Sichen Liu,Yuan Luo

DOI: https://doi.org/10.3390/electronics13030650

IF: 2.9

2024-01-01

Electronics

Abstract:While deep neural networks (DNNs) have been widely and successfully used for time series classification (TSC) over the past decade, their vulnerability to adversarial attacks has received little attention. Most existing attack methods focus on white-box setups, which are unrealistic as attackers typically only have access to the model’s probability outputs. Defensive methods also have limitations, relying primarily on adversarial retraining which degrades classification accuracy and requires excessive training time. On top of that, we propose two new approaches in this paper: (1) A simulated annealing-based random search attack that finds adversarial examples without gradient estimation, searching only on the l∞-norm hypersphere of allowable perturbations. (2) A post-processing defense technique that periodically reverses the trend of corresponding loss values while maintaining the overall trend, using only the classifier’s confidence scores as input. Experiments applying these methods to InceptionNet models trained on the UCR dataset benchmarks demonstrate the effectiveness of the attack, achieving up to 100% success rates. The defense method provided protection against up to 91.24% of attacks while preserving prediction quality. Overall, this work addresses important gaps in adversarial TSC by introducing novel black-box attack and lightweight defense techniques.

Hassan Ismail Fawaz,Germain Forestier,Jonathan Weber,Lhassane Idoumghar,Pierre-Alain Muller

DOI: https://doi.org/10.1109/ijcnn.2019.8851936

2019-07-01

Abstract:Time Series Classification (TSC) problems are encountered in many real life data mining tasks ranging from medicine and security to human activity recognition and food safety. With the recent success of deep neural networks in various domains such as computer vision and natural language processing, researchers started adopting these techniques for solving time series data mining problems. However, to the best of our knowledge, no previous work has considered the vulnerability of deep learning models to adversarial time series examples, which could potentially make them unreliable in situations where the decision taken by the classifier is crucial such as in medicine and security. For computer vision problems, such attacks have been shown to be very easy to perform by altering the image and adding an imperceptible amount of noise to trick the network into wrongly classifying the input image. Following this line of work, we propose to leverage existing adversarial attack mechanisms to add a special noise to the input time series in order to decrease the network’s confidence when classifying instances at test time. Our results reveal that current state-of-the-art deep learning time series classifiers are vulnerable to adversarial attacks which can have major consequences in multiple domains such as food safety and quality assurance.

YANG Wen-bo,YUAN Ji-dong

DOI: https://doi.org/10.11896/jsjkx.210900254

2022-01-01

Abstract:Deep neural networks(DNNs) for time series classification have potential security concerns due to their vulnerability to adversarial attacks.The existing attack methods on time series performglobal perturbation based on gradient information,and the generated adversarial examples are easy to be perceived.This paper proposes a locally black-box method to attack DNNs without gradient information.First,the attack is described as a constrained optimization problem with the assumption that the method cannot get any inner information of the model,then the genetic algorithm is employed to solve it.Second,since time series shapelets provides the most discriminative information among different categories,it is designed as a local perturbation interval.Experimental results on UCR datasets that have potential security concerns indicate that the proposed method can effectively attack DNNs and generate adversarial samples.In addition,compared with the benchmark,the method significantly reduces the mean squared error while keeping a high success rate.

Wenbo Yang,Jidong Yuan,Xiaokang Wang,Peixiang Zhao,Wenbo Yang,Jidong Yuan,Xiaokang Wang,Peixiang Zhao

DOI: https://doi.org/10.1016/j.engappai.2022.105218

IF: 8

2022-09-01

Engineering Applications of Artificial Intelligence

Abstract:Deep neural networks (DNNs) for time series classification have potential security concerns due to their vulnerability to adversarial attacks. Previous work that perturbs time series globally requires gradient information to generate adversarial examples, leading to being perceived easily. In this paper, we propose a gradient-free black-box method called TSadv to attack DNNs with local perturbations. First, we formalize the attack as a constrained optimization problem solved by a differential evolution algorithm without any inner information of the target model. Second, with the assumption that time series shapelets provide more discriminative information between different classes, the range of perturbations is designed based on their intervals. Experimental results show that our method can effectively attack DNNs on time series datasets that have potential security concerns and generate imperceptible adversarial samples flexibly. Besides, our approach decreases the mean squared error by approximately two orders of magnitude compared with the state-of-the-art method while retaining competitive attacking success rates.

