pith. sign in

arxiv: 2605.22365 · v1 · pith:2AKSLYF4new · submitted 2026-05-21 · 💻 cs.CR · cs.AI· cs.LG

TimeGuard: Channel-wise Pool Training for Backdoor Defense in Time Series Forecasting

Quang Duc Nguyen , Siyuan Liang , Yiming Li , Fushuo Huo , Dacheng Tao This is my paper

Pith reviewed 2026-05-22 05:24 UTC · model grok-4.3

classification 💻 cs.CR cs.AIcs.LG
keywords time series forecastingbackdoor defensechannel-wise pool trainingsignal dilutiontraining loss degenerationrobustnesstraining-time defense
0
0 comments X

The pith

TimeGuard defends time series forecasting models against backdoors using channel-wise pool training that counters signal dilution and loss degeneration.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper evaluates thirteen existing backdoor defenses on time series forecasting tasks and finds they fail because data entanglement dilutes backdoor signals across channels and because the forecasting task makes clean and poisoned training losses hard to distinguish. It proposes TimeGuard as a training-time defense that builds and expands a reliable data pool separately for each channel. The pool starts with time-aware criteria to pick high-confidence samples and grows using distance-regularized loss selection to keep poisoned and clean examples separable. If the method works, forecasting models would resist hidden triggers while losing little accuracy on normal inputs. Readers would care because time series forecasts guide decisions in energy, finance, and weather where undetected backdoors could cause real harm.

Core claim

Existing defenses fail in time series forecasting due to channel-level signal dilution from data entanglement and training-loss degeneration from task-formulation shift. TimeGuard addresses both problems by adopting channel-wise pool training as the core paradigm, initializing a high-confidence pool using time-aware criteria to mitigate signal dilution, and introducing distance-regularized loss selection to progressively expand the reliable pool during training and ease loss degeneration, thereby substantially improving robustness.

What carries the argument

Channel-wise pool training, which maintains and selects training pools independently per input channel, initialized by time-aware criteria and expanded via distance-regularized loss selection to prevent dilution of backdoor signals.

If this is right

  • Raises robustness by increasing MAE on poisoned data 1.96 times relative to the leading baseline.
  • Keeps clean-data MAE within 5 percent of undefended models.
  • Remains effective across multiple datasets, forecasting architectures, and backdoor attack types.
  • Operates entirely at training time without changes to model inference.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The same channel-wise separation idea might help defend other sequential models where inputs from different sources become entangled during training.
  • Testing the time-aware initialization step in isolation could reveal whether it alone accounts for most of the gain or whether the loss-regularization term is also required.
  • If the pool-expansion rule generalizes, it could be adapted to online or continual forecasting settings where new data arrives over time.

Load-bearing premise

The approach assumes that time-aware pool initialization plus distance-regularized loss selection will reliably separate clean and poisoned windows across varied forecasting architectures and attacks without major training instability or clean-performance loss.

What would settle it

An experiment on a new forecasting architecture and backdoor attack in which MAE on poisoned data improves by less than 1.5 times over the baseline or clean MAE rises by more than 10 percent would falsify the central claim.

Figures

Figures reproduced from arXiv: 2605.22365 by Dacheng Tao, Fushuo Huo, Quang Duc Nguyen, Siyuan Liang, Yiming Li.

