TSadv: Black-box adversarial attack on time series with local perturbations

Deep neural networks (DNNs) for time series classification have potential security concerns due to their vulnerability to adversarial attacks. Previous work that perturbs time series globally requires gradient information to generate adversarial examples, leading to being perceived easily. In this paper, we propose a gradient-free black-box method called TSadv to attack DNNs with local perturbations. First, we formalize the attack as a constrained optimization problem solved by a differential evolution algorithm without any inner information of the target model. Second, with the assumption that time series shapelets provide more discriminative information between different classes, the range of perturbations is designed based on their intervals. Experimental results show that our method can effectively attack DNNs on time series datasets that have potential security concerns and generate imperceptible adversarial samples flexibly. Besides, our approach decreases the mean squared error by approximately two orders of magnitude compared with the state-of-the-art method while retaining competitive attacking success rates.