Time series classification (TSC) is a cornerstone of modern web applications, powering tasks such as financial data analysis, network traffic monitoring, and user behavior analysis. In recent years, deep neural networks (DNNs) have greatly enhanced the performance of TSC models in these critical domains. However, DNNs are vulnerable to backdoor attacks, where attackers can covertly implant triggers into models to induce malicious outcomes. Existing backdoor attacks targeting DNN-based TSC models remain elementary. In particular, early methods borrow trigger designs from computer vision, which are ineffective for time series data. More recent approaches utilize generative models for trigger generation, but at the cost of significant computational complexity. In this work, we analyze the limitations of existing attacks and introduce an enhanced method, FreqBack. Drawing inspiration from the fact that DNN models inherently capture frequency domain features in time series data, we identify that improper perturbations in the frequency domain are the root cause of ineffective attacks. To address this, we propose to generate triggers both effectively and efficiently, guided by frequency analysis. FreqBack exhibits substantial performance across five models and eight datasets, achieving an impressive attack success rate of over 90%, while maintaining less than a 3% drop in model accuracy on clean data.

翻译：时间序列分类（TSC）是现代网络应用的基石，支撑着金融数据分析、网络流量监控和用户行为分析等任务。近年来，深度神经网络（DNNs）极大地提升了TSC模型在这些关键领域的性能。然而，DNNs容易受到后门攻击，攻击者可以隐蔽地将触发器植入模型以诱导恶意结果。现有的针对基于DNN的TSC模型的后门攻击方法仍处于初级阶段。特别是，早期方法借鉴了计算机视觉领域的触发器设计，这些设计对时间序列数据效果不佳。更近期的研究利用生成模型来生成触发器，但代价是显著的计算复杂度。在本工作中，我们分析了现有攻击方法的局限性，并提出了一种增强方法FreqBack。受DNN模型本质上会捕捉时间序列数据频域特征这一事实的启发，我们发现频域中的不当扰动是导致攻击无效的根本原因。为了解决这个问题，我们提出在频域分析的指导下，高效且有效地生成触发器。FreqBack在五个模型和八个数据集上展现出卓越的性能，攻击成功率超过90%，同时在干净数据上模型准确率下降不到3%。