Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
169 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Breaking Boundaries: Balancing Performance and Robustness in Deep Wireless Traffic Forecasting (2311.09790v3)

Published 16 Nov 2023 in cs.LG, cs.AI, and cs.CR

Abstract: Balancing the trade-off between accuracy and robustness is a long-standing challenge in time series forecasting. While most of existing robust algorithms have achieved certain suboptimal performance on clean data, sustaining the same performance level in the presence of data perturbations remains extremely hard. In this paper, we study a wide array of perturbation scenarios and propose novel defense mechanisms against adversarial attacks using real-world telecom data. We compare our strategy against two existing adversarial training algorithms under a range of maximal allowed perturbations, defined using $\ell_{\infty}$-norm, $\in [0.1,0.4]$. Our findings reveal that our hybrid strategy, which is composed of a classifier to detect adversarial examples, a denoiser to eliminate noise from the perturbed data samples, and a standard forecaster, achieves the best performance on both clean and perturbed data. Our optimal model can retain up to $92.02\%$ the performance of the original forecasting model in terms of Mean Squared Error (MSE) on clean data, while being more robust than the standard adversarially trained models on perturbed data. Its MSE is 2.71$\times$ and 2.51$\times$ lower than those of comparing methods on normal and perturbed data, respectively. In addition, the components of our models can be trained in parallel, resulting in better computational efficiency. Our results indicate that we can optimally balance the trade-off between the performance and robustness of forecasting models by improving the classifier and denoiser, even in the presence of sophisticated and destructive poisoning attacks.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (72)
  1. Sheila Alemany and Niki Pissinou. 2022. The Dilemma Between Data Transformations and Adversarial Robustness for Time Series Application Systems. In Proceedings of the Workshop on Artificial Intelligence Safety 2022 (SafeAI 2022) co-located with the Thirty-Sixth AAAI Conference on Artificial Intelligence (AAAI2022), Virtual, February, 2022 (CEUR Workshop Proceedings), Gabriel Pedroza, José Hernández-Orallo, Xin Cynthia Chen, Xiaowei Huang, Huáscar Espinoza, Mauricio Castillo-Effen, John A. McDermid, Richard Mallah, and Seán Ó hÉigeartaigh (Eds.), Vol. 3087. CEUR-WS.org, Virtual Conference, 1–8.
  2. Youness Arjoune and Saleh Faruque. 2020. Artificial Intelligence for 5G Wireless Systems: Opportunities, Challenges, and Future Research Direction. In 2020 10th Annual Computing and Communication Workshop and Conference (CCWC). IEEE, Las Vegas, NV, USA, 1023–1028. https://doi.org/10.1109/CCWC47524.2020.9031117
  3. An empirical evaluation of generic convolutional and recurrent networks for sequence modeling. arXiv preprint arXiv:1803.01271 (2018).
  4. A multi-source dataset of urban life in the city of Milan and the Province of Trentino. Scientific Data 2, 1 (Oct. 2015), 150055.
  5. Can machine learning be secure? Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security (2006), 16–25.
  6. Security evaluation of pattern classifiers under attack. IEEE Transactions on Knowledge and Data Engineering 26, 4 (2014), 984–996.
  7. Poisoning Attacks against Support Vector Machines. arXiv:1206.6389 [cs.LG]
  8. Conditional time series forecasting with convolutional neural networks. arXiv preprint arXiv:1703.04691 (2017).
  9. Integration of Cloud computing and Internet of Things: A survey. Future Generation Computer Systems 56 (2016), 684–700. https://doi.org/10.1016/j.future.2015.09.021
  10. George EP Box and Gwilym M Jenkins. 1976. Time series analysis: forecasting and control. Holden-Day San Francisco.
  11. Evading Adversarial Example Detection Defenses with Orthogonal Projected Gradient Descent. ArXiv abs/2106.15023 (2021).
  12. C. Yang C. Yao and I. Chih-Lin. 2017. Data-Driven Resource Allocation with Traffic Load Prediction. Journal of Communications and Information Networks 2, 1 (2017), 52–65. https://doi.org/10.1007/s41650-017-0005-y
  13. Nicholas Carlini and David Wagner. 2017. MagNet and ”Efficient Defenses Against Adversarial Attacks” are Not Robust to Adversarial Examples. arXiv:1711.08478 [cs.LG]
  14. Defensive Distillation-Based Adversarial Attack Mitigation Method for Channel Estimation Using Deep Learning Models in Next-Generation Wireless Networks. IEEE Access (2022). https://doi.org/10.1109/access.2022.3206385
  15. Chris Chatfield. 2003. The analysis of time series: an introduction. CRC Press.
  16. Zoo: Zeroth order optimization based black-box attacks to deep neural networks without training substitute models. In Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security. 15–26.