Figure 1
Figure 1. Figure 1: A backdoor is injected into selected channels during training and activated at inference to manipulate TSF predictions. ning, and economic analysis. However, recent studies have shown that TSF models are also susceptible to backdoor attacks (Liang et al., 2024b; Liu et al., 2025a; Liang et al., 2025), where an attacker implants hidden trigger patterns into the data during the training phase such that the m… view at source ↗
Figure 2
Figure 2. Figure 2: Neighborhood distance distributions of poisoned and clean samples, averaged over clean and poisoned channels, on Weather (Wu et al., 2021) under BackTime (Lin et al., 2024). The neighborhood distance is defined in Section 4. 1 5 9 13 17 20 Epoch 0.0 0.2 0.4 Loss Forecasting Model Poisoned Samples Clean Samples 1 5 9 13 17 20 Epoch 0.0 0.2 0.4 Loss Backcasting Model Poisoned Samples Clean Samples [PITH_FUL… view at source ↗
Figure 4
Figure 4. Figure 4: Overview of TIMEGUARD. Stage I forms the reliable pool Drel by intersecting the subsets selected by Reverse-Consistency Filter￾ing (RCF) and Neighborhood Diversity Filtering (NDF). Stage II trains fθ while progressively updating Drel via Distance-Regularized Loss Selection (DRLS) to prevent re-admitting correlated poisoned windows. All pools and filtering criteria operate in a channel-wise manner. Pipeline… view at source ↗
Figure 5
Figure 5. Figure 5: Hyperparameter analysis of pool size parameters α and β in TIMEGUARD on the PEMS03 dataset under BackTime attack. After T1 epochs of training on the initial reliable pool, TIME￾GUARD trains fθ for a further T2 epochs while progressively updating Drel ← DDRLS via Equation 10; the pool expansion ratio γ starts from α and is capped at β of the full dataset. 5. Experiments We follow the datasets, attacks, and … view at source ↗
Figure 7
Figure 7. Figure 7: Attack pattern shapes evaluated in this paper, covering diverse temporal trends as in BackTime (Lin et al., 2024). 3https://github.com/MAZiqing/FEDformer 4https://github.com/thuml/TimesNet 5https://github.com/vsingh-group/SimpleTM 24 [PITH_FULL_IMAGE:figures/full_fig_p024_7.png] view at source ↗
Figure 8
Figure 8. Figure 8: Defense performance of TIMEGUARD (MAEP and MAEC) under varying temporal and spatial poisoning rates of the BackTime attack on the PEMS03 dataset with the FEDformer model. 1 2 3 4 Temporal poisoning rate T (%) 10 15 20 25 30 35 40 M A E P ( ) TimeGuard Undefended 10 20 30 40 Spatial poisoning rate S (%) 10 15 20 25 30 35 40 M A E P ( ) TimeGuard Undefended 1 2 3 4 Temporal poisoning rate T (%) 16.8 17.0 17.… view at source ↗
Figure 9
Figure 9. Figure 9: Defense performance of TIMEGUARD (MAEP and MAEC) under varying temporal and spatial poisoning rates of the BackTime attack on the PEMS03 dataset with the SimpleTM model. 1 2 3 4 Temporal poisoning rate T (%) 22.5 25.0 27.5 30.0 32.5 35.0 37.5 40.0 M A E P ( ) TimeGuard Undefended 10 20 30 40 Spatial poisoning rate S (%) 20.0 22.5 25.0 27.5 30.0 32.5 35.0 37.5 40.0 M A E P ( ) TimeGuard Undefended 1 2 3 4 T… view at source ↗
Figure 10
Figure 10. Figure 10: Defense performance of TIMEGUARD (MAEP and MAEC) under varying temporal and spatial poisoning rates of the BackTime attack on the PEMS03 dataset with the TimesNet model. Generalization to the extreme case of full-channel poisoning. Our motivation is strongest under partial-channel poisoning, which is the common setting in existing multivariate TSF backdoor attacks; as the channel poisoning ratio increases… view at source ↗
Figure 11
Figure 11. Figure 11: Defense performance of TIMEGUARD (MAEP, MAEC, and FDER) under different forecasting window length Lout of the BackTime attack on the PEMS03 dataset with the FEDformer model. 12 24 36 48 Forecasting Window Length (Lout) 10 15 20 25 30 35 M A E P ( ) TimeGuard Undefended 12 24 36 48 Forecasting Window Length (Lout) 17.5 20.0 22.5 25.0 27.5 30.0 32.5 M A E C ( ) TimeGuard Undefended 12 24 36 48 Forecasting W… view at source ↗
Figure 12
Figure 12. Figure 12 [PITH_FULL_IMAGE:figures/full_fig_p034_12.png] view at source ↗
Figure 13
Figure 13. Figure 13: Defense performance of TIMEGUARD (MAEP, MAEC, and FDER) under different forecasting window length Lout of the BackTime attack on the PEMS03 dataset with the TimesNet model. 34 [PITH_FULL_IMAGE:figures/full_fig_p034_13.png] view at source ↗
Figure 14
Figure 14. Figure 14: Defense performance of TIMEGUARD (MAEP, MAEC, and FDER) with different initial reliable-pool ratio α and final ratio β under BackTime attack on the PEMS03 dataset with the FEDformer model. 36 [PITH_FULL_IMAGE:figures/full_fig_p036_14.png] view at source ↗
Figure 15
Figure 15. Figure 15: Defense performance of TIMEGUARD (MAEP, MAEC, and FDER) with different initial reliable-pool ratio α and final ratio β under BackTime attack on the PEMS03 dataset with the SimpleTM model. 0.40 0.50 0.60 0.70 0.80 0.10 0.15 0.20 0.25 0.30 20.26 20.17 20.13 20.14 20.02 20.04 20.04 20.10 20.06 20.02 20.10 20.06 20.08 20.05 19.99 20.26 20.25 20.22 20.21 20.17 20.01 20.02 19.97 19.96 19.99 MAEC ( ) 20.0 20.1 2… view at source ↗
Figure 16
Figure 16. Figure 16: Defense performance of TIMEGUARD (MAEP, MAEC, and FDER) with different initial reliable-pool ratio α and final ratio β under BackTime attack on the PEMS03 dataset with the TimesNet model. 37 [PITH_FULL_IMAGE:figures/full_fig_p037_16.png] view at source ↗
Figure 17
Figure 17. Figure 17: Defense performance of TIMEGUARD in terms of FDER with different initialization ratios α under the BackTime attack on the Weather dataset, reported for FEDformer, SimpleTM, TimesNet, and their average. 0.4 0.5 0.6 0.7 0.8 0.65 0.70 0.75 0.80 0.85 0.90 0.95 F D E R ( ) 0.4 0.5 0.6 0.7 0.8 0.875 0.876 0.877 0.878 0.879 F D E R ( ) 0.4 0.5 0.6 0.7 0.8 0.79 0.80 0.81 0.82 0.83 0.84 0.85 0.86 F D E R ( ) 0.4 0… view at source ↗
Figure 18
Figure 18. Figure 18: Defense performance of TIMEGUARD in terms of FDER with different maximum pool ratios β under the BackTime attack on the Weather dataset, reported for FEDformer, SimpleTM, TimesNet, and their average. Influence of K and π. Figures 19 and 20 report the TIMEGUARD defense performance with FEDformer, SimpleTM, and TimesNet on PEMS03 under the BackTime attack while varying the neighborhood size K ∈ {10, 20, 32,… view at source ↗
Figure 19
Figure 19. Figure 19: Defense performance of TIMEGUARD (FDER) with different neighborhood size K under BackTime attack on the PEMS03 dataset with the FEDformer, SimpleTM, and TimesNet, respectively. 1.05 1.15 1.25 1.35 1.50 1.65 0.841 0.842 0.843 0.844 0.845 0.846 0.847 F D E R ( ) 1.05 1.15 1.25 1.35 1.50 1.65 0.855 0.860 0.865 0.870 0.875 F D E R ( ) 1.05 1.15 1.25 1.35 1.50 1.65 0.690 0.695 0.700 0.705 0.710 F D E R ( ) [P… view at source ↗
Figure 20
Figure 20. Figure 20: Defense performance of TIMEGUARD (FDER) with different scaling factor π under BackTime attack on the PEMS03 dataset with the FEDformer, SimpleTM, and TimesNet, respectively. 38 [PITH_FULL_IMAGE:figures/full_fig_p038_20.png] view at source ↗
Figure 21
Figure 21. Figure 21: Defense performance of TIMEGUARD in terms of FDER with different neighborhood sizes K under the BackTime attack on the Weather dataset, reported for FEDformer, SimpleTM, TimesNet, and their average. 1.05 1.15 1.25 1.35 1.50 1.65 0.83 0.84 0.85 0.86 0.87 0.88 0.89 F D E R ( ) 1.05 1.15 1.25 1.35 1.50 1.65 0.865 0.870 0.875 0.880 0.885 F D E R ( ) 1.05 1.15 1.25 1.35 1.50 1.65 0.81 0.82 0.83 0.84 0.85 F D E… view at source ↗
Figure 22
Figure 22. Figure 22: Defense performance of TIMEGUARD in terms of FDER with different scaling factors π under the BackTime attack on the Weather dataset, reported for FEDformer, SimpleTM, TimesNet, and their average. 10 20 32 48 64 K 0.914 0.915 0.916 0.917 0.918 0.919 F D E R ( ) 10 20 32 48 64 K 0.938 0.939 0.940 0.941 0.942 0.943 0.944 0.945 F D E R ( ) 10 20 32 48 64 K 0.743 0.744 0.745 0.746 F D E R ( ) 10 20 32 48 64 K … view at source ↗
Figure 23
Figure 23. Figure 23: Defense performance of TIMEGUARD in terms of FDER with different neighborhood sizes K under the Random attack on the PEMS03 dataset, reported for FEDformer, SimpleTM, TimesNet, and their average. 1.05 1.15 1.25 1.35 1.50 1.65 0.895 0.900 0.905 0.910 0.915 0.920 F D E R ( ) 1.05 1.15 1.25 1.35 1.50 1.65 0.930 0.932 0.934 0.936 0.938 0.940 0.942 0.944 0.946 F D E R ( ) 1.05 1.15 1.25 1.35 1.50 1.65 0.725 0.… view at source ↗
Figure 24
Figure 24. Figure 24: Defense performance of TIMEGUARD in terms of FDER with different scaling factors π under the Random attack on the PEMS03 dataset, reported for FEDformer, SimpleTM, TimesNet, and their average. Influence of Tb. We further study the sensitivity to the number of backcaster training epochs Tb used in the BLS module [PITH_FULL_IMAGE:figures/full_fig_p039_24.png] view at source ↗
Figure 25
Figure 25. Figure 25: Defense performance of TIMEGUARD (FDER) with varying backcaster bϕ training epoch Tb under BackTime attack on the PEMS03 dataset with the FEDformer, SimpleTM, and TimesNet, respectively. Influence of T1 and T2. We study the sensitivity to the stage-wise training budgets T1 (Stage I) and T2 (Stage II) of TIMEGUARD, while fixing the total budget to T1 + T2 = 100 [PITH_FULL_IMAGE:figures/full_fig_p040_25.png] view at source ↗
Figure 26
Figure 26. Figure 26: Defense performance of TIMEGUARD (FDER) with varying training epoch T1 under BackTime attack on the PEMS03 dataset with the FEDformer, SimpleTM, and TimesNet, respectively. G.4. Detailed Efficiency Analysis As shown in [PITH_FULL_IMAGE:figures/full_fig_p040_26.png] view at source ↗
Figure 27
Figure 27. Figure 27: Dynamic illustration of TIMEGUARD at each training epoch under Random attack on PEMS03 dataset of FEDformer model. H. Showcases To better visualize the effectiveness of TIMEGUARD, we provide an inference-time prediction example for the FEDformer model under the BackTime attack on PEMS03 in [PITH_FULL_IMAGE:figures/full_fig_p042_27.png] view at source ↗
Figure 28
Figure 28. Figure 28: Dynamic illustration of TIMEGUARD at each training epoch under Random attack on Weather dataset of FEDformer model. 1 20 40 60 80 100 Epoch 0 200 400 600 800 1000 Poison Sample Count TimeGuard (w/o NDF+DRLS) TimeGuard (a) Number of poisoned samples in the reliable pool. 1 20 40 60 80 100 Epoch 2 4 6 8 MAE MAEP (↑) (w/o NDF+DRLS) MAEC (↓) (w/o NDF+DRLS) MAEP (↑) MAEC (↓) (b) Clean and defense performance (… view at source ↗
Figure 29
Figure 29. Figure 29: Dynamic illustration of TIMEGUARD at each training epoch under Random attack on ETTm1 dataset of FEDformer model. 40 60 80 100 160 180 200 220 40 60 80 100 120 20 40 60 80 100 8 9 10 11 12 13 14 15 Clean Channel Original Data Undefended Prediction TimeGuard Prediction 120 130 140 150 160 170 140 160 180 200 220 260 280 300 320 340 360 40 60 80 100 Poison Channel Original Data Trigger Pattern Target Patter… view at source ↗
Figure 30
Figure 30. Figure 30: Inference-time prediction showcases of TIMEGUARD under the BackTime attack on PEMS03 of FEDformer model, visualized on alternating poisoned and clean channels. We display a randomly selected test sample with a randomly selected channel. 43 [PITH_FULL_IMAGE:figures/full_fig_p043_30.png] view at source ↗
read the original abstract

