This work studies the threats of adversarial attack on multivariate probabilistic forecasting models and viable defense mechanisms. Our studies discover a new attack pattern that negatively impact the forecasting of a target time series via making strategic, sparse (imperceptible) modifications to the past observations of a small number of other time series. To mitigate the impact of such attack, we have developed two defense strategies. First, we extend a previously developed randomized smoothing technique in classification to multivariate forecasting scenarios. Second, we develop an adversarial training algorithm that learns to create adversarial examples and at the same time optimizes the forecasting model to improve its robustness against such adversarial simulation. Extensive experiments on real-world datasets confirm that our attack schemes are powerful and our defense algorithms are more effective compared with baseline defense mechanisms.

翻译：本文研究了对抗攻击对多元概率预测模型的威胁及可行的防御机制。我们的研究发现了一种新的攻击模式，该模式通过对少量其他时间序列的过去观测值进行战略性、稀疏（不可察觉）的修改，进而对目标时间序列的预测产生负面影响。为减轻此类攻击的影响，我们提出了两种防御策略。首先，我们将先前在分类任务中开发的随机平滑技术扩展至多元预测场景。其次，我们设计了一种对抗训练算法，该算法在学习生成对抗示例的同时优化预测模型，以提升其对这类对抗模拟的鲁棒性。在真实数据集上的大量实验证实，我们的攻击方案具有强大效力，且与基准防御机制相比，我们的防御算法更为有效。