Adversarial Attacks and Defenses in Multivariate Time-Series Forecasting for Smart and Connected Infrastructures

##plugins.themes.bootstrap3.article.main##

##plugins.themes.bootstrap3.article.sidebar##

Published Nov 5, 2024
Pooja Krishan
Rohan Mohapatra
Sanchari Das Saptarshi Sengupta

Abstract

The emergence of deep learning models has revolutionized various industries over the last decade, leading to a surge in connected devices and infrastructures. However, these models can be tricked into making incorrect predictions with high confidence, leading to disastrous failures and security concerns. To this end, we explore the impact of adversarial attacks on multivariate time-series forecasting and investigate methods to counter them. Specifically, we employ untargeted white-box attacks, namely the Fast Gradient Sign Method (FGSM) and the Basic Iterative Method (BIM), to poison the inputs to the training process, effectively misleading the model. We also illustrate the subtle modifications to the inputs after the attack, which makes detecting the attack using the naked eye quite difficult. Having demonstrated the feasibility of these attacks, we develop robust models through adversarial training and model hardening. We are among the first to showcase the transferability of these attacks and defenses by extrapolating our work from the benchmark electricity data to a larger, 10-year real-world data used for predicting the time-to-failure of hard disks. Our experimental results confirm that the attacks and defenses achieve the desired security thresholds, leading to a 72.41% and 94.81% decrease in RMSE for the electricity and hard disk datasets respectively after implementing the adversarial defenses.

How to Cite

Krishan, P., Mohapatra, R., Das, S., & Sengupta, S. (2024). Adversarial Attacks and Defenses in Multivariate Time-Series Forecasting for Smart and Connected Infrastructures. Annual Conference of the PHM Society, 16(1). https://doi.org/10.36001/phmconf.2024.v16i1.4082
Abstract 73 | PDF Downloads 57

##plugins.themes.bootstrap3.article.details##

Keywords

Adversarial Attacks, Fast Gradient Sign Method, Basic Iterative Method, Adversarial Training, Model Hardening

References
Akhtar, N., & Mian, A. (2018). Threat of adversarial attacks on deep learning in computer vision: A survey. IEEE Access, 6, 14410–14430. doi: 10.1109/ACCESS.2018.2807385

Akhtar, N., Mian, A., Kardan, N., & Shah, M. (2021). Advances in adversarial attacks and defenses in computer vision: A survey. IEEE Access, 9, 155161–155196. doi: 10.1109/ACCESS.2021.3127960

Alden, R. E., Gong, H., Ababei, C., & Ionel, D. M. (2020). Lstm forecasts for smart home electricity usage. In 2020 9th international conference on renewable energy research and application (icrera) (pp. 434–438).

Al-Dulaimi, A., Zabihi, S., Asif, A., & Mohammadi, A. (2019). A multimodal and hybrid deep neural network model for remaining useful life estimation. Computers in Industry, 108, 186–196. doi: https://doi.org/10.1016/j.compind.2019.02.004

Backblaze. (2023). Backblaze hard drive test data. Retrieved from https://www.backblaze.com/ b2/hard-drive-test-data.html

Bohan, H., & Yun, B. (2019). Traffic flow prediction based on brnn. In 2019 IEEE 9th international conference on electronics information and emergency communication (iceiec) (pp. 320–323). doi: 10.1109/ICEIEC.2019.8784513

Chen, X. (2024). A novel transformer-based dl model enhanced by position-sensitive attention and gated hierarchical lstm for aero-engine rul prediction. Scientific Reports, 14(1), 10061.

Cho, K., van Merrienboer, B., Gulcehre, C., Bahdanau, D., Bougares, F., Schwenk, H., & Bengio, Y. (2014). Learning phrase representations using rnn encoder-decoder for statistical machine translation.

Croce, F., & Hein, M. (2019). Sparse and imperceivable adversarial attacks. In Proceedings of the ieee/cvf international conference on computer vision (pp. 4724–4732).

da Silva, D. G., Geller, M. T. B., dos Santos Moura, M. S., & de Moura Meneses, A. A. (2022). Performance evaluation of lstm neural networks for consumption prediction. e-Prime-Advances in Electrical Engineering, Electronics, and Energy, 2, 100030.

