Backdoor attacks have emerged as one of the major security threats to deep learning models as they can easily control the model's test-time predictions by pre-injecting a backdoor trigger into the model at training time. While backdoor attacks have been extensively studied on images, few works have investigated the threat of backdoor attacks on time series data. To fill this gap, in this paper we present a novel generative approach for time series backdoor attacks against deep learning based time series classifiers. Backdoor attacks have two main goals: high stealthiness and high attack success rate. We find that, compared to images, it can be more challenging to achieve the two goals on time series. This is because time series have fewer input dimensions and lower degrees of freedom, making it hard to achieve a high attack success rate without compromising stealthiness. Our generative approach addresses this challenge by generating trigger patterns that are as realistic as real-time series patterns while achieving a high attack success rate without causing a significant drop in clean accuracy. We also show that our proposed attack is resistant to potential backdoor defenses. Furthermore, we propose a novel universal generator that can poison any type of time series with a single generator that allows universal attacks without the need to fine-tune the generative model for new time series datasets.

翻译：后门攻击已成为深度学习模型面临的主要安全威胁之一，通过在训练阶段预先注入后门触发器，攻击者能轻易控制模型在测试阶段的预测结果。尽管后门攻击已在图像领域得到广泛研究，但鲜有工作探究其对时间序列数据的威胁。为填补这一空白，本文提出了一种面向基于深度学习的时间序列分类器的生成式后门攻击新方法。后门攻击需达成两个核心目标：高度隐蔽性与高攻击成功率。我们发现，相较于图像，在时间序列上同时实现这两个目标更具挑战性——由于时间序列输入维度更少、自由度更低，在不牺牲隐蔽性的前提下难以维持高攻击成功率。我们的生成式方法通过生成与真实时间序列模式高度相似的触发器图案来应对这一挑战，在实现高攻击成功率的同时，不会导致干净准确率显著下降。实验表明，所提攻击能够有效抵御潜在的后门防御机制。此外，我们进一步提出了一种新颖的通用生成器，该生成器可通过单一模型污染任意类型的时间序列，无需针对新数据集微调生成模型即可实现通用攻击。