Computer Science

Computer Science ›› 2022, Vol. 49 ›› Issue (10): 285-290.doi: 10.11896/jsjkx.210900254

• Information Security • Previous Articles     Next Articles

Locally Black-box Adversarial Attack on Time Series

YANG Wen-bo, YUAN Ji-dong   

  1. School of Computer and Information Technology,Beijing Jiaotong University,Beijing 100044,China
    Beijing Key Lab of Traffic Data Analysis and Mining(Beijing Jiaotong University),Beijing 100044,China
  • Received:2021-09-28 Revised:2022-02-06 Online:2022-10-15 Published:2022-10-13
  • About author:YANG Wen-bo,born in 1997,postgra-duate.His main research interests include artificial intelligence and time series classification.
    YUAN Ji-dong,born in 1989,doctor,associate professor.His main research interests include data mining and pattern recognition.
  • Supported by:
    National Key R&D Program of China(2021ZD0113002),Natural Science Foundation of Beijing,China(4214067) and National Natural Science Foundation of China(61702030).

PDF (PC)

513

Abstract: Deep neural networks(DNNs) for time series classification have potential security concerns due to their vulnerability to adversarial attacks.The existing attack methods on time series performglobal perturbation based on gradient information,and the generated adversarial examples are easy to be perceived.This paper proposes a locally black-box method to attack DNNs without gradient information.First,the attack is described as a constrained optimization problem with the assumption that the method cannot get any inner information of the model,then the genetic algorithm is employed to solve it.Second,since time series shapelets provides the most discriminative information among different categories,it is designed as a local perturbation interval.Experimental results on UCR datasets that have potential security concerns indicate that the proposed method can effectively attack DNNs and generate adversarial samples.In addition,compared with the benchmark,the method significantly reduces the mean squared error while keeping a high success rate.

Key words: Black-box adversarial attack, Time series classification, Local perturbations, Genetic algorithm, Shapelet

CLC Number: 

