While deep learning models have achieved remarkable success in time series forecasting, their vulnerability to adversarial examples remains a critical security concern. However, existing attack methods in the forecasting field typically ignore the temporal consistency inherent in time series data, leading to divergent and contradictory perturbation values for the same timestamp across overlapping samples. This temporally inconsistent perturbations problem renders adversarial attacks impractical for real-world data manipulation. To address this, we introduce Temporally Unified Adversarial Perturbations (TUAPs), which enforce a temporal unification constraint to ensure identical perturbations for each timestamp across all overlapping samples. Moreover, we propose a novel Timestamp-wise Gradient Accumulation Method (TGAM) that provides a modular and efficient approach to effectively generate TUAPs by aggregating local gradient information from overlapping samples. By integrating TGAM with momentum-based attack algorithms, we ensure strict temporal consistency while fully utilizing series-level gradient information to explore the adversarial perturbation space. Comprehensive experiments on three benchmark datasets and four representative state-of-the-art models demonstrate that our proposed method significantly outperforms baselines in both white-box and black-box transfer attack scenarios under TUAP constraints. Moreover, our method also exhibits superior transfer attack performance even without TUAP constraints, demonstrating its effectiveness and superiority in generating adversarial perturbations for time series forecasting models.

翻译：尽管深度学习模型在时间序列预测领域取得了显著成功，但其对对抗样本的脆弱性仍然是一个关键的安全隐患。然而，预测领域现有的攻击方法通常忽略了时间序列数据固有的时序一致性，导致同一时间戳在重叠样本间的扰动值存在分歧与矛盾。这种时序不一致的扰动问题使得对抗攻击难以应用于真实世界的数据操控。为解决此问题，我们提出了时序统一的对抗扰动，该方法通过施加时序统一约束，确保每个时间戳在所有重叠样本上具有相同的扰动。此外，我们提出了一种新颖的时间戳梯度累积方法，该方法通过聚合重叠样本的局部梯度信息，提供了一种模块化且高效的途径来有效生成TUAP。通过将TGAM与基于动量的攻击算法相结合，我们在严格保持时序一致性的同时，充分利用序列级梯度信息来探索对抗扰动空间。在三个基准数据集和四个代表性先进模型上的综合实验表明，在TUAP约束下，我们提出的方法在白盒和黑盒迁移攻击场景中均显著优于基线方法。此外，即使在无TUAP约束的情况下，我们的方法也展现出更优的迁移攻击性能，证明了其在为时间序列预测模型生成对抗扰动方面的有效性和优越性。