Adversarial Attacks and Defenses in Multivariate Time-Series Forecasting for Smart and Connected Infrastructures

TL;DR

This paper investigates the vulnerability of multivariate time-series forecasting models in smart infrastructures to adversarial attacks, demonstrating effective attack methods and proposing defenses that significantly improve model robustness and prediction accuracy.

Contribution

It introduces the first comprehensive study of adversarial attacks and defenses in multivariate time-series forecasting for smart infrastructures, including transferability analysis across datasets.

Findings

Attacks significantly degrade forecasting accuracy without defenses.

Adversarial training improves model robustness against attacks.

Defenses reduce RMSE by over 70% on benchmark and real-world datasets.

Abstract

The emergence of deep learning models has revolutionized various industries over the last decade, leading to a surge in connected devices and infrastructures. However, these models can be tricked into making incorrect predictions with high confidence, leading to disastrous failures and security concerns. To this end, we explore the impact of adversarial attacks on multivariate time-series forecasting and investigate methods to counter them. Specifically, we employ untargeted white-box attacks, namely the Fast Gradient Sign Method (FGSM) and the Basic Iterative Method (BIM), to poison the inputs to the training process, effectively misleading the model. We also illustrate the subtle modifications to the inputs after the attack, which makes detecting the attack using the naked eye quite difficult. Having demonstrated the feasibility of these attacks, we develop robust models through adversarial training and model hardening. We are among the first to showcase the transferability of these attacks and defenses by extrapolating our work from the benchmark electricity data to a larger, 10-year real-world data used for predicting the time-to-failure of hard disks. Our experimental results confirm that the attacks and defenses achieve the desired security thresholds, leading to a 72.41% and 94.81% decrease in RMSE for the electricity and hard disk datasets respectively after implementing the adversarial defenses.