ML Security PapersTargeted Manipulation: Slope-Based Attacks on Financial Time-Series Data
Published on arXiv
2511.19330
Input Manipulation Attack
OWASP ML Top 10 — ML01
Key Finding
Slope-based attacks double the predicted slope of N-HiTS forecasts and reduce a 4-layer CNN discriminator's specificity to 28% and accuracy to 57%.
General Slope Attack / Least-Squares Slope Attack
Novel technique introduced
A common method of attacking deep learning models is through adversarial attacks, which occur when an attacker specifically modifies the input of a model to produce an incorrect result. Adversarial attacks have been deeply investigated in the image domain; however, there is less research in the time-series domain and very little for forecasting financial data. To address these concerns, this study aims to build upon previous research on adversarial attacks for time-series data by introducing two new slope-based methods aimed to alter the trends of the predicted stock forecast generated by an N-HiTS model. Compared to the normal N-HiTS predictions, the two new slope-based methods, the General Slope Attack and Least-Squares Slope Attack, can manipulate N-HiTS predictions by doubling the slope. These new slope attacks can bypass standard security mechanisms, such as a discriminator that filters real and perturbed inputs, reducing a 4-layered CNN's specificity to 28% and accuracy to 57%. Furthermore, the slope based methods were incorporated into a GAN architecture as a means of generating realistic synthetic data, while simultaneously fooling the model. Finally, this paper also proposes a sample malware designed to inject an adversarial attack in the model inference library, proving that ML-security research should not only focus on making the model safe, but also securing the entire pipeline.
Key Contributions
- Two novel slope-based targeted adversarial attacks (General Slope Attack and Least-Squares Slope Attack) that double the predicted trend slope of an N-HiTS financial forecasting model
- Integration of slope-based adversarial objectives into a GAN architecture to generate realistic yet adversarial synthetic financial time-series data that simultaneously bypasses a discriminator defense
- Proof-of-concept malware demonstrating supply chain risk by injecting adversarial attacks directly into the model inference library
🛡️ Threat Analysis
The core contributions are two new adversarial input manipulation attacks (General Slope Attack and Least-Squares Slope Attack) that perturb financial time-series inputs at inference time to alter the slope/trend of an N-HiTS forecasting model's predictions, and additionally bypass a discriminator-based detection defense — classic inference-time evasion attacks on a predictive ML model.