Deep learning-based weather forecasting (DLWF) models leverage past weather observations to generate future forecasts, supporting a wide range of downstream applications, including tropical cyclone (TC) prediction. In this paper, we investigate their vulnerability to adversarial attacks, where subtle perturbations to the upstream forecasts can alter the downstream TC trajectory predictions. Although research into adversarial attacks on DLWF models has grown recently, it remains challenging to craft perturbed upstream forecasts that steer the downstream outputs toward attacker-specified trajectories. First, conventional TC detection systems are opaque, non-differentiable black boxes, making standard gradient-based attacks infeasible. Second, the extreme rarity of TC events leads to severe class imbalance problem, making it difficult to develop attack methods for perturbing upstream forecasts that produce realistic-looking cyclone paths aligned with attacker's target trajectories. To overcome these limitations, we propose Cyc-Attack, a novel method for perturbing the upstream forecasts of DLWF models to generate adversarial trajectories. The proposed method uses a differentiable surrogate model to approximate the TC detector's output, enabling the application of gradient-based attacks. Cyc-Attack also employs a skewness-aware loss function with kernel dilation strategy to address the imbalance problem. Finally, a distance-based gradient weighting scheme and regularization are used to constrain the perturbations and eliminate unrealistic-looking trajectories, thereby making the adversarial upstream forecasts less easily detectable. Our experiments show that Cyc-Attack achieves a higher true positive rate in matching the attacker's target trajectories, along with lower false alarm rates and stealthier perturbations than conventional attack methods.

翻译：基于深度学习的天气预报（DLWF）模型利用历史气象观测数据生成未来预报，支持包括热带气旋（TC）预测在内的多种下游应用。本文研究了这些模型对抗性攻击的脆弱性——对上游预报施加微小扰动即可改变下游TC轨迹预测。尽管针对DLWF模型的对抗性攻击研究近年有所增长，但如何构造扰动后的上游预报，使其能够引导下游输出朝向攻击者指定的轨迹，仍具挑战性。首先，传统TC检测系统是透明性差且不可微的黑箱模型，导致标准梯度攻击方法失效。其次，TC事件的极端稀有性会造成严重的类别不平衡问题，使得难以开发攻击方法对上游预报进行扰动，以生成与攻击者目标轨迹一致且视觉合理的旋风路径。为解决这些限制，我们提出Cyc-Attack——一种通过扰动DLWF模型上游预报来生成对抗性轨迹的新方法。该方法采用可微替代模型近似TC检测器的输出，从而支持梯度攻击的应用。Cyc-Attack还结合了核扩张策略的偏度感知损失函数以应对不平衡问题。最后，通过基于距离的梯度加权方案与正则化约束扰动，消除视觉不合理的轨迹，使对抗性上游预报更不易被察觉。实验表明，与传统攻击方法相比，Cyc-Attack在匹配攻击者目标轨迹时实现了更高的真阳性率、更低的误报率以及更隐蔽的扰动。