automation & control systems,computer science, artificial intelligence,engineering, electrical & electronic, multidisciplinary

Aidong Xu,Xuechun Wang,Yunan Zhang,Tao Wu,Xingping Xian

DOI: https://doi.org/10.1145/3485314.3485316

2021-07-09

Abstract:Time series data is widespread in real-world scenarios. To recover and infer missing information in practical domains, such as stock price monitoring, electricity load forecasting, traffic flows analysis, climate trend prediction, etc., the problem of time series prediction has been widely studied as a classical research topic in data mining. Over the past decade, deep learning architectures are introduced as a vital part of the next generation of time series prediction models. However, recent studies showed that deep learning models are vulnerable to adversarial attacks. In this paper, we study the adversarial attacks on the time series prediction models prospectively. We propose an attack strategy to generate adversarial samples by adding imperceptible perturbed data to the original time series with the goal of reducing the accuracy of time series prediction models. Specifically, the perturbation-based adversarial example generation algorithm is proposed using gradient information of time series prediction model. Moreover, adversarial examples should be imperceptible to humans. To address the challenge, we craft adversarial samples based on importance measuring to perturb the original data locally. We evaluate our attacks on state-of-the-art time series prediction models using three time series datasets. Our results demonstrate that our attacks can effectively evade the time series prediction models, and the adversarial attacks mechanisms can be used as robustness metric for constructing robust time series prediction models.

Hongyu Lu,Jiajia Liu,Jimin Peng,Jiazhong Lu

DOI: https://doi.org/10.1016/j.cose.2024.104175

IF: 5.105

2024-11-01

Computers & Security

Abstract:To enhance the robustness of intrusion detection classifiers, we propose a Time Series-based Adversarial Attack Framework (TSAF) targeting the temporal characteristics of network traffic. Initially, adversarial samples are generated using the gradient calculations of CNNs, with updates iterated based on model loss. Different attack schemes are then applied to various traffic types and saved as generic adversarial perturbations. These time series-based perturbations are subsequently injected into the traffic stream. To precisely implement the adversarial perturbations, a masking mechanism is utilized. Our adversarial sample model was evaluated, and the results indicate that our samples can reduce the accuracy and recall rates for detecting four types of malicious network traffic, including botnets, brute force, port scanning, and web attacks, as well as degrade the detection performance of DDoS traffic. The CNN model's accuracy dropped by up to 72.76%, and the SDAE model's accuracy by up to 78.77% with minimal perturbations. Our adversarial sample attack offers a new perspective in the field of cybersecurity and lays the groundwork for designing AI models that can resist adversarial attacks more effectively.

computer science, information systems

Pradeep Rathore,Arghya Basak,Sri Harsha Nistala,Venkataramana Runkana

DOI: https://doi.org/10.1109/IJCNN48605.2020.9207272

2021-01-13

Abstract:Deep learning based models are vulnerable to adversarial attacks. These attacks can be much more harmful in case of targeted attacks, where an attacker tries not only to fool the deep learning model, but also to misguide the model to predict a specific class. Such targeted and untargeted attacks are specifically tailored for an individual sample and require addition of an imperceptible noise to the sample. In contrast, universal adversarial attack calculates a special imperceptible noise which can be added to any sample of the given dataset so that, the deep learning model is forced to predict a wrong class. To the best of our knowledge these targeted and universal attacks on time series data have not been studied in any of the previous works. In this work, we have performed untargeted, targeted and universal adversarial attacks on UCR time series datasets. Our results show that deep learning based time series classification models are vulnerable to these attacks. We also show that universal adversarial attacks have good generalization property as it need only a fraction of the training data. We have also performed adversarial training based adversarial defense. Our results show that models trained adversarially using Fast gradient sign method (FGSM), a single step attack, are able to defend against FGSM as well as Basic iterative method (BIM), a popular iterative attack.