  17. Targeted Backdoor Attacks on Deep Learning Systems Using Data Poisoning. arXiv:1712.05526 [cs.CR]
  18. Learning phrase representations using RNN encoder-decoder for statistical machine translation. arXiv preprint arXiv:1406.1078 (2014).
  19. Doctor AI: Predicting clinical events via recurrent neural networks. In Machine Learning for Healthcare Conference. PMLR, 301–318.
  20. STL: A seasonal-trend decomposition procedure based on loess. Journal of Official Statistics 6, 1 (1990), 3–73.
  21. Machine Learning-Based Resource Allocation Strategy for Network Slicing in Vehicular Networks. Wireless Communications and Mobile Computing (2020). https://doi.org/10.1155/2020/8836315
  22. Boosting Adversarial Attacks with Momentum. In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition.
  23. Randomized Smoothing for Stochastic Optimization. SIAM Journal on Optimization 22, 2 (2012), 674–701. https://doi.org/10.1137/110831659
  24. Explaining and Harnessing Adversarial Examples. arXiv:1412.6572 [stat.ML]
  25. Targeted Attacks on Timeseries Forecasting. arXiv:2301.11544 [cs.LG]
  26. Uncovering the Limits of Adversarial Training against Norm-Bounded Adversarial Examples. arXiv:2010.03593 [stat.ML]
  27. Toeplitz Inverse Covariance-Based Clustering of Multivariate Time Series Data. In Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. 215–223.
  28. James D Hamilton. 1994. Time series analysis. Princeton university press.
  29. Sepp Hochreiter and Jürgen Schmidhuber. 1997. Long short-term memory. Neural computation 9, 8 (1997), 1735–1780.
  30. Global energy forecasting competition 2012. International Journal of Forecasting 30, 2 (2014), 357 – 363. https://doi.org/10.1016/j.ijforecast.2013.07.001
  31. Rob J Hyndman and George Athanasopoulos. 2018. Forecasting: principles and practice. OTexts.
  32. Forecasting with exponential smoothing: the state space approach. Springer Science & Business Media.
  33. Robin Jia and Percy Liang. 2017. Adversarial examples for evaluating reading comprehension systems. In Proceedings of the 2017 Conference on Empirical Methods in Natural Language Processing. 2021–2031.
  34. Adversarial Attacks on Time Series. IEEE Transactions on Pattern Analysis and Machine Intelligence 43, 10 (2021), 3309–3320. https://doi.org/10.1109/TPAMI.2020.2986319
  35. Adversarial examples in the physical world. In Workshop on Adversarial Training at the 30th International Conference on Neural Information Processing Systems.
  36. Bo Li and Yevgeniy Vorobeychik. 2015. Data poisoning attacks on factorization-based collaborative filtering. In Advances in Neural Information Processing Systems. 1885–1893.
  37. Temporal fusion transformers for interpretable multi-horizon time series forecasting. arXiv preprint arXiv:1912.09363 (2020).
  38. Practical Adversarial Attacks on Spatiotemporal Traffic Forecasting Models. arXiv:2210.02447 [cs.LG]
  39. Robust Multivariate Time-Series Forecasting: Adversarial Attacks and Defense Mechanisms. ICLR (2023). https://arxiv.org/abs/2207.09572v1
  40. Trojaning attack on neural networks. arXiv preprint arXiv:1802.03043 (2017).
  41. Towards deep learning models resistant to adversarial attacks. In International Conference on Learning Representations.
  42. Shike Mei and Xiaojin Zhu. 2015. Using machine teaching to identify optimal training-set attacks on machine learners. In Twenty-Ninth AAAI Conference on Artificial Intelligence.
  43. Logit Pairing Methods Can Fool Gradient-Based Attacks. arXiv preprint arXiv:1810.12042 (2018).
  44. Manfred Mudelsee. 2019. Trend analysis of climate time series: A review of methods. Earth-Science Reviews 190 (2019), 310–322. https://doi.org/10.1016/j.earscirev.2018.12.005
  45. DeepAnT: A Deep Learning Approach for Unsupervised Anomaly Detection in Time Series. IEEE Access 7 (2019), 1991–2005. https://doi.org/10.1109/ACCESS.2018.2886457
  46. Roi Naveiro. 2021. Adversarial attacks against Bayesian forecasting dynamic models. arXiv preprint arXiv:2110.10783 (2021).
