Publication Date

Fall 2025

Degree Type

Master's Project

Degree Name

Master of Science in Computer Science (MSCS)

Department

Computer Science

First Advisor

Saptarshi Sengupta

Second Advisor

Robert Chun

Third Advisor

Mohammad Masum

Keywords

Moving Target Defense, Time Series Forecasting, Adversarial Robustness, Transformer Models, First-Order Attacks, Ensemble Learning

Abstract

Time series forecasting models are vulnerable to adversarial perturbations. Even the smallest input modifications can produce significantly erroneous forecasts. Moving Target Defense (MTD) methods address this vulnerability by introducing controlled model diversity at inference time. In this work, the Morphence framework is extended to regression based forecasting to evaluate how different student model perturbation strategies can influence adversarial robustness. A Transformer model is used as the base, and then multiple student models are created through structured parameter perturbations. Two unique ensembles of students are then examined. The first is a vanilla Morphence style ensemble produced through small stochastic weight changes. The second is a novel ensemble generated via stronger and more diverse perturbation methods. Robustness is then evaluated using Fast Gradient Sign Method (FGSM), Basic Iterative Method (BIM), and Projected Gradient Descent (PGD) attacks. Root Mean Squared Error (RMSE) degradation is used as the evaluation metric. Every attack configuration is repeated across 30 randomized iterations to provide comparisons that are consistent with common Monte Carlo evaluation practices. Experiments are conducted on two real world datasets: the Jena Climate dataset and Electricity Load Diagrams dataset. Results show that both ensembles improve robustness relative to the base model. The novel perturbation strategy achieves competitive or superior performance under BIM and PGD across most perturbation budgets.

Download

Available for download on Saturday, December 19, 2026

Share

COinS