Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Differentiable Adversarial Attacks for Marked Temporal Point Processes

Pritish Chakraborty, Vinayak Gupta, Rahul R, Srikanta J. Bedathur, Abir De

TL;DR

This work tackles the vulnerability of Marked Temporal Point Processes (MTPPs) to adversarial perturbations of continuous-time event sequences. It introduces PermTPP, a differentiable two-stage adversarial attack that first computes a controllable permutation of events using a Gumbel-Sinkhorn surrogate and then injects order-constrained time noise via an attention-based generator, all while minimizing the likelihood and keeping a small distance $Dist(\mathcal{H},\mathcal{H}')$ between the clean and perturbed sequences. The approach yields a trainable framework for attacking MTPPs by jointly optimizing over permutation and time perturbations, with a hinge regularizer ensuring chronological order and linear constraints enforcing feasible times. Empirical results on four real-world datasets show PermTPP can significantly degrade predictive performance (time and marks) compared to baselines, and adversarial training provides improved robustness in several scenarios, highlighting practical implications for strengthening MTPP-based systems and guiding privacy-preserving extensions. The work thus advances understanding of MTPP robustness and offers practical tools for evaluating and improving adversarial defenses in continuous-time sequence modeling.

Abstract

Marked temporal point processes (MTPPs) have been shown to be extremely effective in modeling continuous time event sequences (CTESs). In this work, we present adversarial attacks designed specifically for MTPP models. A key criterion for a good adversarial attack is its imperceptibility. For objects such as images or text, this is often achieved by bounding perturbation in some fixed $L_p$ norm-ball. However, similarly minimizing distance norms between two CTESs in the context of MTPPs is challenging due to their sequential nature and varying time-scales and lengths. We address this challenge by first permuting the events and then incorporating the additive noise to the arrival timestamps. However, the worst case optimization of such adversarial attacks is a hard combinatorial problem, requiring exploration across a permutation space that is factorially large in the length of the input sequence. As a result, we propose a novel differentiable scheme PERMTPP using which we can perform adversarial attacks by learning to minimize the likelihood, while minimizing the distance between two CTESs. Our experiments on four real-world datasets demonstrate the offensive and defensive capabilities, and lower inference times of PERMTPP.

Differentiable Adversarial Attacks for Marked Temporal Point Processes

TL;DR

This work tackles the vulnerability of Marked Temporal Point Processes (MTPPs) to adversarial perturbations of continuous-time event sequences. It introduces PermTPP, a differentiable two-stage adversarial attack that first computes a controllable permutation of events using a Gumbel-Sinkhorn surrogate and then injects order-constrained time noise via an attention-based generator, all while minimizing the likelihood and keeping a small distance between the clean and perturbed sequences. The approach yields a trainable framework for attacking MTPPs by jointly optimizing over permutation and time perturbations, with a hinge regularizer ensuring chronological order and linear constraints enforcing feasible times. Empirical results on four real-world datasets show PermTPP can significantly degrade predictive performance (time and marks) compared to baselines, and adversarial training provides improved robustness in several scenarios, highlighting practical implications for strengthening MTPP-based systems and guiding privacy-preserving extensions. The work thus advances understanding of MTPP robustness and offers practical tools for evaluating and improving adversarial defenses in continuous-time sequence modeling.

Abstract

Marked temporal point processes (MTPPs) have been shown to be extremely effective in modeling continuous time event sequences (CTESs). In this work, we present adversarial attacks designed specifically for MTPP models. A key criterion for a good adversarial attack is its imperceptibility. For objects such as images or text, this is often achieved by bounding perturbation in some fixed norm-ball. However, similarly minimizing distance norms between two CTESs in the context of MTPPs is challenging due to their sequential nature and varying time-scales and lengths. We address this challenge by first permuting the events and then incorporating the additive noise to the arrival timestamps. However, the worst case optimization of such adversarial attacks is a hard combinatorial problem, requiring exploration across a permutation space that is factorially large in the length of the input sequence. As a result, we propose a novel differentiable scheme PERMTPP using which we can perform adversarial attacks by learning to minimize the likelihood, while minimizing the distance between two CTESs. Our experiments on four real-world datasets demonstrate the offensive and defensive capabilities, and lower inference times of PERMTPP.
Paper Structure (12 sections, 16 equations, 3 figures, 3 tables)

This paper contains 12 sections, 16 equations, 3 figures, 3 tables.

