BACKTIME: Backdoor Attacks on Multivariate Time Series Forecasting

TL;DR

This paper introduces BackTime, a novel backdoor attack method on multivariate time series forecasting models, demonstrating its effectiveness and stealthiness across various datasets and models, highlighting security concerns in critical applications.

Contribution

The paper presents a new backdoor attack technique for MTS forecasting models using a bi-level optimization and GNN-based trigger generator, filling a gap in robustness research.

Findings

BackTime effectively alters model predictions with minimal data poisoning.

The attack is versatile across multiple datasets and models.

BackTime remains stealthy and hard to detect.

Abstract

Multivariate Time Series (MTS) forecasting is a fundamental task with numerous real-world applications, such as transportation, climate, and epidemiology. While a myriad of powerful deep learning models have been developed for this task, few works have explored the robustness of MTS forecasting models to malicious attacks, which is crucial for their trustworthy employment in high-stake scenarios. To address this gap, we dive deep into the backdoor attacks on MTS forecasting models and propose an effective attack method named BackTime.By subtly injecting a few stealthy triggers into the MTS data, BackTime can alter the predictions of the forecasting model according to the attacker's intent. Specifically, BackTime first identifies vulnerable timestamps in the data for poisoning, and then adaptively synthesizes stealthy and effective triggers by solving a bi-level optimization problem with a GNN-based trigger generator. Extensive experiments across multiple datasets and state-of-the-art MTS forecasting models demonstrate the effectiveness, versatility, and stealthiness of \method{} attacks. The code is available at \url{https://github.com/xiaolin-cs/BackTime}.