Time Series Forecasting (TSF) plays a critical role across many domains, yet it is vulnerable to backdoor attacks. However, backdoor defenses tailored to TSF remain underexplored, due to data entanglement and task-formulation shift challenges. To fill this gap, we conduct a systematic evaluation of thirteen representative backdoor defenses across the TSF life cycle and analyze their failure modes. Our results reveal two fundamental issues: (1) data entanglement induces channel-level signal dilution, rendering sample-filtering and trigger-synthesis defenses ineffective at localizing backdoors; and (2) task-formulation shift leads to training-loss degeneration, causing poisoned and clean windows to become indistinguishable at training stages. Based on these findings, we propose a training-time backdoor defense for TSF, termed TimeGuard. Our method adopts channel-wise pool training as the core paradigm and initializes a high-confidence pool using time-aware criteria to mitigate signal dilution. Moreover, we introduce distance-regularized loss selection to progressively expand the reliable pool during training and ease loss degeneration. Extensive experiments across multiple datasets, forecasting architectures, and TSF backdoor attacks demonstrate that TimeGuard substantially improves robustness, boosting $\mathrm{MAE}_\mathrm{P}$ by $1.96\times$ over the leading baseline, while preserving clean performance within 5% $\mathrm{MAE}_\mathrm{C}$.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 1 minor