Table of Contents

  1. Introduction
  2. Our Contributions
  3. Problem Formulation
  4. Problem Statement
  5. Computation of $\mathop{\mathrm{\text{Dist}}}\nolimits(\mathcal{H},\mathcal{H}')$
  6. Key Technical Challenges
  7. PermTPP Model
  8. Proposed Adversarial Attack Model
  9. Differentiable Neural Networks for $\pi, \epsilon$
  10. Experiments
  11. Experimental Results
  12. Conclusion

Figures (3)

  • Figure 1: More noise may not increase $\mathop{\mathrm{\text{Dist}}}\nolimits (\mathcal{H},\mathcal{H}')$.
  • Figure 2: Overview of PermTPP. (A) Combinatorial perspective of two staged adversarial attack: It describes combinatorial computation of the adversarial CTES $\mathcal{H}'=\mathcal{H}_{\pi,\bm{\epsilon}}$ from the clean CTES $\mathcal{H}$. We first apply a (hard) permutation map $\pi$ on $\mathcal{H}$ to obtain the permuted sequence $\mathcal{H}_{\pi}$. The map $\pi$ was intended to fix the chronological order of the events of the final perturbed CTES $\mathcal{H}'$. However $\mathcal{H}_\pi$ is not chronologically sorted. Hence, we add temporal noise $\bm{\epsilon}=\left\{\epsilon_1,..\epsilon_n\right\}$ to the timestamps in $\mathcal{H}_\pi$ with a hinge regularizer (last term in Eq. \ref{['eq:attack_final']}), so that $\mathcal{H}'=\mathcal{H}_{\pi,\bm{\epsilon}}$ is chronologically ordered and is aligned w.r.t $\pi$. (B) Differentiable approximation of $\pi,\bm{\epsilon}$: The CTES $\mathcal{H}=\left\{e_i \,|\, i\in[n]\right\}$ is fed to $\mathcal{M}_{\bm{w}}$ (adversary's belief about the learner's model $\mathcal{M}_{\widehat{\bm{w}}}$) to obtain the embeddings ${\bm{H}}=\left\{\bm{h}_i\,|\, i\in [n]\right\}$. They are fed to a Gumbel-Sinkhorn network $GS_{\theta}$ to obtain a soft permutation matrix ${\bm{P}}$. Within $GS_{\theta}$, first an MLP network $g_\theta$ generates the seed matrix $\bm{S}$ with $\bm{S}[i,j] = g_{\theta}(\bm{h}_i,\bm{h}_j)$ and then $\bm{S}$ goes through a number of Sinkhorn iterations with temperature $\tau$, to output ${\bm{P}}$; ${\bm{P}}$ is then applied on $\mathcal{H}$ to obtain the soft permuted sequence $\mathcal{H}_{{\bm{P}}}\approx\mathcal{H}_{\pi}$. Next, $\mathcal{H}_{{\bm{P}}}$ is fed into $\textsc{Attn}_{\phi}$, which consists of of linear, attention and linear layers, to obtain the additive noise $\bm{\epsilon}$, which finally provides $\mathcal{H}_{{\bm{P}},\bm{\epsilon}}\approx \mathcal{H}_{\pi,\bm{\epsilon}}$.
  • Figure 3: Adversarial Robustness of $\mathcal{M}_{\widehat{\bm{w}}}$, trained using different adversarial training methods and PermTPP attack for Taobao dataset. Here, lower the MAE and higher the MPA, more successful is the defense model.