Correlation Analysis of Adversarial Attack in Time Series Classification

TL;DR

This paper analyzes how adversarial attacks affect time series classifiers, emphasizing frequency domain techniques for both attacking and defending, and highlights the importance of global information in model robustness.

Contribution

It introduces frequency-based attack and defense strategies for time series models and demonstrates the significance of global information in enhancing model resilience.

Findings

Frequency domain methods improve attack effectiveness.

Noise and filtering defenses reduce attack success rates.

Global information-focused models are more robust.

Abstract

This study investigates the vulnerability of time series classification models to adversarial attacks, with a focus on how these models process local versus global information under such conditions. By leveraging the Normalized Auto Correlation Function (NACF), an exploration into the inclination of neural networks is conducted. It is demonstrated that regularization techniques, particularly those employing Fast Fourier Transform (FFT) methods and targeting frequency components of perturbations, markedly enhance the effectiveness of attacks. Meanwhile, the defense strategies, like noise introduction and Gaussian filtering, are shown to significantly lower the Attack Success Rate (ASR), with approaches based on noise introducing notably effective in countering high-frequency distortions. Furthermore, models designed to prioritize global information are revealed to possess greater resistance to adversarial manipulations. These results underline the importance of designing attack and defense mechanisms, informed by frequency domain analysis, as a means to considerably reinforce the resilience of neural network models against adversarial threats.