Lightweight Defense Against Adversarial Attacks in Time Series Classification

TL;DR

This paper introduces computationally efficient data augmentation-based defense methods for time series classification that outperform traditional adversarial training in robustness and resource consumption.

Contribution

The paper develops five novel data augmentation-based adversarial defense methods for TSC, including an ensemble approach that improves robustness and reduces computational costs.

Findings

Ensemble defense outperforms PGD-based adversarial training.

Proposed methods require less than one-third of the resources of traditional AT.

Methods are straightforward to deploy and enhance TSC robustness.

Abstract

As time series classification (TSC) gains prominence, ensuring robust TSC models against adversarial attacks is crucial. While adversarial defense is well-studied in Computer Vision (CV), the TSC field has primarily relied on adversarial training (AT), which is computationally expensive. In this paper, five data augmentation-based defense methods tailored for time series are developed, with the most computationally intensive method among them increasing the computational resources by only 14.07% compared to the original TSC model. Moreover, the deployment process for these methods is straightforward. By leveraging these advantages of our methods, we create two combined methods. One of these methods is an ensemble of all the proposed techniques, which not only provides better defense performance than PGD-based AT but also enhances the generalization ability of TSC models. Moreover, the computational resources required for our ensemble are less than one-third of those required for PGD-based AT. These methods advance robust TSC in data mining. Furthermore, as foundation models are increasingly explored for time series feature learning, our work provides insights into integrating data augmentation-based adversarial defense with large-scale pre-trained models in future research.