Saved in:
Bibliographic Details
Main Authors: Johansson, Nicolas, Olsson, Tobias, Nilsson, Daniel, Östman, Johan, Hoseini, Fazeleh
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2509.04169
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866918334121902080
author Johansson, Nicolas
Olsson, Tobias
Nilsson, Daniel
Östman, Johan
Hoseini, Fazeleh
author_facet Johansson, Nicolas
Olsson, Tobias
Nilsson, Daniel
Östman, Johan
Hoseini, Fazeleh
contents Membership inference attacks (MIAs) aim to determine whether specific data were used to train a model. While extensively studied on classification models, their impact on time series forecasting remains largely unexplored. We address this gap by introducing two new attacks: (i) an adaptation of multivariate LiRA, a state-of-the-art MIA originally developed for classification models, to the time-series forecasting setting, and (ii) a novel end-to-end learning approach called Deep Time Series (DTS) attack. We benchmark these methods against adapted versions of other leading attacks from the classification setting. We evaluate all attacks in realistic settings on the TUH-EEG and ELD datasets, targeting two strong forecasting architectures, LSTM and the state-of-the-art N-HiTS, under both record- and user-level threat models. Our results show that forecasting models are vulnerable, with user-level attacks often achieving perfect detection. The proposed methods achieve the strongest performance in several settings, establishing new baselines for privacy risk assessment in time series forecasting. Furthermore, vulnerability increases with longer prediction horizons and smaller training populations, echoing trends observed in large language models.
format Preprint
id arxiv_https___arxiv_org_abs_2509_04169
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Privacy Risks in Time Series Forecasting: User- and Record-Level Membership Inference
Johansson, Nicolas
Olsson, Tobias
Nilsson, Daniel
Östman, Johan
Hoseini, Fazeleh
Machine Learning
Membership inference attacks (MIAs) aim to determine whether specific data were used to train a model. While extensively studied on classification models, their impact on time series forecasting remains largely unexplored. We address this gap by introducing two new attacks: (i) an adaptation of multivariate LiRA, a state-of-the-art MIA originally developed for classification models, to the time-series forecasting setting, and (ii) a novel end-to-end learning approach called Deep Time Series (DTS) attack. We benchmark these methods against adapted versions of other leading attacks from the classification setting. We evaluate all attacks in realistic settings on the TUH-EEG and ELD datasets, targeting two strong forecasting architectures, LSTM and the state-of-the-art N-HiTS, under both record- and user-level threat models. Our results show that forecasting models are vulnerable, with user-level attacks often achieving perfect detection. The proposed methods achieve the strongest performance in several settings, establishing new baselines for privacy risk assessment in time series forecasting. Furthermore, vulnerability increases with longer prediction horizons and smaller training populations, echoing trends observed in large language models.
title Privacy Risks in Time Series Forecasting: User- and Record-Level Membership Inference
topic Machine Learning
url https://arxiv.org/abs/2509.04169