Summary. The manuscript claims that a systematic evaluation of thirteen representative backdoor defenses across the TSF life cycle reveals two fundamental failure modes: (1) data entanglement inducing channel-level signal dilution that renders sample-filtering and trigger-synthesis defenses ineffective, and (2) task-formulation shift leading to training-loss degeneration that makes poisoned and clean windows indistinguishable. Based on this analysis, the authors propose TimeGuard, a training-time defense that adopts channel-wise pool training initialized with time-aware criteria to mitigate signal dilution and introduces distance-regularized loss selection to progressively expand the reliable pool and ease loss degeneration. Extensive experiments across multiple datasets, forecasting architectures, and TSF backdoor attacks show that TimeGuard boosts MAE_P by 1.96× over the leading baseline while preserving clean performance within 5% MAE_C.

Significance. The systematic evaluation of thirteen baselines and the explicit identification of failure modes due to data entanglement and task-formulation shift constitute a valuable contribution to an underexplored area. If the empirical robustness gains hold under broader conditions and the initialization step proves reliable, TimeGuard would represent a practical advance in training-time backdoor defense for TSF by directly targeting the identified issues while maintaining clean accuracy.

major comments (2)
  1. [Abstract] Abstract: the claim that TimeGuard boosts MAE_P by 1.96× over the leading baseline is presented without details on exact experimental setups, statistical significance testing, number of runs, or ablation studies. This omission prevents full verification of the central performance claims.
  2. [§4] §4 (method): the central claim that channel-wise pool training initialized via time-aware criteria plus distance-regularized loss selection will reliably counteract channel-level signal dilution and training-loss degeneration rests on the assumption that the time-aware criteria seed a sufficiently clean initial pool. No sensitivity analysis or bounds are supplied for cases where temporal patterns are weak or attack triggers are temporally diffuse, which is load-bearing for the reported 1.96× robustness margin.
minor comments (1)
  1. [Abstract] Abstract: the metrics MAE_P and MAE_C are introduced without a brief definition or reference to their precise formulation, which would aid clarity for readers new to the TSF backdoor setting.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive feedback on our manuscript. The comments highlight important aspects of clarity and robustness that we will address. We respond to each major comment below and indicate planned revisions.

read point-by-point responses

  1. Referee: [Abstract] Abstract: the claim that TimeGuard boosts MAE_P by 1.96× over the leading baseline is presented without details on exact experimental setups, statistical significance testing, number of runs, or ablation studies. This omission prevents full verification of the central performance claims.