  47. Transferability in machine learning: from phenomena to black-box attacks using adversarial samples. arXiv preprint arXiv:1605.07277 (2015).
  48. Practical black-box attacks against machine learning. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security. 506–519.
  49. The Limitations of Deep Learning in Adversarial Settings. arXiv:1511.07528 [cs.CR]
  50. Deep state space models for time series forecasting. Advances in Neural Information Processing Systems 31 (2018).
  51. ANTIDOTE: Understanding and Defending against Poisoning of Anomaly Detectors. In Proceedings of the 9th ACM SIGCOMM Conference on Internet Measurement (Chicago, Illinois, USA) (IMC ’09). Association for Computing Machinery, New York, NY, USA, 1–14. https://doi.org/10.1145/1644893.1644895
  52. J. J. Lehtomäki S. P. Sone and Z. Khan. 2020. Wireless Traffic Usage Forecasting Using Real Enterprise Network Data: Analysis and Methods. IEEE Open Journal of the Communications Society 1 (2020), 777–797. https://ieeexplore.ieee.org/document/9108216
  53. DeepAR: Probabilistic forecasting with autoregressive recurrent networks. International Journal of Forecasting 36, 3 (2020), 1181–1191.
  54. Addressing Adversarial Machine Learning Attacks in Smart Healthcare Perspectives. CoRR abs/2112.08862 (2021). arXiv:2112.08862
  55. Label Smoothing and Logit Squeezing: A Replacement for Adversarial Training? arXiv preprint arXiv:1910.11585 (2019).
  56. Robert H Shumway and David S Stoffer. 2017. Time series analysis and its applications: with R examples. Springer.
  57. Certified defenses for data poisoning attacks. In Advances in Neural Information Processing Systems. 3517–3529.
  58. Intriguing properties of neural networks. arXiv:1312.6199 [cs.CV]
  59. M.J. Teixeira and V.S. Timóteo. 2021. A Predictive Resource Allocation for Wireless Communications Systems. SN COMPUT. SCI (2021). https://doi.org/10.1007/s42979-021-00854-8
  60. Florian Tramer. 2022. Detecting Adversarial Examples Is (Nearly) As Hard As Classifying Them. In Proceedings of the 39th International Conference on Machine Learning (Proceedings of Machine Learning Research), Vol. 162. PMLR, 21692–21702. https://proceedings.mlr.press/v162/tramer22a.html
  61. Attention is All you Need. In Advances in Neural Information Processing Systems, I. Guyon, U. Von Luxburg, S. Bengio, H. Wallach, R. Fergus, S. Vishwanathan, and R. Garnett (Eds.), Vol. 30. Curran Associates, Inc.
  62. Deep factors for forecasting. arXiv preprint arXiv:1905.12417 (2019).
  63. Shixian Wen and Laurent Itti. 2019. Adversarial Training: embedding adversarial perturbations into the parameter space of a neural network to build a robust system. arXiv preprint arXiv:1910.04279 (2019).
  64. H. Gao X. Xing, Y. Lin and Y. Lu. 2021. Wireless Traffic Prediction with Series Fluctuation Pattern Clustering. IEEE International Conference on Communications Workshops (ICC Workshops) (2021), 1–6. https://doi.org/10.1109/ICCWorkshops50388.2021.9473514
  65. Is feature selection secure against training data poisoning?. In International Conference on Machine Learning. 1689–1698.
  66. Feature Denoising for Improving Adversarial Robustness. arXiv:1812.03411 [cs.CV]
  67. ASP:A Fast Adversarial Attack Example Generation Framework based on Adversarial Saliency Prediction. arXiv preprint arXiv:1802.05763 (2018).
  68. Deep learning in mobile and wireless networking: A survey. IEEE Communications Surveys & Tutorials 21, 3 (2019), 2224–2287.
  69. Theoretically Principled Trade-off between Robustness and Accuracy. arXiv:1901.08573 [cs.LG]
  70. Attacks Which Do Not Kill Training Make Adversarial Learning Stronger. ArXiv abs/2002.11242 (2020).
  71. Tianhang Zheng and Baochun Li. 2022. Poisoning Attacks on Deep Learning based Wireless Traffic Prediction. In IEEE INFOCOM 2022 - IEEE Conference on Computer Communications. IEEE, London, United Kingdom, 660–669. https://doi.org/10.1109/INFOCOM48880.2022.9796791
  72. Xiaojin Zhu. 2018. An Optimal Control View of Adversarial Machine Learning. arXiv preprint arXiv:1811.04422 (2018).

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now