Exposing Vulnerabilities in Explanation for Time Series Classifiers via Dual-Target Attacks

TL;DR

This paper demonstrates that explanations for time series classifiers can be manipulated independently of predictions, revealing that explanation stability is not a reliable indicator of model robustness and introducing a dual-target attack method.

Contribution

The authors propose TSEF, a novel dual-target attack that jointly manipulates classifier predictions and explanations, exposing vulnerabilities in explanation-based robustness assessments.

Findings

TSEF can successfully alter predictions while maintaining consistent explanations.

Explanation stability does not reliably indicate model robustness.

The attack method is effective across multiple datasets and explanation methods.

Abstract

Interpretable time series deep learning systems are often assessed by checking temporal consistency on explanations, implicitly treating this as evidence of robustness. We show that this assumption can fail: Predictions and explanations can be adversarially decoupled, enabling targeted misclassification while the explanation remains plausible and consistent with a chosen reference rationale. We propose TSEF (Time Series Explanation Fooler), a dual-target attack that jointly manipulates the classifier and explainer outputs. In contrast to single-objective misclassification attacks that disrupt explanation and spread attribution mass broadly, TSEF achieves targeted prediction changes while keeping explanations consistent with the reference. Across multiple datasets and explainer backbones, our results consistently reveal that explanation stability is a misleading proxy for decision robustness and motivate coupling-aware robustness evaluations for trustworthy time series tasks.