Transformer - based models have made significant progress in time series forecasting. However, a key limitation of deep learning models is their susceptibility to adversarial attacks, which has not been studied enough in the context of time series prediction . In contrast to areas such as computer vision, where adversarial robustness has been extensively studied, frequency domain features of time series data play an important role in the prediction task but have not been sufficiently explored in terms of adver sarial attacks. This paper proposes a time series prediction attack algorithm based on frequency domain loss. Specifically, we adapt an attack method originally designed for classification tasks to the prediction field and optimize the adversarial samples using both time - domain and frequency - domain losses. To the best of our knowledge, there is no relevant research on using frequency information for time - series adversarial attacks. Our experimental results show that these current time series prediction mode ls are vulnerable to adversarial attacks, and our approach achieves excellent performance on major time series forecasting datasets.

Previous work has shown that Large Language Models are susceptible to so-called data extraction attacks. This allows an attacker to extract a sample that was contained in the training data, which has massive privacy implications. The construction of data extraction attacks is challenging, current attacks are quite inefficient, and there exists a significant gap in the extraction capabilities of untargeted attacks and memorization. Thus, targeted attacks are proposed, which identify if a given sample from the training data, is extractable from a model. In this work, we apply a targeted data extraction attack to the SATML2023 Language Model Training Data Extraction Challenge. We apply a two-step approach. In the first step, we maximise the recall of the model and are able to extract the suffix for 69% of the samples. In the second step, we use a classifier-based Membership Inference Attack on the generations. Our AutoSklearn classifier achieves a precision of 0.841. The full approach reaches a score of 0.405 recall at a 10% false positive rate, which is an improvement of 34% over the baseline of 0.301.

We investigate the problem of identifying adversarial attacks on image-based neural networks. We present intriguing experimental results showing significant discrepancies between the explanations generated for the predictions of a model on clean and adversarial data. Utilizing this intuition, we propose a framework which can identify whether a given input is adversarial based on the explanations given by the model. Code for our experiments can be found here: https://github.com/seansaito/

Given the proliferation of high-profile attacks in 2019, the security outlook for next year--and the next decade--is filled with potential pitfalls, as challenges persist in maintaining the security profile in enterprises, particularly as security operations teams are spread thinner as attack surfaces widen. SEE: Special report: The cloud v. data center decision (free PDF) (TechRepublic) McAfee CTO Steve Grobman and Director of Engineering Liz Maida--who joined the company through their acquisition of Uplevel Security, a firm that applied graph theory and machine learning to security data--spoke to TechRepublic about the security forecast for 2020. In contrast to spray-and-pray attacks, relying on port scanning to uncover low-hanging vulnerabilities, an increase in attacks targeting specific industries are anticipated to continue their rise in popularity. "We've seen a good number of ransomware campaigns where the adversaries have done reconnaissance to really understand the critical assets [and] the defenses, and then tailor the attack in order to get into that environment, to demand a higher payment from the victim," Grobman said. "That really requires a much more sophisticated level of defense for the defenders. The other point that I'd make is...we see the evolution of attacks from just focusing on traditional compute environments, to also focusing on cloud environments. Given that many organizations are shifting key components of their operations into the cloud, it would be natural that adversaries are looking for ways to not only target traditional environments, but also cloud assets," Grobman said.

We study the stability vis a vis adversarial noise of matrix factorization algorithm for matrix completion. In particular, our results include: (I) we bound the gap between the solution matrix of the factorization method and the ground truth in terms of root mean square error; (II) we treat the matrix factorization as a subspace fitting problem and analyze the difference between the solution subspace and the ground truth; (III) we analyze the prediction error of individual users based on the subspace stability. We apply these results to the problem of collaborative filtering under manipulator attack, which leads to useful insights and guidelines for collaborative filtering system design.