Time-series forecasting models remain vulnerable to gradient-based adversarial attacks while existing defense mechanisms typically incur a trade-off in robustness for bounded response and compute cost. The problem is pronounced in Moving Target Defense where maintaining multiple randomized model instances substantially exacerbates the training overhead. In this work, we introduce MorphStrata, a student generation strategy with selective, layer-specific stochastic noise injection that extends the traditional Morphence defense. MorphStrata uses a Transformer backbone as the teacher and perturbs randomly selected architectural blocks to create structured heterogeneity across student models in response to varied data distributions and threat models. We evaluate against vanilla Transformer and Morphence backbones on a suite of benchmarks including the Jena Climate, Electricity Load Diagrams, and Appliances Energy Prediction using FGSM, BIM and PGD attacks across multiple attack strengths. Across datasets and attack regimes, the proposed ensemble maintains comparable adversarial RMSE. Specifically, for high entropy, periodic datasets as in the case of the AEP data, MorphStrata achieves the lowest RMSE across all attacks and perturbation budgets, improving over the static baseline by up to 24.11% and 97.97% under FGSM and BIM respectively at an epsilon value of 0.5 over 30 randomized trials. Targeting the layers to generate MorphStrata students accounts for less than 1% increase in train-times over the Morphence MTD baseline for most of the experiments, while accounting for double digit gains in adversarial RMSE reduction. We also observe a positive correlation between higher pairwise L2 distance (among generated students) and overall defense effectiveness. In summary, MorphStrata maintains adversarial robustness as an MTD defense at marginal cost deltas when compared to existing baselines.

翻译：时间序列预测模型仍易受基于梯度的对抗攻击影响，而现有防御机制通常以鲁棒性为代价来换取有限响应与计算成本。该问题在移动目标防御中尤为突出，因维护多个随机化模型实例会显著增加训练开销。本文提出MorphStrata——一种采用选择性、层特异随机噪声注入的学生生成策略，扩展了传统Morphence防御。MorphStrata以Transformer骨干网络作为教师模型，通过扰动随机选取的架构模块，在不同数据分布与威胁模型下构建学生模型间的结构化异质性。我们基于Jena气候、电力负荷图谱及电器能耗预测等基准测试套件，采用FGSM、BIM及PGD攻击方法在多种攻击强度下进行对比实验，评估对象包括标准Transformer与Morphence骨干网络。实验表明，所提集成模型在各数据集及攻击场景下均保持可比较的对抗RMSE。特别地，对于高熵周期性数据集（如AEP数据），MorphStrata在所有攻击类型与扰动预算下均取得最低RMSE：当epsilon值为0.5时，经30次随机试验，相较于静态基线，在FGSM与BIM攻击下分别提升24.11%与97.97%。在多数实验中，通过层定位生成MorphStrata学生模型仅使训练时间较Morphence MTD基线增加不足1%，而对抗RMSE降幅则达两位数百分比。我们还观察到生成学生模型间的成对L2距离与防御有效性呈正向相关。综上，MorphStrata在边际成本增量可控的前提下，维持了MTD防御的对抗鲁棒性，性能优于现有基线方法。