Targeted Manipulation: Slope-Based Attacks on Financial Time-Series Data

TL;DR

This paper introduces slope-based adversarial attack methods on financial time-series forecasting models, demonstrating their ability to manipulate predictions and bypass security measures, and discusses securing the entire ML pipeline.

Contribution

It presents two novel slope-based attack techniques for financial forecasting models and integrates them into GANs, highlighting vulnerabilities in model security and pipeline integrity.

Findings

Slope attacks double the forecast trend slope.

Standard security measures are ineffective against these attacks.

Adversarial attacks can be embedded in inference libraries.

Abstract

A common method of attacking deep learning models is through adversarial attacks, which occur when an attacker specifically modifies the input of a model to produce an incorrect result. Adversarial attacks have been deeply investigated in the image domain; however, there is less research in the time-series domain and very little for forecasting financial data. To address these concerns, this study aims to build upon previous research on adversarial attacks for time-series data by introducing two new slope-based methods aimed to alter the trends of the predicted stock forecast generated by an N-HiTS model. Compared to the normal N-HiTS predictions, the two new slope-based methods, the General Slope Attack and Least-Squares Slope Attack, can manipulate N-HiTS predictions by doubling the slope. These new slope attacks can bypass standard security mechanisms, such as a discriminator that filters real and perturbed inputs, reducing a 4-layered CNN's specificity to 28% and accuracy to 57%. Furthermore, the slope based methods were incorporated into a GAN architecture as a means of generating realistic synthetic data, while simultaneously fooling the model. Finally, this paper also proposes a sample malware designed to inject an adversarial attack in the model inference library, proving that ML-security research should not only focus on making the model safe, but also securing the entire pipeline.