Time series classification (TSC) has emerged as a critical task in various domains, and deep neural models have shown superior performance in TSC tasks. However, these models are vulnerable to adversarial attacks, where subtle perturbations can significantly impact the prediction results. Existing adversarial methods often suffer from over-parameterization or random logit perturbation, hindering their effectiveness. Additionally, increasing the attack success rate (ASR) typically involves generating more noise, making the attack more easily detectable. To address these limitations, we propose SWAP, a novel attacking method for TSC models. SWAP focuses on enhancing the confidence of the second-ranked logits while minimizing the manipulation of other logits. This is achieved by minimizing the Kullback-Leibler divergence between the target logit distribution and the predictive logit distribution. Experimental results demonstrate that SWAP achieves state-of-the-art performance, with an ASR exceeding 50% and an 18% increase compared to existing methods.

翻译：时间序列分类（TSC）已成为多个领域中的关键任务，深度神经网络模型在TSC任务中展现出卓越性能。然而，这些模型易受对抗攻击影响——细微扰动即可显著改变预测结果。现有对抗方法常受限于过度参数化或随机扰动对数输出，削弱了攻击有效性。此外，提升攻击成功率（ASR）通常需要生成更多噪声，导致攻击更易被察觉。为解决这些问题，本文提出SWAP——一种针对TSC模型的新型攻击方法。SWAP通过重点提升次优对数输出的置信度，同时最小化对其他对数输出的干扰，实现攻击目标。该方法通过最小化目标对数分布与预测对数分布之间的KL散度达成效果。实验结果表明，SWAP达到当前最优性能，攻击成功率超过50%，较现有方法提升18%。