Deutsch, J., & He, D. (2018). Using deep learning-based approach to predict remaining useful life of rotating components. IEEE Transactions on Systems, Man, and Cybernetics: Systems, 48(1), 11–20. doi: 10.1109/TSMC.2017.2697842

Divina, F., Garcıa Torres, M., Gomez Vela, F. A., & Vazquez Noguera, J. L. (2019). A comparative study of time series forecasting methods for short term electric energy consumption prediction in smart buildings. Energies, 12(10). doi: 10.3390/en12101934

Dong, Y., Deng, Z., Pang, T., Zhu, J., & Su, H. (2020). Adversarial distributional training for robust deep learning. Advances in Neural Information Processing Systems, 33, 8270–8283.

Dong, Y., Liao, F., Pang, T., Su, H., Zhu, J., Hu, X., & Li, J. (2018). Boosting adversarial attacks with momentum. In Proceedings of the IEEE conference on computer vision and pattern recognition (pp. 9185–9193).

Engstrom, L., Tran, B., Tsipras, D., Schmidt, L., & Madry, A. (2018). A rotation and a translation suffice: Fooling cnns with simple transformations.

Eykholt, K., Evtimov, I., Fernandes, E., Li, B., Rahmati, A., Xiao, C., . . . Song, D. (2018). Robust physical-world attacks on deep learning models.

Faloutsos, C., Gasthaus, J., Januschowski, T., & Wang, Y. (2018). Forecasting big time series: old and new. Proceedings of the VLDB Endowment, 11(12), 2102–2105.

Finlay, C., Pooladian, A.-A., & Oberman, A. (2019). The logbarrier adversarial attack: making effective use of decision boundary information. In Proceedings of the IEEE/CVF international conference on computer vision (pp. 4862–4870).

Fursov, I., Morozov, M., Kaploukhaya, N., Kovtun, E., Rivera-Castro, R., Gusev, G., . . . Burnaev, E. (2021). Adversarial attacks on deep models for financial transaction records. In Proceedings of the 27th acm sigkdd conference on knowledge discovery & data mining (pp. 2868–2878).

Goodfellow, I. J., Shlens, J., & Szegedy, C. (2015). Explaining and harnessing adversarial examples.

Govindarajulu, Y., Amballa, A., Kulkarni, P., & Parmar, M. (2023). Targeted attacks on timeseries forecasting. arXiv:2301.11544.

Harford, S., Karim, F., & Darabi, H. (2020). Adversarial attacks on multivariate time series. arXiv:2004.00410.

Hebrail, G., & Berard, A. (2012). Individual household electric power consumption. UCI Machine Learning Repository. doi: doi.org/10.24432/C58K54

Hochreiter, S., & Schmidhuber, J. (1997). Long short-term memory. Neural Computation, 9(8), 1735–1780. doi: 10.1162/neco.1997.9.8.1735

Huang, Q., Katsman, I., He, H., Gu, Z., Belongie, S., & Lim, S.-N. (2019). Enhancing adversarial example transferability with an intermediate level attack. In Proceedings of the IEEE/CVF international conference on computer vision (pp. 4733–4742).

Ibrahim, N. M., Megahed, A. I., & Abbasy, N. H. (2021). Short-term individual household load forecasting framework using lstm deep learning approach. In 2021 5th international symposium on multidisciplinary studies and innovative technologies (ismsit) (pp. 257–262).

Jang, Y., Zhao, T., Hong, S., & Lee, H. (2019). Adversarial defense via learning to generate diverse attacks. In Proceedings of the IEEE/CVF international conference on computer vision (pp. 2740–2749).

Jeddi, A., Shafiee, M. J., Karg, M., Scharfenberger, C., & Wong, A. (2020). Learn2perturb: an end-to-end feature perturbation learning to improve adversarial robustness. In Proceedings of the IEEE/CVF conference on computer vision and pattern recognition (pp. 1241–1250).

