remaining undetectable. They have been initially introduced for image classifiers, and are well studied for this task. For time series, few attacks have yet been proposed. Most that have are adaptations of attacks previously proposed for image classifiers. Although these attacks are effective, they generate perturbations containing clearly discernible patterns such as sawtooth and spikes. Adversarial patterns are not perceptible on images, but the attacks proposed to date are readily perceptible in the case of time series. In order to generate stealthier adversarial attacks for time series, we propose a new attack that produces smoother perturbations. We find that smooth perturbations are harder to detect by the naked eye. We also show how adversarial training can improve model robustness against this attack, thus making models less vulnerable.
Original language | English |
---|---|
Title of host publication | 26th Pacific-Asia Conference, PAKDD 2022 Chengdu, China, May 16–19, 2022 Proceedings, Part I |
Editors | João Gama, Tianrui Li, Yang Yu, Enhong Chen, Yu Zheng, Fei Teng |
Place of Publication | Cham Switzerland |
Publisher | Springer |
Pages | 485-496 |
Number of pages | 12 |
ISBN (Electronic) | 9783031059339 |
ISBN (Print) | 9783031059322 |
DOIs | |
Publication status | Published - 2022 |
Event | Pacific-Asia Conference on Knowledge Discovery and Data Mining 2022 - Chengdu, China Duration: 16 May 2022 → 19 May 2022 Conference number: 26th https://link.springer.com/book/10.1007/978-3-031-05936-0 (Proceedings) http://www.pakdd.net/ (Website) |
Publication series
Name | Lecture Notes in Computer Science |
---|---|
Publisher | Springer |
Volume | 13280 |
ISSN (Print) | 0302-9743 |
ISSN (Electronic) | 1611-3349 |
Conference
Conference | Pacific-Asia Conference on Knowledge Discovery and Data Mining 2022 |
---|---|
Abbreviated title | PAKDD 2022 |
Country/Territory | China |
City | Chengdu |
Period | 16/05/22 → 19/05/22 |
Internet address |
|
Keywords
- Adversarial attack
- BIM
- InceptionTime
- Smooth perturbations
- Time series