Skip to content

usail-hkust/Adv-ST

Repository files navigation

Practical Adversarial Attacks on Spatiotemporal Traffic Forecasting Models

Machine learning based traffic forecasting models leverage sophisticated spatiotemporal auto-correlations to provide accurate predictions of city-wide traffic states. However, existing methods assume a reliable and unbiased forecasting environment, which is not always available in the wild. In this work, we investigate the vulnerability of spatiotemporal traffic forecasting models and propose a practical adversarial spatiotemporal attack framework. Specifically, instead of simultaneously attacking all geo-distributed data sources, an iterative gradient-guided node saliency method is proposed to identify the time-dependent set of victim nodes. Furthermore, we devise a spatiotemporal gradient descent based scheme to generate real-valued adversarial traffic states under a perturbation constraint. Meanwhile, we theoretically demonstrate the worst performance bound of adversarial traffic forecasting attacks. Extensive experiments on two real-world datasets show that the proposed two-step framework achieves up to 67.8% performance degradation on various advanced spatiotemporal forecasting models. Remarkably, we also show that adversarial training with our proposed attacks can significantly improve the robustness of spatiotemporal traffic forecasting models.

This repository includes:

  • Code for the ASTFA in our study.
  • Code and other baselines for our method.

A pytorch implementation for the paper:

Practical Adversarial Attacks on Spatiotemporal Traffic Forecasting Models in NeurIPS 2022

Environment

Datasets

We use the METR-LA and PeMS-Bay datasets (link).

Usage

Adversarial spatiotemporal traffic forecasting attack framework and Baseline

To train and evaluate a baseline model, run the following commands:

# white-box attack  METR-LA
python train.py configs/METRLA/METRLA-train0.7-val0.1-test0.2-in12out12-0.1nodes-gwnet-standard.yaml
python test.py configs/METRLA/METRLA-train0.7-val0.1-test0.2-in12out12-0.1nodes-gwnet-standard.yaml -a ALL

# white-box attack  PeMS-Bay
python train.py configs/PeMS/PeMS-train0.7-val0.1-test0.2-in12out12-0.1nodes-gwnet-standard.yaml
python test.py configs/PeMS/PeMS-train0.7-val0.1-test0.2-in12out12-0.1nodes-gwnet-standard.yaml -a ALL

# Grey-box attack  METR-LA
python grey_rain.py configs/SemiMETRLA/SemiMETRLA-train0.7-val0.1-test0.2-in12out12-0.1nodes-stawnet-standard.yaml
python grey_test.py configs/SemiMETRLA/SemiMETRLA-train0.7-val0.1-test0.2-in12out12-0.1nodes-stawnet-standard.yaml -a grey-attack

# Grey-box attack PeMS-Bay
python grey_train.py configs/SemiPeMS/PeMS-train0.7-val0.1-test0.2-in12out12-0.1nodes-gwnet-standard.yaml
python grey_test.py configs/SemiPeMS/PeMS-train0.7-val0.1-test0.2-in12out12-0.1nodes-gwnet-standard.yaml -a grey-attack

# Black-box attack  METR-LA
python grey_test.py configs/BlackMETRLA/SemiMETRLA-train0.7-val0.1-test0.2-in12out12-0.1nodes-stawnet-standard.yaml -a black-attack

# Black-box attack PeMS-Bay
python grey_test.py configs/BlackPeMS/BlackMETRLA-train0.7-val0.1-test0.2-numsteps12-0.1nodes-source_stawnet-target_astgcn.yaml -a black-attack

Here -a ALL ,-a grey-attack, and -a black-attack denote that we evaluate attacks including STPGD-TNDS, STMIM-TNDS, PGD-Random, PGD-PR, PGD-Centrality, PGD-Degree, MIM-Random, MIM-PR, MIM-Centrality, MIM-Degree .

Environment

conda env create -f pytorch.yaml

License and Citation

If you find our code or paper useful, please cite our paper:

@inproceedings{fliupractical2022,
 author = {LIU, Fan and Liu, Hao and Jiang, Wenzhao},
 booktitle = {Advances in Neural Information Processing Systems},
 editor = {S. Koyejo and S. Mohamed and A. Agarwal and D. Belgrave and K. Cho and A. Oh},
 pages = {19035--19047},
 publisher = {Curran Associates, Inc.},
 title = {Practical Adversarial Attacks on Spatiotemporal Traffic Forecasting Models},
 url = {https://proceedings.neurips.cc/paper_files/paper/2022/file/79081c95482707d2db390542614e29cd-Paper-Conference.pdf},
 volume = {35},
 year = {2022}
}

Acknowledgement

We thank the authors for the following repositories for code reference: Adversarial Long-Tail, etc.

Contact

Please contact @fan for questions, comments and reporting bugs.

About

No description, website, or topics provided.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages