International Journal of Open Information Technologies

This paper examines the robustness of the TGC-LSTM urban traffic forecasting model to black-box adversarial evasion attacks and proposes an accelerated version of this attack based on a trainable convolutional network. The TGC-LSTM architecture is considered as the target model. This paper describes an implementation of the single-point 1VITA attack, in which a perturbation is found without access to the target model's gradients using differential evolution (DE), which is consistent with the idea of a sparse attack on time series predictive models. Next, a training set is constructed from the identified 1VITA examples, and an auxiliary convolutional network is trained on it, predicting the input window sensitivity map and the perturbation magnitude map. This paper proposes a fully two-dimensional architecture consisting of three Conv2d + ReLU layers and two independent 1×1 output heads, corresponding to a time × sensors matrix input. On 50 identical test examples, the pure model achieved MAE = 2.8699, RMSE = 4.2018, and MAPE = 7.0519. The single-point 1VITA attack degraded the prediction only slightly to RMSE = 4.2284 and MAPE = 7.1013, but required an average of 314 queries and 2.6985 seconds per example. The proposed accelerated LBA_S mode yielded significantly more severe performance degradation: MAE = 15.6818, RMSE = 17.0757, and MAPE = 31.1117, with an average cost of 15 queries and 0.1009 seconds per example. For the TGC-LSTM model, the vulnerability is weak at the level of a single change in a single value in the input window, but becomes significant if the attack uses a richer perturbation structure and relies on a learned map of sensitive coordinates. In practice, this means that the robustness analysis of graph traffic forecasting models cannot be limited to the simplest single-point attacks. Theoretically, this shows that even an interpretable and physically motivated spatiotemporal architecture retains a significant attack surface if the adversary is able to accumulate and reuse information about typical adversarial examples.

Cui Z., Henrickson K., Ke R., Pu Z., Wang Y. Traffic Graph Convolutional Recurrent Neural Network: A Deep Learning Framework for Network-Scale Traffic Learning and Forecasting // IEEE Transactions on Intelligent Transportation Systems. 2020. Vol. 21. No. 11. P. 4883-4894.

Jin M., Koh H. Y., Wen Q., Zambon D., Alippi C., Webb G. I., King I., Pan S. A survey on graph neural networks for time series: Forecasting, classification, imputation, and anomaly detection // IEEE Transactions on Pattern Analysis and Machine Intelligence. 2024. Vol. 46. No. 12. P. 10466-10485.

Chen Z., Dost K., Zhu X., Chang X., Dobbie G., Wicker J. Targeted Attacks on Time Series Forecasting // Pacific-Asia Conference on Knowledge Discovery and Data Mining. Cham: Springer Nature Switzerland, 2023. P. 314-327.

Xiao Y., Yang Z., Zou Q., Zhang P. Learn from Adversarial Examples: Learning-Based Attack on Time Series Forecasting // Information Technology and Control. 2025. Vol. 54. No. 2. P. 613-628.

Xu A., Wang X., Zhang Y., Wu T., Xian X. Adversarial Attacks on Deep Neural Networks for Time Series Prediction // 2021 10th International Conference on Internet Computing for Science and Engineering. 2021. P. 8-14.

Liu F., Liu H., Jiang W. Practical Adversarial Attacks on Spatiotemporal Traffic Forecasting Models // Advances in Neural Information Processing Systems. 2022. Vol. 35. P. 19035-19047.

Liu F., Miranda-Moreno L., Sun L. Spatially Focused Attack against Spatiotemporal Graph Neural Networks // arXiv preprint. 2021.

Zhu L., Feng K., Pu Z., Ma W. Adversarial Diffusion Attacks on Graph-based Traffic Prediction Models // IEEE Internet of Things Journal. 2023. Vol. 11. No. 1. P. 1481-1495.

LSTM https://github.com/Danilka776/TGC-LSTM-attack

Laponina, O. R., and R. N. Kostin. "Razrabotka programmnogo obespecheniya modelirovaniya ugroz dlya sistem na baze LLM-agentov." International Journal of Open Information Technologies 13.6 (2025): 132-146..

Berber, D. V., and O. R. Laponina. "Razrabotka podhodov k uvelicheniyu ustojchivosti modelej mashinnogo obucheniya dlya obnaruzheniya raspredelennyh atak otkaza obsluzhivaniya." International Journal of Open Information Technologies 13.6 (2025): 16-24..

Namiot, D. E. Skhemy atak na modeli mashinnogo obucheniya / D. E. Namiot // International Journal of Open Information Technologies. – 2023. – T. 11, № 5. – S. 68-86. – EDN YVRDOB.

Kupriyanovskij, V. P. Demistifikaciya cifrovoj ekonomiki / V. P. Kupriyanovskij, D. E. Namiot, S. A. Sinyagov // International Journal of Open Information Technologies. – 2016. – T. 4, № 11. – S. 59-63. – EDN WXQLIJ..

Cifrovaya zheleznaya doroga - innovacionnye standarty i ih rol' na primere Velikobritanii / D. E. Nikolaev, V. P. Kupriyanovskij, G. V. Sukonnikov [i dr.] // International Journal of Open Information Technologies. – 2016. – T. 4, № 10. – S. 55-61. – EDN WXBAZN