What problem does this paper attempt to address?

The main problem that this paper attempts to solve is: how to generate highly imperceptible adversarial examples for time - series classification (TSC) tasks based on recurrent neural networks (RNN). Specifically, the paper points out that most current adversarial attack methods are mainly aimed at feed - forward neural networks (such as image recognition tasks), and these methods perform poorly on RNNs for the following reasons: 1. **The periodic computing structure of RNN**: The special structure of RNN makes it difficult to directly perform model differentiation, thus hindering the effective use of gradient information. 2. **The high sensitivity of time series to perturbations**: Compared with image data, time series are more sensitive to perturbations, which makes it difficult for traditional local optimization objectives to generate imperceptible adversarial examples. To overcome these problems, the paper proposes a new method named TSFool. By introducing the "Camouflage Coefficient", a global optimization objective, it transforms the adversarial attack problem into a multi - objective optimization problem. In addition, to accelerate the optimization process, the paper also proposes a method based on the representation model to capture fragile samples with deep embedding. The following are the specific improvement points of TSFool: - **Camouflage Coefficient**: A new global optimization objective is defined to measure the imperceptibility of adversarial examples in the class distribution. The Camouflage Coefficient evaluates the concealment of adversarial examples by comparing the relative distances between the adversarial examples and the original class and the misclassified class. \[ C(\vec{x}^*)=\frac{\|\vec{x}^* - \vec{m}_i\| / d_i}{\|\vec{x}^* - \vec{m}_j\| / d_j} \] where \(\vec{m}_i\) and \(\vec{m}_j\) are the centroids of the original class and the misclassified class respectively, and \(d_i\) and \(d_j\) are the average distances of the corresponding classes. - **Multi - objective perturbation attack**: Combining the Camouflage Coefficient and the minimum perturbation objective, TSFool adopts a multi - objective optimization strategy to ensure that the generated adversarial examples not only have a small perturbation amount but also are more difficult to be detected globally. - **Fragile sample capture based on the manifold hypothesis**: By constructing a representation model (such as the interval - weighted finite automaton i - WFA), TSFool can capture fragile samples whose features deviate from the latent manifold, thereby guiding the generation of adversarial examples. The experimental results show that TSFool significantly outperforms the existing white - box and black - box benchmark attack methods on 11 UCR and UEA datasets, and performs excellently in terms of effectiveness, efficiency and imperceptibility.