时间序列分类模型的集成对抗训练防御方法

Deep learning is one of the primary approaches to solve the time series classification (TSC) problems. However, TSC models based on deep learning are susceptible to adversarial attacks, leading to a significant decrease in model classification accuracy. This paper investigates the issue of defense against adversarial attacks for TSC models and designs an ensemble adversarial training (AT) defense method. Firstly, this paper designs an ensemble adversarial training defense framework for TSC models. It generates adversarial examples using various TSC models and attack methods, which are then used to train the target model. Secondly, in the process of generating adversarial examples, a local perturbation algorithm based on Shapelets is designed, and combined with the fast gradient sign method (FGSM) based on momentum iteration to achieve effective white-box attacks. Simultaneously, the adversarial attacks against surrogate models are designed using knowledge distillation (KD) and Wasserstein generative adversarial network (WGAN), achieving effective attacks when the attacker has no knowledge of the target model. Then, Kullback-Leibler (KL) divergence is incorporated into the adversarial training loss function to further enhance model robustness. Finally, the effectiveness of the proposed approach is validated on the multivariate time series classification dataset from the UEA archive.