  • TP183
[1]SZEGEDY C,ZAREMBA W,SUTSKEVER I,et al.Intriguing properties of neural networks [J].arXiv:1312.6199,2013.
[2]EYKHOLT K,EVTIMOV I,FERNANDES E,et al.Robustphysical-world attacks on deep learning visual classification[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition.IEEE,2018.
[3]ZHANG W E,SHENG Q Z,ALHAZMI A,et al.Adversarial attacks on deep-learning models in natural language processing:A survey [J].ACM Transactions on Intelligent Systems and Technology(TIST),2020,11(3):1-41.
[4]DANG-NHU R,SINGH G,BIELIK P,et al.Adversarial attacks on probabilistic autoregressive forecasting models[C]//Procee-dings of the International Conference on Machine Learning.PMLR,2020.
[5]ZHENG Z,YANG Y,NIU X,et al.Wide and deep convolutional neural networks for electricity-theft detection to secure smart grids [J].IEEE Transactions on Industrial Informatics,2017,14(4):1606-1615.
[6]FAWAZ H I,FORESTIER G,WEBER J,et al.Adversarial attacks on deep neural networks for time series classification[C]//Proceedings of the 2019 International Joint Conference on Neural Networks(IJCNN).IEEE,2019.
[7]CHEN H,HUANG C,HUANG Q,et al.Ecgadv:Generatingadversarial electrocardiogram to misguide arrhythmia classification system[C]//Proceedings of the AAAI Conference on Artificial Intelligence.AAAI,2020.
[8]PAPERNOT N,MCDANIEL P,GOODFELLOW I,et al.Practical black-box attacks against machine learning[C]//Procee-dings of the 2017 ACM on Asia Conference on Computer and Communications Security.ACM,2017.
[9]SU J,VARGAS D V,SAKURAI K.One pixel attack for fooling deep neural networks [J].IEEE Transactions on Evolutionary Computation,2019,23(5):828-841.
[10]OREGI I,DEL SER J,PEREZ A,et al.Adversarial sample crafting for time series classification with elastic similarity measures[C]//Proceedings of the International Symposium on Intelligent and Distributed Computing.Springer,2018.
[11]KARIM F,MAJUMDAR S,DARABI H.Adversarial attacks on time series [J].IEEE Transactions on Pattern Analysis and Machine Intelligence,2020,43(10):3309-3320.
[12]YE L,KEOGH E.Time series shapelets:a new primitive for data mining[C]//Proceedings of the 15th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining.ACM,2009.
[13]DAU H A,BAGNALL A,KAMGAR K,et al.The UCR time series archive [J].IEEE/CAA Journal of Automatica Sinica,2019,6(6):1293-1305.
[14]PAN W W,WANG X Y,SONG M L,et al.Survey on Generating Adversarial Examples [J].Journal of Software,2020,31(1):67-81.
[15]PAPERNOT N,MCDANIEL P,GOODFELLOW I.Transferability in machine learning:from phenomena to black-box attacks using adversarial samples [J].arXiv:1605.07277,2016.
[16]SARKAR S,BANSAL A,MAHBUB U,et al.UPSET and ANGRI:Breaking high performance image classifiers [J].arXiv:1707.01159,2017.
[17]RATHORE P,BASAK A,NISTALA S H,et al.Untargeted,Targeted and Universal Adversarial Attacks and Defenses on Time Series[C]//Proceedings of the 2020 International Joint Conference on Neural Networks(IJCNN).IEEE,2020.
[18]HARFORD S,KARIM F,DARABI H.Adversarial attacks on multivariate time series [J].arXiv:2004.00410,2020.
[19]HAN X,HU Y,FOSCHINI L,et al.Deep learning models forelectrocardiograms are susceptible to adversarial attack [J].Nature Medicine,2020,26(3):360-363.
[20]JI G L.Survey on genetic algorithm [J].Computer Applications and Software,2004,21(2):69-73.
[21]ANDERSON E J,FERRIS M C.Genetic algorithms for combinatorial optimization:the assemble line balancing problem [J].ORSA Journal on Computing,1994,6(2):161-173.
[22]YAN W H,LI G L.Research on time series classification based on shapelet [J].Computer Science,2019,46(1):29-35.
[23]WANG Z,YAN W,OATES T.Time series classification from scratch with deep neural networks:A strong baseline[C]//Proceedings of the 2017 International Joint Conference on Neural Networks(IJCNN).IEEE,2017.
[24]IOFFE S,SZEGEDY C.Batch normalization:Accelerating deep network training by reducing internal covariate shift[C]//Proceedings of the International Conference on Machine Learning.PMLR,2015.
[25]KRIZHEVSKY A,SUTSKEVER I,HINTON G E.Imagenetclassification with deep convolutional neural networks [J].Advances in Neural Information Processing Systems,2012,25:1097-1105.
[26]DEMš AR J.Statistical comparisons of classifiers over multiple data sets [J].The Journal of Machine Learning Research,2006,7:1-30.
[1] GAO Zhen-zhuo, WANG Zhi-hai, LIU Hai-yang. Random Shapelet Forest Algorithm Embedded with Canonical Time Series Features [J]. Computer Science, 2022, 49(7): 40-49.
[2] YANG Hao-xiong, GAO Jing, SHAO En-lu. Vehicle Routing Problem with Time Window of Takeaway Food ConsideringOne-order-multi-product Order Delivery [J]. Computer Science, 2022, 49(6A): 191-198.
[3] SHEN Biao, SHEN Li-wei, LI Yi. Dynamic Task Scheduling Method for Space Crowdsourcing [J]. Computer Science, 2022, 49(2): 231-240.
[4] WU Shan-jie, WANG Xin. Prediction of Tectonic Coal Thickness Based on AGA-DBSCAN Optimized RBF Neural Networks [J]. Computer Science, 2021, 48(7): 308-315.
[5] WANG Jin-heng, SHAN Zhi-long, TAN Han-song, WANG Yu-lin. Network Security Situation Assessment Based on Genetic Optimized PNN Neural Network [J]. Computer Science, 2021, 48(6): 338-342.
[6] ZHENG Zeng-qian, WANG Kun, ZHAO Tao, JIANG Wei, MENG Li-min. Load Balancing Mechanism for Bandwidth and Time-delay Constrained Streaming Media Server Cluster [J]. Computer Science, 2021, 48(6): 261-267.
[7] ZUO Jian-kai, WU Jie-hong, CHEN Jia-tong, LIU Ze-yuan, LI Zhong-zhi. Study on Heterogeneous UAV Formation Defense and Evaluation Strategy [J]. Computer Science, 2021, 48(2): 55-63.
[8] YAO Ze-wei, LIU Jia-wen, HU Jun-qin, CHEN Xing. PSO-GA Based Approach to Multi-edge Load Balancing [J]. Computer Science, 2021, 48(11A): 456-463.
[9] GAO Shuai, XIA Liang-bin, SHENG Liang, DU Hong-liang, YUAN Yuan, HAN He-tong. Spatial Cylinder Fitting Based on Projection Roundness and Genetic Algorithm [J]. Computer Science, 2021, 48(11A): 166-169.
[10] GAO Ji-xu, WANG Jun. Multi-edge Collaborative Computing Unloading Scheme Based on Genetic Algorithm [J]. Computer Science, 2021, 48(1): 72-80.
[11] JI Shun-hui, ZHANG Peng-cheng. Test Case Generation Approach for Data Flow Based on Dominance Relations [J]. Computer Science, 2020, 47(9): 40-46.
[12] DONG Ming-gang, HUANG Yu-yang, JING Chao. K-Nearest Neighbor Classification Training Set Optimization Method Based on Genetic Instance and Feature Selection [J]. Computer Science, 2020, 47(8): 178-184.
[13] LIANG Zheng-you, HE Jing-lin, SUN Yu. Three-dimensional Convolutional Neural Network Evolution Method for Facial Micro-expression Auto-recognition [J]. Computer Science, 2020, 47(8): 227-232.
[14] YANG De-cheng, LI Feng-qi, WANG Yi, WANG Sheng-fa, YIN Hui-shu. Intelligent 3D Printing Path Planning Algorithm [J]. Computer Science, 2020, 47(8): 267-271.
[15] BAO Zhen-shan, GUO Jun-nan, XIE Yuan and ZHANG Wen-bo. Model for Stock Price Trend Prediction Based on LSTM and GA [J]. Computer Science, 2020, 47(6A): 467-473.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.