    Authors: We agree that the abstract's brevity limits immediate verification of the central claim. The full experimental details—including the four datasets (ETTh1, ETTm1, Weather, Electricity), three forecasting architectures, three backdoor attack types, five independent runs with reported means and standard deviations, and paired t-test significance results—are provided in Sections 5.1–5.2, with component ablations in Section 5.3. In the revised manuscript we will update the abstract to include a concise qualifier (e.g., “across four datasets, three architectures, and three attacks with five runs each”) and explicitly direct readers to the experimental section for setups and statistical analysis. This change preserves abstract length while enabling verification. revision: yes

  2. Referee: [§4] §4 (method): the central claim that channel-wise pool training initialized via time-aware criteria plus distance-regularized loss selection will reliably counteract channel-level signal dilution and training-loss degeneration rests on the assumption that the time-aware criteria seed a sufficiently clean initial pool. No sensitivity analysis or bounds are supplied for cases where temporal patterns are weak or attack triggers are temporally diffuse, which is load-bearing for the reported 1.96× robustness margin.

    Authors: We acknowledge that the reliability of the time-aware initialization (Section 4.2, Equation 3) is a load-bearing assumption. While our evaluation spans datasets with differing temporal strengths, we did not include explicit sensitivity tests for weak periodicity or diffuse triggers. In the revised version we will add a dedicated sensitivity subsection (new Section 5.4) that (i) modulates temporal signal strength via controlled noise injection on periodic components, (ii) evaluates triggers spread over longer windows, and (iii) reports resulting initial-pool purity, MAE_P degradation, and conditions under which the 1.96× margin is maintained or reduced. This will supply the requested bounds and failure-case analysis. revision: yes

Circularity Check

0 steps flagged

No significant circularity; method is heuristic derived from empirical failure-mode analysis

full rationale

The paper evaluates 13 existing defenses, identifies two failure modes (channel-level signal dilution and training-loss degeneration), and proposes TimeGuard as a training-time heuristic (channel-wise pool training with time-aware initialization and distance-regularized loss selection) to address them. No equations, fitted parameters renamed as predictions, or load-bearing self-citations appear in the provided text. Central robustness claims rest on end-to-end experiments across datasets, architectures, and attacks rather than reducing by construction to the input analysis or prior self-referential results. This is the common case of an empirical defense paper whose derivation chain remains self-contained against external benchmarks.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

Central claim rests on the domain assumption that existing defenses fail for the stated reasons in TSF and that the new training paradigm directly counters those failure modes; no free parameters or invented entities are detailed in the abstract.

axioms (1)
  • domain assumption Data entanglement induces channel-level signal dilution and task-formulation shift leads to training-loss degeneration in TSF backdoor settings.
    Explicitly stated as the two fundamental issues revealed by the systematic evaluation of prior defenses.

pith-pipeline@v0.9.0 · 5785 in / 1227 out tokens · 47638 ms · 2026-05-22T05:24:56.799535+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

What do these tags mean?
matches
The paper's claim is directly supported by a theorem in the formal canon.
supports
The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends
The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses
The paper appears to rely on the theorem as machinery.
contradicts
The paper's claim conflicts with a theorem or certificate in the canon.
unclear
Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

131 extracted references · 131 canonical work pages · 5 internal anchors

  1. [1]

    Adam: A Method for Stochastic Optimization

    Adam: A method for stochastic optimization , author=. arXiv preprint arXiv:1412.6980 , year=

    work page internal anchor Pith review Pith/arXiv arXiv

  2. [2]

    2018 , publisher=

    Forecasting: principles and practice , author=. 2018 , publisher=

    work page 2018

  3. [3]

    Advances in neural information processing systems , volume=

    Neural tangent kernel: Convergence and generalization in neural networks , author=. Advances in neural information processing systems , volume=

    work page

  4. [4]

    arXiv preprint arXiv:2601.04247 , year=

    Beyond Immediate Activation: Temporally Decoupled Backdoor Attacks on Time Series Forecasting , author=. arXiv preprint arXiv:2601.04247 , year=

    work page arXiv

  5. [5]

    , author=

    CDLSTM: A novel model for climate change forecasting. , author=. Computers, Materials & Continua , volume=

    work page

  6. [6]

    IEEE Access , volume=

    Combining seasonal and trend decomposition using LOESS with a gated recurrent unit for climate time series forecasting , author=. IEEE Access , volume=. 2024 , publisher=

    work page 2024

  7. [7]

    On Clustering Time Series Using Euclidean Distance and Pearson Correlation

    On clustering time series using euclidean distance and pearson correlation , author=. arXiv preprint arXiv:1601.02213 , year=

    work page internal anchor Pith review Pith/arXiv arXiv

  8. [8]

    2025 International Conference on Quantum Communications, Networking, and Computing (QCNC) , pages=

    Quantum kernel-based long short-term memory for climate time-series forecasting , author=. 2025 International Conference on Quantum Communications, Networking, and Computing (QCNC) , pages=. 2025 , organization=

    work page 2025

  9. [9]

    IEEE Transactions on Intelligent Transportation Systems , volume=

    On model selection for scalable time series forecasting in transport networks , author=. IEEE Transactions on Intelligent Transportation Systems , volume=. 2021 , publisher=

    work page 2021

  10. [10]

    Mathematics , volume=

    Stock price forecasting with deep learning: A comparative study , author=. Mathematics , volume=. 2020 , publisher=

    work page 2020

  11. [11]

    International Journal of Logistics Systems and Management , volume=

    Traffic time series forecasting on highways-a contemporary survey of models, methods and techniques , author=. International Journal of Logistics Systems and Management , volume=. 2021 , publisher=

    work page 2021

  12. [12]

    Backdoor

    Yige Li and Hanxun Huang and Yunhan Zhao and Xingjun Ma and Jun Sun , booktitle=. Backdoor

    work page

  13. [13]

