基于局部扰动的时间序列预测对抗攻击  被引量：1

作　　者：张耀元 原继东 刘海洋[2] 王志海[2] 赵培翔[2] ZHANG Yao-Yuan;YUAN Ji-Dong;LIU Hai-Yang;WANG Zhi-Hai;ZHAO Pei-Xiang(Key Laboratory of Big Data&Artificial Intelligence in Transportation(Beijing Jiaotong University),Ministry of Education,Beijing 100044,China;School of Computer and Information Technology,Beijing Jiaotong University,Beijing 100044,China)

机构地区：[1]交通大数据与人工智能教育部重点实验室(北京交通大学),北京100044 [2]北京交通大学计算机与信息技术学院,北京100044

出　　处：《软件学报》2024年第11期5210-5227,共18页Journal of Software

基　　金：中央高校基本科研业务费专项资金(2022JBMC011);国家自然科学基金(61702030)。

摘　　要：时间序列预测模型已广泛应用于日常生活中的各个行业,针对这些预测模型的对抗攻击关系到各行业数据的安全性.目前,时间序列的对抗攻击多在全局范围内进行大规模扰动,导致对抗样本易被感知.同时,对抗攻击的效果会随着扰动幅度的降低而明显下降.因此,如何在生成不易察觉的对抗样本的同时保持较好的攻击效果,是当前时间序列预测对抗攻击领域亟需解决的问题之一.首先提出一种基于滑动窗口的局部扰动策略,缩小对抗样本的扰动区间;其次,使用差分进化算法寻找最优攻击点位,并结合分段函数分割扰动区间,进一步降低扰动范围,完成半白盒攻击.和已有的对抗攻击方法在多个不同深度模型上的对比实验表明,所提出的方法能够生成不易感知的对抗样本,并有效改变模型的预测趋势,在股票交易、电力消耗、太阳黑子观测和气温预测这4个具有挑战性的任务中均取得了较好的攻击效果.Time series forecasting models have been widely used in various domains of daily life,and the attack against these models is related to the security of data in applications.At present,adversarial attacks on time series mostly perform large-scale perturbation at the global level,which leads to the easy perception of adversarial samples.At the same time,the effectiveness of adversarial attacks decreases significantly with the magnitude shrinkage of the perturbation.Therefore,how to generate imperceptible adversarial samples while maintaining a competitive performance of attack is an urgent problem that needs to be solved in the current adversarial attack field of time series forecasting.This study first proposes a local perturbation strategy based on sliding windows to narrow the perturbation interval of the adversarial sample.Second,it employs the differential evolutionary algorithm to find the optimal attack points and combine the segmentation function to partition the perturbation interval to further reduce the perturbation range and complete the semi-white-box attack.The comparison experiments with existing adversarial attack methods on several different deep learning models show that the proposed method can generate less perceptible adversarial samples and effectively change the prediction trend of the model.The proposed method achieves sound attack results in four challenging tasks,namely stock trading,electricity consumption,sunspot observation,and temperature prediction.

关 键 词：时间序列预测 对抗攻击 对抗样本 半白盒攻击 滑动窗口 差分进化 

分 类 号：TP18[自动化与计算机技术—控制理论与控制工程]