Optimal Adversarial Attack on Autoregressive Models
share
We investigate optimal adversarial attacks against time series forecast made by autoregressive models. In our setting, the environment evolves according to a potentially nonlinear dynamical system. A linear autoregressive model observes the current environment state and predicts its future values. But an adversary can modify the environment state and hence indirectly manipulate the autoregressive model forecasts. The adversary wants to drive the forecasts towards some adversarial targets while minimizing environment modification. We pose this attack problem as optimal control. When the environment dynamics is linear, we provide a closed-form solution to the optimal attack using Linear Quadratic Regulator (LQR). Otherwise, we propose an approximate attack based on Model Predictive Control (MPC) and iterative LQR (iLQR). Our paper thus connects adversarial learning with control theory. We demonstrate the advantage of our methods empirically.
READ FULL TEXT