    The Thirty-ninth Annual Conference on Neural Information Processing Systems Datasets and Benchmarks Track , year=

    BackdoorDM: A Comprehensive Benchmark for Backdoor Learning in Diffusion Model , author=. The Thirty-ninth Annual Conference on Neural Information Processing Systems Datasets and Benchmarks Track , year=

    work page

  14. [14]

    2015 ieee international conference on web services , pages=

    Web service recommendation based on time series forecasting and collaborative filtering , author=. 2015 ieee international conference on web services , pages=. 2015 , organization=

    work page 2015

  15. [15]

    Proceedings of the ACM Web Conference 2023 , pages=

    Learning social meta-knowledge for nowcasting human mobility in disaster , author=. Proceedings of the ACM Web Conference 2023 , pages=. 2023 , publisher =

    work page 2023

  16. [16]

    Proceedings of the ACM Web Conference 2024 , pages=

    Netevolve: Social network forecasting using multi-agent reinforcement learning with interpretable features , author=. Proceedings of the ACM Web Conference 2024 , pages=. 2024 , publisher =

    work page 2024

  17. [17]

    Proceedings of the ACM Web Conference 2024 , pages=

    Unitime: A language-empowered unified model for cross-domain time series forecasting , author=. Proceedings of the ACM Web Conference 2024 , pages=. 2024 , publisher =

    work page 2024

  18. [18]

    Proceedings of the ACM on Web Conference 2025 , pages=

    Exploiting Language Power for Time Series Forecasting with Exogenous Variables , author=. Proceedings of the ACM on Web Conference 2025 , pages=. 2025 , publisher =

    work page 2025

  19. [19]

    Proceedings of the AAAI Conference on Artificial Intelligence , year=

    ST-ReP: Learning Predictive Representations Efficiently for Spatial-Temporal Forecasting , author=. Proceedings of the AAAI Conference on Artificial Intelligence , year=

    work page

  20. [20]

    The Thirteenth International Conference on Learning Representations , year=

    Root Cause Analysis of Anomalies in Multivariate Time Series through Granger Causal Discovery , author=. The Thirteenth International Conference on Learning Representations , year=

    work page

  21. [21]

    Proceedings of the 31st ACM SIGKDD Conference on Knowledge Discovery and Data Mining V

    DUET: Dual Clustering Enhanced Multivariate Time Series Forecasting , author=. Proceedings of the 31st ACM SIGKDD Conference on Knowledge Discovery and Data Mining V. 1 , pages=

    work page

  22. [22]

    Proceedings of the ACM web conference 2023 , pages=

    Multi-modal self-supervised learning for recommendation , author=. Proceedings of the ACM web conference 2023 , pages=. 2023 , publisher =

    work page 2023

  23. [23]

    Proceedings of the ACM Web Conference 2024 , pages=

    Pass: Predictive auto-scaling system for large-scale enterprise web applications , author=. Proceedings of the ACM Web Conference 2024 , pages=

    work page 2024

  24. [24]

    IEEE Transactions on Power Systems , volume=

    A real-time implementation of short-term load forecasting for distribution power systems , author=. IEEE Transactions on Power Systems , volume=. 1994 , publisher=

    work page 1994

  25. [25]

    Proceedings of the web conference 2021 , pages=

    Rest: Relational event-driven stock trend forecasting , author=. Proceedings of the web conference 2021 , pages=

    work page 2021

  26. [26]

    International Journal of Data Science and Analytics , volume=

    Time series adversarial attacks: an investigation of smooth perturbations and defense approaches , author=. International Journal of Data Science and Analytics , volume=. 2025 , publisher=

    work page 2025

  27. [27]

    International Conference on Artificial Intelligence and Statistics , pages=

    Adversarial Vulnerabilities in Large Language Models for Time Series Forecasting , author=. International Conference on Artificial Intelligence and Statistics , pages=. 2025 , organization=

    work page 2025

  28. [28]

    The Thirty-ninth Annual Conference on Neural Information Processing Systems , year=

    Investigating Hallucinations of Time Series Foundation Models through Signal Subspace Analysis , author=. The Thirty-ninth Annual Conference on Neural Information Processing Systems , year=

    work page

  29. [29]

    The Thirty-ninth Annual Conference on Neural Information Processing Systems , year=

    TimeWak: Temporal Chained-Hashing Watermark for Time Series Data , author=. The Thirty-ninth Annual Conference on Neural Information Processing Systems , year=

    work page

  30. [30]

    arXiv preprint arXiv:2506.01849 , year=

    Trojan horse hunt in time series forecasting for space operations , author=. arXiv preprint arXiv:2506.01849 , year=

    work page arXiv

  31. [31]

    arXiv preprint arXiv:2508.04189 , year=

    BadTime: An Effective Backdoor Attack on Multivariate Long-Term Time Series Forecasting , author=. arXiv preprint arXiv:2508.04189 , year=

    work page arXiv

  32. [32]

    2021 10th International Conference on Internet Computing for Science and Engineering , pages=

    Adversarial attacks on deep neural networks for time series prediction , author=. 2021 10th International Conference on Internet Computing for Science and Engineering , pages=

    work page 2021

  33. [33]