Karevan, Z., & Suykens, J. A. (2020). Transductive lstm for time-series prediction: An application to weather forecasting. Neural Networks, 125, 1–9. doi: 10.1016/j.neunet.2019.12.030

Karim, F., Majumdar, S., & Darabi, H. (2020). Adversarial attacks on time series. IEEE transactions on pattern analysis and machine intelligence, 43(10), 3309–3320.

Kaushik, S., Choudhury, A., Sheron, P. K., Dasgupta, N., Natarajan, S., Pickett, L. A., & Dutt, V. (2020). Ai in healthcare: Time-series forecasting using statistical, neural, and ensemble architectures. Frontiers in Big Data, 3. doi: 10.3389/fdata.2020.00004

Kingma, D. P., & Ba, J. (2017). Adam: A method for stochastic optimization. arXiv. doi: 10.48550/arXiv.1412.6980

Kurakin, A., Goodfellow, I., & Bengio, S. (2017). Adversarial examples in the physical world.

LeCun, Y., Bottou, L., Bengio, Y., & Haffner, P. (1998). Gradient-based learning applied to document recognition. Proceedings of the IEEE, 86(11), 2278–2324.

Lin, C.-Y., Hsieh, Y.-M., Cheng, F.-T., Huang, H.-C., & Adnan, M. (2019). Time series prediction algorithm for intelligent predictive maintenance. IEEE Robotics and Automation Letters, 4(3), 2807–2814. doi: 10.1109/LRA.2019.2918684

Lin, J., Dang, L., Rahouti, M., & Xiong, K. (2021). Ml attack models: Adversarial attacks and data poisoning attacks. arXiv preprint arXiv:2112.02797.

Liu, L., Park, Y., Hoang, T. N., Hasson, H., & Huan, J. (2022). Towards robust multivariate time-series forecasting: adversarial attacks and defense mechanisms. arXiv preprint arXiv:2207.09572.

Madaan, D., Shin, J., & Hwang, S. J. (2020). Adversarial neural pruning with latent vulnerability suppression. In International conference on machine learning (pp. 6575–6585).

Madry, A., Makelov, A., Schmidt, L., Tsipras, D., & Vladu, A. (2017). Towards deep learning models resistant to adversarial attacks. arXiv:1706.06083.

Melis, M., Demontis, A., Biggio, B., Brown, G., Fumera, G., & Roli, F. (2017). Is deep learning safe for robot vision? adversarial examples against the icub humanoid.

Melis, M., et al. (2021). Explaining vulnerability of machine learning to adversarial attacks.

Miller, D. J., Xiang, Z., & Kesidis, G. (2020). Adversarial learning targeting deep neural network classification: A comprehensive review of defenses against attacks. Proceedings of the IEEE, 108(3), 402–433.

Mishra, K., Basu, S., & Maulik, U. (2019). Danse: a dilated causal convolutional network based model for load forecasting. In Pattern recognition and machine intelligence: 8th international conference, premi 2019, tezpur, india, december 17-20, 2019, proceedings, part i (pp. 234–241).

Mode, G. R., & Hoque, K. A. (2020). Adversarial examples in deep learning for multivariate time series regression. In 2020 ieee applied imagery pattern recognition workshop (aipr) (pp. 1–10).

Mohapatra, R., Coursey, A., & Sengupta, S. (2023). Large-scale end-of-life prediction of hard disks in distributed datacenters. In 2023 ieee international conference on smart computing (smartcomp) (pp. 261–266). doi: 10.1109/SMARTCOMP58114.2023.00069

Mohapatra, R., & Sengupta, S. (2023). Tfbest: Dual-aspect transformer with learnable positional encoding for failure prediction. arXiv preprint arXiv:2309.02641.

Moosavi-Dezfooli, S.-M., Fawzi, A., Fawzi, O., & Frossard, P. (2017). Universal adversarial perturbations. In Proceedings of the IEEE conference on computer vision and pattern recognition (pp. 1765–1773).

Mustafa, A., Khan, S., Hayat, M., Goecke, R., Shen, J., & Shao, L. (2019). Adversarial defense by restricting the hidden space of deep neural networks. In Proceedings of the ieee/cvf international conference on computer vision (pp. 3385–3394).

Muzaffar, S., & Afshari, A. (2019). Short-term load forecasts using lstm networks. Energy Procedia, 158, 2922–2927.

Oh, S. J., Schiele, B., & Fritz, M. (2019). Towards reverse-engineering black-box neural networks. Explainable AI: interpreting, explaining and visualizing deep learning, 121–144.

Orimoloye, L. O., Sung, M.-C., Ma, T., & Johnson, J. E. (2020). Comparing the effectiveness of deep feedforward neural networks and shallow architectures for predicting stock price indices. Expert Systems with Applications, 139, 112828.

Papernot, N., McDaniel, P., Goodfellow, I., Jha, S., Celik, Z. B., & Swami, A. (2017). Practical black-box attacks against machine learning.

Rathore, P., Basak, A., Nistala, S. H., & Runkana, V. (2020). Untargeted, targeted and universal adversarial attacks and defenses on time series. In 2020 international joint conference on neural networks (ijcnn) (pp. 1–8).

Sankaranarayanan, S., Jain, A., Chellappa, R., & Lim, S. N. (2018). Regularizing deep networks using efficient layerwise adversarial training. In Proceedings of the aaai conference on artificial intelligence (Vol. 32).

Sezer, O. B., Gudelek, M. U., & Ozbayoglu, A. M. (2020). Financial time series forecasting with deep learning : A systematic literature review: 2005–2019. Applied Soft Computing, 90, 106181. doi: 10.1016/j.asoc.2020.106181

Siami-Namini, S., Tavakoli, N., & Siami Namin, A. (2018). A comparison of arima and lstm in forecasting time series. In 2018 17th ieee international conference on machine learning and applications (icmla) (pp. 1394–1401). doi: 10.1109/ICMLA.2018.00227

Stergiou, C., & Psannis, K. E. (2017). Recent advances delivered by mobile cloud computing and internet of things for big data applications: a survey. International Journal of Network Management, 27(3), e1930.

Su, J., Vargas, D. V., & Sakurai, K. (2019). One pixel attack for fooling deep neural networks. IEEE Transactions on Evolutionary Computation, 23(5), 828–841.

Sutskever, I., Vinyals, O., & Le, Q. V. (2014). Sequence to sequence learning with neural networks. Advances in neural information processing systems, 27.

Szegedy, C., Zaremba, W., Sutskever, I., Bruna, J., Erhan, D., Goodfellow, I., & Fergus, R. (2014). Intriguing properties of neural networks.

Tariq, M. I., Memon, N. A., Ahmed, S., Tayyaba, S., Mushtaq, M. T., Mian, N. A., . . . Ashraf, M. W. (2020). A review of deep learning security and privacy defensive techniques. Mobile Information Systems, 2020, 1–18.

Tsingenopoulos, I., Preuveneers, D., & Joosen, W. (2019). Autoattacker: A reinforcement learning approach for black-box adversarial attacks. In 2019 ieee european symposium on security and privacy workshops (euros&pw) (pp. 229–237).

Wang, J., & Zhang, H. (2019). Bilateral adversarial training: Towards fast training of more robust models against adversarial attacks. In Proceedings of the ieee/cvf international conference on computer vision (pp. 6629–6638).

Wu, W., Liao, W., Miao, J., & Du, G. (2019). Using gated recurrent unit network to forecast short-term load considering impact of electricity price. Energy Procedia, 158, 3369–3374.

Yan, H., & Ouyang, H. (2018). Financial time series prediction based on deep learning. Wireless Personal Communications, 102, 683–700.

Zhang, J., Wang, J., He, L., Li, Z., & Yu, P. S. (2018). Layerwise perturbation-based adversarial training for hard drive health degree prediction. In 2018 ieee international conference on data mining (icdm) (pp. 1428–1433). doi: 10.1109/ICDM.2018.00197
Section
Technical Research Papers