English

TrojanTime: Backdoor Attacks on Time Series Classification

Cryptography and Security 2025-02-04 v1 Artificial Intelligence Machine Learning

Abstract

Time Series Classification (TSC) is highly vulnerable to backdoor attacks, posing significant security threats. Existing methods primarily focus on data poisoning during the training phase, designing sophisticated triggers to improve stealthiness and attack success rate (ASR). However, in practical scenarios, attackers often face restrictions in accessing training data. Moreover, it is a challenge for the model to maintain generalization ability on clean test data while remaining vulnerable to poisoned inputs when data is inaccessible. To address these challenges, we propose TrojanTime, a novel two-step training algorithm. In the first stage, we generate a pseudo-dataset using an external arbitrary dataset through target adversarial attacks. The clean model is then continually trained on this pseudo-dataset and its poisoned version. To ensure generalization ability, the second stage employs a carefully designed training strategy, combining logits alignment and batch norm freezing. We evaluate TrojanTime using five types of triggers across four TSC architectures in UCR benchmark datasets from diverse domains. The results demonstrate the effectiveness of TrojanTime in executing backdoor attacks while maintaining clean accuracy. Finally, to mitigate this threat, we propose a defensive unlearning strategy that effectively reduces the ASR while preserving clean accuracy.

Keywords

Cite

@article{arxiv.2502.00646,
  title  = {TrojanTime: Backdoor Attacks on Time Series Classification},
  author = {Chang Dong and Zechao Sun and Guangdong Bai and Shuying Piao and Weitong Chen and Wei Emma Zhang},
  journal= {arXiv preprint arXiv:2502.00646},
  year   = {2025}
}

Comments

13 pages, 3 figures, 3 tables

R2 v1 2026-06-28T21:29:18.961Z