    Advances in Neural Information Processing Systems , volume=

    Backtime: Backdoor attacks on multivariate time series forecasting , author=. Advances in Neural Information Processing Systems , volume=

    work page

  34. [34]

    International Conference on Learning Representations , year=

    TimesNet: Temporal 2D-Variation Modeling for General Time Series Analysis , author=. International Conference on Learning Representations , year=

    work page

  35. [35]

    arXiv preprint arXiv:2308.11200 , year=

    Segrnn: Segment recurrent neural network for long-term time series forecasting , author=. arXiv preprint arXiv:2308.11200 , year=

    work page arXiv

  36. [36]

    The Thirteenth International Conference on Learning Representations , year=

    SimpleTM: A Simple Baseline for Multivariate Time Series Forecasting , author=. The Thirteenth International Conference on Learning Representations , year=

    work page

  37. [37]

    The Twelfth International Conference on Learning Representations , year=

    TimeMixer: Decomposable Multiscale Mixing for Time Series Forecasting , author=. The Twelfth International Conference on Learning Representations , year=

    work page

  38. [38]

    Advances in Neural Information Processing Systems , volume=

    Softs: Efficient multivariate time series forecasting with series-core fusion , author=. Advances in Neural Information Processing Systems , volume=

    work page

  39. [39]

    Advances in Neural Information Processing Systems , volume=

    Autotimes: Autoregressive time series forecasters via large language models , author=. Advances in Neural Information Processing Systems , volume=

    work page

  40. [40]

    International conference on machine learning , pages=

    Fedformer: Frequency enhanced decomposed transformer for long-term series forecasting , author=. International conference on machine learning , pages=

    work page

  41. [41]

    Proceedings of the AAAI conference on artificial intelligence , pages=

    Are transformers effective for time series forecasting? , author=. Proceedings of the AAAI conference on artificial intelligence , pages=

    work page

  42. [42]

    Journal of Ambient Intelligence and Humanized Computing , pages=

    Improving time series forecasting using LSTM and attention models , author=. Journal of Ambient Intelligence and Humanized Computing , pages=. 2022 , publisher=

    work page 2022

  43. [43]

    Soft Computing , pages=

    Temporal convolutional neural (TCN) network for an effective weather forecasting using time-series data from the local weather station , author=. Soft Computing , pages=. 2020 , publisher=

    work page 2020

  44. [44]

    Companion Proceedings of the ACM on Web Conference 2025 , pages=

    Convtimenet: A deep hierarchical fully convolutional model for multivariate time series analysis , author=. Companion Proceedings of the ACM on Web Conference 2025 , pages=

    work page 2025

  45. [45]

    Proceedings of the AAAI conference on artificial intelligence , year=

    Spatial temporal graph convolutional networks for skeleton-based action recognition , author=. Proceedings of the AAAI conference on artificial intelligence , year=

    work page

  46. [46]

    Proceedings of the AAAI conference on artificial intelligence , volume=

    Spatial-temporal synchronous graph convolutional networks: A new framework for spatial-temporal network data forecasting , author=. Proceedings of the AAAI conference on artificial intelligence , volume=

    work page

  47. [47]

    Proceedings of the 43rd international ACM SIGIR conference on research and development in information retrieval , pages=

    Streaming graph neural networks , author=. Proceedings of the 43rd international ACM SIGIR conference on research and development in information retrieval , pages=

    work page

  48. [48]

    International Conference on Learning Representations , year=

    A time series is worth 64 words: Long-term forecasting with transformers , author=. International Conference on Learning Representations , year=

    work page

  49. [49]

    Advances in neural information processing systems , volume=

    Autoformer: Decomposition transformers with auto-correlation for long-term series forecasting , author=. Advances in neural information processing systems , volume=

    work page

  50. [50]

    IEEE Transactions on Pattern Analysis and Machine Intelligence , year=

    Defenses in Adversarial Machine Learning: a Systematic Survey from the Lifecycle Perspective , author=. IEEE Transactions on Pattern Analysis and Machine Intelligence , year=

    work page

  51. [51]

    Pattern Recognition , volume=

    Not all samples are born equal: Towards effective clean-label backdoor attacks , author=. Pattern Recognition , volume=. 2023 , publisher=

    work page 2023

  52. [52]

    Pattern Recognition , pages=

    Rethinking the Trigger of Backdoor Attacks: Towards Physical Backdoor Threats , author=. Pattern Recognition , pages=. 2026 , publisher=

    work page 2026

  53. [53]

    International Conference on Learning Representations , year=

    Few-Shot Backdoor Attacks on Visual Object Tracking , author=. International Conference on Learning Representations , year=

    work page

  54. [54]

    The Eleventh International Conference on Learning Representations , year=

    SCALE-UP: An Efficient Black-box Input-level Backdoor Detection via Analyzing Scaled Prediction Consistency , author=. The Eleventh International Conference on Learning Representations , year=

    work page

  55. [55]

    The Thirteenth International Conference on Learning Representations , year=

    Probe before You Talk: Towards Black-box Defense against Backdoor Unalignment for Large Language Models , author=. The Thirteenth International Conference on Learning Representations , year=

    work page

  56. [56]

    The Twelfth International Conference on Learning Representations , year=

    Towards reliable and efficient backdoor trigger inversion via decoupling benign features , author=. The Twelfth International Conference on Learning Representations , year=

    work page

  57. [57]

