BACKTIME: Backdoor Attacks on Multivariate Time Series Forecasting

Xiao Lin; Zhining Liu; Dongqi Fu; Ruizhong Qiu; Hanghang Tong

BACKTIME: Backdoor Attacks on Multivariate Time Series Forecasting

Xiao Lin, Zhining Liu, Dongqi Fu, Ruizhong Qiu, Hanghang Tong

Research output: Contribution to journal › Conference article › peer-review

Abstract

Multivariate Time Series (MTS) forecasting is a fundamental task with numerous real-world applications, such as transportation, climate, and epidemiology. While a myriad of powerful deep learning models have been developed for this task, few works have explored the robustness of MTS forecasting models to malicious attacks, which is crucial for their trustworthy employment in high-stake scenarios. To address this gap, we dive deep into the backdoor attacks on MTS forecasting models and propose an effective attack method named BACKTIME. By subtly injecting a few stealthy triggers into the MTS data, BACKTIME can alter the predictions of the forecasting model according to the attacker's intent. Specifically, BACKTIME first identifies vulnerable timestamps in the data for poisoning, and then adaptively synthesizes stealthy and effective triggers by solving a bi-level optimization problem with a GNN-based trigger generator. Extensive experiments across multiple datasets and state-of-the-art MTS forecasting models demonstrate the effectiveness, versatility, and stealthiness of BACKTIME attacks. The code is available at https://github.com/xiaolin-cs/BackTime.

Original language	English (US)
Journal	Advances in Neural Information Processing Systems
Volume	37
State	Published - 2024
Event	38th Conference on Neural Information Processing Systems, NeurIPS 2024 - Vancouver, Canada Duration: Dec 9 2024 → Dec 15 2024

ASJC Scopus subject areas

Computer Networks and Communications
Information Systems
Signal Processing

Library availability

Discover UIUC Full Text

Cite this

@article{f359b6b4932444a3bc910d264061c50e,

title = "BACKTIME: Backdoor Attacks on Multivariate Time Series Forecasting",

abstract = "Multivariate Time Series (MTS) forecasting is a fundamental task with numerous real-world applications, such as transportation, climate, and epidemiology. While a myriad of powerful deep learning models have been developed for this task, few works have explored the robustness of MTS forecasting models to malicious attacks, which is crucial for their trustworthy employment in high-stake scenarios. To address this gap, we dive deep into the backdoor attacks on MTS forecasting models and propose an effective attack method named BACKTIME. By subtly injecting a few stealthy triggers into the MTS data, BACKTIME can alter the predictions of the forecasting model according to the attacker's intent. Specifically, BACKTIME first identifies vulnerable timestamps in the data for poisoning, and then adaptively synthesizes stealthy and effective triggers by solving a bi-level optimization problem with a GNN-based trigger generator. Extensive experiments across multiple datasets and state-of-the-art MTS forecasting models demonstrate the effectiveness, versatility, and stealthiness of BACKTIME attacks. The code is available at https://github.com/xiaolin-cs/BackTime.",

author = "Xiao Lin and Zhining Liu and Dongqi Fu and Ruizhong Qiu and Hanghang Tong",

note = "This work is supported by NSF (2416070), NIFA (2020-67021-32799), and IBM-Illinois Discovery Accelerator Institute. The content of the information in this document does not necessarily reflect the position or the policy of the Government, and no official endorsement should be inferred. The U.S. Government is authorized to reproduce and distribute reprints for Government purposes notwithstanding any copyright notation here on.; 38th Conference on Neural Information Processing Systems, NeurIPS 2024 ; Conference date: 09-12-2024 Through 15-12-2024",

year = "2024",

language = "English (US)",

volume = "37",

journal = "Advances in Neural Information Processing Systems",

issn = "1049-5258",

publisher = "Neural information processing systems foundation",

}

TY - JOUR

T1 - BACKTIME

T2 - 38th Conference on Neural Information Processing Systems, NeurIPS 2024

AU - Lin, Xiao

AU - Liu, Zhining

AU - Fu, Dongqi

AU - Qiu, Ruizhong

AU - Tong, Hanghang

N1 - This work is supported by NSF (2416070), NIFA (2020-67021-32799), and IBM-Illinois Discovery Accelerator Institute. The content of the information in this document does not necessarily reflect the position or the policy of the Government, and no official endorsement should be inferred. The U.S. Government is authorized to reproduce and distribute reprints for Government purposes notwithstanding any copyright notation here on.

PY - 2024

Y1 - 2024

N2 - Multivariate Time Series (MTS) forecasting is a fundamental task with numerous real-world applications, such as transportation, climate, and epidemiology. While a myriad of powerful deep learning models have been developed for this task, few works have explored the robustness of MTS forecasting models to malicious attacks, which is crucial for their trustworthy employment in high-stake scenarios. To address this gap, we dive deep into the backdoor attacks on MTS forecasting models and propose an effective attack method named BACKTIME. By subtly injecting a few stealthy triggers into the MTS data, BACKTIME can alter the predictions of the forecasting model according to the attacker's intent. Specifically, BACKTIME first identifies vulnerable timestamps in the data for poisoning, and then adaptively synthesizes stealthy and effective triggers by solving a bi-level optimization problem with a GNN-based trigger generator. Extensive experiments across multiple datasets and state-of-the-art MTS forecasting models demonstrate the effectiveness, versatility, and stealthiness of BACKTIME attacks. The code is available at https://github.com/xiaolin-cs/BackTime.

AB - Multivariate Time Series (MTS) forecasting is a fundamental task with numerous real-world applications, such as transportation, climate, and epidemiology. While a myriad of powerful deep learning models have been developed for this task, few works have explored the robustness of MTS forecasting models to malicious attacks, which is crucial for their trustworthy employment in high-stake scenarios. To address this gap, we dive deep into the backdoor attacks on MTS forecasting models and propose an effective attack method named BACKTIME. By subtly injecting a few stealthy triggers into the MTS data, BACKTIME can alter the predictions of the forecasting model according to the attacker's intent. Specifically, BACKTIME first identifies vulnerable timestamps in the data for poisoning, and then adaptively synthesizes stealthy and effective triggers by solving a bi-level optimization problem with a GNN-based trigger generator. Extensive experiments across multiple datasets and state-of-the-art MTS forecasting models demonstrate the effectiveness, versatility, and stealthiness of BACKTIME attacks. The code is available at https://github.com/xiaolin-cs/BackTime.

UR - http://www.scopus.com/inward/record.url?scp=105000473172&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=105000473172&partnerID=8YFLogxK

M3 - Conference article

AN - SCOPUS:105000473172

SN - 1049-5258

VL - 37

JO - Advances in Neural Information Processing Systems

JF - Advances in Neural Information Processing Systems

Y2 - 9 December 2024 through 15 December 2024

ER -

BACKTIME: Backdoor Attacks on Multivariate Time Series Forecasting

Abstract

ASJC Scopus subject areas

Library availability

Related links

Fingerprint

Cite this