Forecasting Fails: Unveiling Evasion Attacks in Weather Prediction Models

TL;DR

This paper presents WAAPO, a novel adversarial attack framework that reveals vulnerabilities in weather prediction models by generating stealthy perturbations, highlighting the need for improved robustness in AI-based forecasting.

Contribution

Introduction of WAAPO, a new method for creating physically realistic adversarial perturbations in weather models, exposing critical vulnerabilities in current AI forecasting systems.

Findings

WAAPO can generate targeted adversarial trajectories that closely match predefined goals.

Small initial perturbations can cause large deviations in weather forecasts.

Weather models are vulnerable to adversarial attacks, risking operational reliability.

Abstract

With the increasing reliance on AI models for weather forecasting, it is imperative to evaluate their vulnerability to adversarial perturbations. This work introduces Weather Adaptive Adversarial Perturbation Optimization (WAAPO), a novel framework for generating targeted adversarial perturbations that are both effective in manipulating forecasts and stealthy to avoid detection. WAAPO achieves this by incorporating constraints for channel sparsity, spatial localization, and smoothness, ensuring that perturbations remain physically realistic and imperceptible. Using the ERA5 dataset and FourCastNet (Pathak et al. 2022), we demonstrate WAAPO's ability to generate adversarial trajectories that align closely with predefined targets, even under constrained conditions. Our experiments highlight critical vulnerabilities in AI-driven forecasting models, where small perturbations to initial conditions can result in significant deviations in predicted weather patterns. These findings underscore the need for robust safeguards to protect against adversarial exploitation in operational forecasting systems.