    IEEE Transactions on Information Forensics and Security , year=

    Cert-SSBD: Certified Backdoor Defense With Sample-Specific Smoothing Noises , author=. IEEE Transactions on Information Forensics and Security , year=

    work page

  58. [58]

    International Conference on Learning Representations , year=

    REFINE: Inversion-Free Backdoor Defense via Model Reprogramming , author=. International Conference on Learning Representations , year=

    work page

  59. [59]

    European conference on computer vision , pages=

    Baddet: Backdoor attacks on object detection , author=. European conference on computer vision , pages=. 2022 , organization=

    work page 2022

  60. [60]

    ICASSP 2023-2023 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP) , pages=

    Untargeted backdoor attack against object detection , author=. ICASSP 2023-2023 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP) , pages=. 2023 , organization=

    work page 2023

  61. [61]

    IEEE Transactions on Information Forensics and Security , volume=

    Backdoor attack with sparse and invisible trigger , author=. IEEE Transactions on Information Forensics and Security , volume=. 2024 , publisher=

    work page 2024

  62. [62]

    IEEE Transactions on Dependable and Secure Computing , year=

    Towards sample-specific backdoor attack with clean labels via attribute trigger , author=. IEEE Transactions on Dependable and Secure Computing , year=

    work page

  63. [63]

    Advances in Neural Information Processing Systems , volume=

    Taught well learned ill: Towards distillation-conditional backdoor attack , author=. Advances in Neural Information Processing Systems , volume=

    work page

  64. [64]

    ICASSP 2023-2023 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP) , pages=

    Going in style: Audio backdoors through stylistic transformations , author=. ICASSP 2023-2023 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP) , pages=. 2023 , organization=

    work page 2023

  65. [65]

    ICASSP 2021-2021 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP) , pages=

    Backdoor attack against speaker verification , author=. ICASSP 2021-2021 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP) , pages=. 2021 , organization=

    work page 2021

  66. [66]

    IEEE Transactions on Information Forensics and Security , volume=

    Toward stealthy backdoor attacks against speech recognition via elements of sound , author=. IEEE Transactions on Information Forensics and Security , volume=. 2024 , publisher=

    work page 2024

  67. [67]

    Advances in Neural Information Processing Systems , volume=

    Setting the trap: Capturing and defeating backdoors in pretrained language models through honeypots , author=. Advances in Neural Information Processing Systems , volume=

    work page

  68. [68]

    IEEE Transactions on Information Forensics and Security , year=

    Flare: Towards universal dataset purification against backdoor attacks , author=. IEEE Transactions on Information Forensics and Security , year=

    work page

  69. [69]

    IEEE transactions on neural networks and learning systems , pages=

    Backdoor learning: A survey , author=. IEEE transactions on neural networks and learning systems , pages=. 2022 , publisher=

    work page 2022

  70. [70]

    Proceedings of the 63rd Annual Meeting of the Association for Computational Linguistics (Volume 2: Short Papers)

    Revisiting LLMs as Zero-Shot Time-Series Forecasters: Small Noise Can Break Large Models , author=. Proceedings of the 63rd Annual Meeting of the Association for Computational Linguistics (Volume 2: Short Papers). 2025

    work page 2025

  71. [71]

    Proceedings of the 24th International Conference on World Wide Web , pages =

    Daily-aware personalized recommendation based on feature-level time series analysis , author=. Proceedings of the 24th International Conference on World Wide Web , pages =

    work page

  72. [72]

    Artificial Intelligence Review , year=

    A Comprehensive Survey of Deep Learning for Time Series Forecasting: Architectural Diversity and Open Challenges , author=. Artificial Intelligence Review , year=

    work page

  73. [73]

    International Journal of Computer Vision , pages=

    Backdoorbench: A comprehensive benchmark and analysis of backdoor learning , author=. International Journal of Computer Vision , pages=. 2025 , publisher=

    work page 2025

  74. [74]

    Advances in neural information processing systems , volume=

    Spectral signatures in backdoor attacks , author=. Advances in neural information processing systems , volume=

    work page

  75. [75]

    Junfeng Guo and Ang Li and Cong Liu , booktitle=

    work page

  76. [76]

    International Conference on Machine Learning , pages=

    Spectre: Defending against backdoor attacks using robust statistics , author=. International Conference on Machine Learning , pages=. 2021 , organization=

    work page 2021

  77. [77]

    International Conference on Machine Learning , pages=

    Understanding backdoor attacks through the adaptability hypothesis , author=. International Conference on Machine Learning , pages=. 2023 , organization=

    work page 2023

  78. [78]

    2024 IEEE Symposium on Security and Privacy (SP) , pages=

    Robust backdoor detection for deep learning via topological evolution dynamics , author=. 2024 IEEE Symposium on Security and Privacy (SP) , pages=. 2024 , organization=

    work page 2024

  79. [79]

    International symposium on research in attacks, intrusions, and defenses , pages=

    Fine-pruning: Defending against backdooring attacks on deep neural networks , author=. International symposium on research in attacks, intrusions, and defenses , pages=. 2018 , organization=

    work page 2018

  80. [80]

    arXiv preprint arXiv:2401.03215 , year=

    End-to-End Anti-Backdoor Learning on Images and Time Series , author=. arXiv preprint arXiv:2401.03215 , year=

    work page arXiv

Showing first 80 references.