Time series classification (TSC) is a cornerstone of modern web applications, powering tasks such as financial data analysis, network traffic monitoring, and user behavior analysis. In recent years, deep neural networks (DNNs) have greatly enhanced the performance of TSC models in these critical domains. However, DNNs are vulnerable to backdoor attacks, where attackers can covertly implant triggers into models to induce malicious outcomes. Existing backdoor attacks targeting DNN-based TSC models remain elementary. In particular, early methods borrow trigger designs from computer vision, which are ineffective for time series data. More recent approaches utilize generative models for trigger generation, but at the cost of significant computational complexity. In this work, we analyze the limitations of existing attacks and introduce an enhanced method, FreqBack. Drawing inspiration from the fact that DNN models inherently capture frequency domain features in time series data, we identify that improper perturbations in the frequency domain are the root cause of ineffective attacks. To address this, we propose to generate triggers both effectively and efficiently, guided by frequency analysis. FreqBack exhibits substantial performance across five models and eight datasets, achieving an impressive attack success rate of over 90%, while maintaining less than a 3% drop in model accuracy on clean data.

翻译：时间序列分类（TSC）是现代网络应用的基石，支撑着金融数据分析、网络流量监控和用户行为分析等任务。近年来，深度神经网络（DNNs）极大地提升了这些关键领域中TSC模型的性能。然而，DNNs容易受到后门攻击，攻击者可以秘密地将触发器植入模型以引发恶意结果。现有的针对基于DNN的TSC模型的后门攻击仍处于初级阶段。特别是，早期方法借鉴了计算机视觉中的触发器设计，这些设计对时间序列数据效果不佳。更近期的研究利用生成模型来生成触发器，但代价是显著的计算复杂度。在这项工作中，我们分析了现有攻击的局限性，并引入了一种增强方法——FreqBack。受DNN模型本质上会捕捉时间序列数据中频域特征这一事实的启发，我们发现频域中的不当扰动是导致攻击无效的根本原因。为了解决这个问题，我们提出在频域分析的指导下，高效且有效地生成触发器。FreqBack在五个模型和八个数据集上表现出卓越的性能，实现了超过90%的惊人攻击成功率，同时在干净数据上保持模型准确率下降小于3%。