# Dimensionally constrained adversarial attack and defense in wind power forecasting

**Authors:** Yangming Min, Congmei Jiang, Liangheng Zhang, Xiankui Wen, Junling Tu, Jing Zhang

PMC · DOI: 10.1371/journal.pone.0345284 · PLOS One · 2026-03-27

## TL;DR

This paper introduces a stealthy adversarial attack and an effective defense method for improving wind power forecasting using deep neural networks.

## Contribution

Proposes DC-MI-FGSM for stealthy attacks and a DAE-based defense strategy for wind power forecasting.

## Key findings

- DC-MI-FGSM achieves lower average perturbation percentage, showing superior stealthiness.
- The DAE-based defense reduces forecasting errors and outperforms adversarial training in robustness.
- Both methods are validated on the SDWPF dataset under white-box and black-box scenarios.

## Abstract

Deep neural networks (DNNs) have achieved remarkable success in wind power forecasting, but DNNs are vulnerable to adversarial attacks that can severely degrade forecast accuracy. Existing studies primarily emphasize attack effectiveness and pay limited attention to attack stealthiness. In this paper, a dimension-constrained momentum iterative fast gradient sign method (DC-MI-FGSM) is proposed for wind power forecasting, which generates highly stealthy perturbations by applying the momentum update mechanism during attack optimization and limiting the perturbation dimensions of input samples. To defend against this attack, a denoising autoencoder (DAE)-based preprocessing defense strategy is developed for wind power forecasting, which resists adversarial attacks by mapping adversarial samples back to their corresponding clean forms. The effectiveness of the proposed attack and defense methods is validated on the public SDWPF dataset under both white-box and black-box scenarios. Compared with existing attacks, DC-MI-FGSM achieves a lower average perturbation percentage (APP), indicating superior attack stealthiness. Meanwhile, it causes more severe degradation in forecasting accuracy, as measured by MAPE, RMSE, and MAE, demonstrating stronger attack effectiveness. For defense, the proposed DAE-based preprocessing strategy effectively mitigates adversarial perturbations, significantly reducing forecasting errors while preserving the original accuracy on clean data. Moreover, it consistently outperforms adversarial training in terms of robustness and usability.

## Full-text entities

- **Chemicals:** DC-MI (-)

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/PMC13029804/full.md

## Figures

12 figures with captions in the complete paper: https://tomesphere.com/paper/PMC13029804/full.md

## References

47 references — full list in the complete paper: https://tomesphere.com/paper/PMC13029804/full.md

---
Source: https://tomesphere.com/paper/PMC13029804