Concealed Adversarial attacks on neural networks for sequential data
Petr Sokerin, Dmitry Anikin, Sofia Krehova, Alexey Zaytsev
TL;DR
This paper introduces a concealed adversarial attack method for time series neural networks that produces realistic, hard-to-detect perturbations, challenging current robustness defenses across multiple architectures.
Contribution
It develops a novel attack that maximizes classifier and discriminator loss, with a training procedure for broader attack coverage, improving concealability and effectiveness.
Findings
The attack outperforms existing methods in concealability and efficiency.
Benchmark results on six datasets show superior attack performance.
The study highlights the need for stronger defenses against realistic adversarial attacks.
Abstract
The emergence of deep learning led to the broad usage of neural networks in the time series domain for various applications, including finance and medicine. While powerful, these models are prone to adversarial attacks: a benign targeted perturbation of input data leads to significant changes in a classifier's output. However, formally small attacks in the time series domain become easily detected by the human eye or a simple detector model. We develop a concealed adversarial attack for different time-series models: it provides more realistic perturbations, being hard to detect by a human or model discriminator. To achieve this goal, the proposed adversarial attack maximizes an aggregation of a classifier and a trained discriminator loss. To make the attack stronger, we also propose a training procedure for a discriminator that provides broader coverage of possible attacks. Extensive…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.