Machine Learning

Tao Wu,Xuechun Wang,Shaojie Qiao,Xingping Xian,Yanbing Liu,Liang Zhang

DOI: https://doi.org/10.1016/j.ins.2021.11.007

IF: 8.1

2022-01-01

Information Sciences

Abstract:Time-series data are widespread in real-world industrial scenarios. To recover and infer missing information in real-world applications, the problem of time-series prediction has been widely studied as a classical research topic in data mining. Deep learning architectures have been viewed as next-generation time-series prediction models. However, recent studies have shown that deep learning models are vulnerable to adversarial attacks. In this study, we prospectively examine the problem of time-series prediction adversarial attacks and propose an attack strategy for generating an adversarial time series by adding malicious perturbations to the original time series to deteriorate the performance of time-series prediction models. Specifically, a perturbation-based adversarial example generation algorithm is proposed using the gradient information of the prediction model. In practice, unlike the imperceptibility to humans in the field of image processing, time-series data are more sensitive to abnormal perturbations and there are more stringent requirements regarding the amount of perturbations. To address this challenge, we craft an adversarial time series based on the importance measurement to slightly perturb the original data. Based on comprehensive experiments conducted on real-world time-series datasets, we verify that the proposed adversarial attack methods not only effectively fool the target time-series prediction model LSTNet, they also attack state-of-the-art CNN-, RNN-, and MHANET-based models. Meanwhile, the results show that the proposed methods achieve a good transferability. That is, the adversarial examples generated for a specific prediction model can significantly affect the performance of the other methods. Moreover, through a comparison with existing adversarial attack approaches, we can see that much smaller perturbations are sufficient for the proposed importance-measurement based adversarial attack method. The methods described in this paper are significant in understanding the impact of adversarial attacks on a time-series prediction and promoting the robustness of such prediction technologies.

Daizong Ding,Mi Zhang,Yuanmin Huang,Xudong Pan,Fuli Feng,Erling Jiang,Min Yang

DOI: https://doi.org/10.1109/icde53745.2022.00100

2022-01-01

Abstract:As a fundamental task in modern data mining, time series classification is powering mission-critical tasks including stock price prediction and network traffic analysis. Due to the non-linear structure of deep neural networks (DNN), deep learning has established as a promising solution to time series classification. However, the excessive learning capacity of DNNs may make them prone to threats of backdoor attacks, where an attacker embeds hidden functionalities (i.e., backdoor) to DNNs and activates the backdoor by specially-designed inputs (i.e., triggers). Despite extensive studies concerning backdoor attacks on image and text domains, there is little known about the vulnerability of DNN based time series classifiers against backdoor attacks. Due to the unique characteristics of time series data, most existing backdoor attack techniques fail to threaten time series classifiers. In this paper, through analyzing the key factors which influence the effectiveness of a backdoor, we systematize a list of practical principles for designing triggers on time series data. In this light, we propose a novel framework called TimeTrojan, which aims to learn to form the trigger pattern through a constrained multi-objective optimization. To solve the hereafter challenging optimization issue, we further design an iterative learning algorithm. Remarkably, the proposed framework is agnostic to a wide range of DNN classifiers. Extensive empirical results on 6 representative DNN classifiers and 6 real-world datasets validate the effectiveness of the proposed attack framework. In most cases, TimeTrojan successfully injects backdoors with 100% attack success rate without affecting the model accuracy on clean samples, which implies the complete control of the behavior of the DNN classifiers by the adversary.

Yanyun Wang,Dehui Du,Haibo Hu,Zi Liang,Yuanhao Liu

2024-09-05

Abstract:Recent years have witnessed the success of recurrent neural network (RNN) models in time series classification (TSC). However, neural networks (NNs) are vulnerable to adversarial samples, which cause real-life adversarial attacks that undermine the robustness of AI models. To date, most existing attacks target at feed-forward NNs and image recognition tasks, but they cannot perform well on RNN-based TSC. This is due to the cyclical computation of RNN, which prevents direct model differentiation. In addition, the high visual sensitivity of time series to perturbations also poses challenges to local objective optimization of adversarial samples. In this paper, we propose an efficient method called TSFool to craft highly-imperceptible adversarial time series for RNN-based TSC. The core idea is a new global optimization objective known as "Camouflage Coefficient" that captures the imperceptibility of adversarial samples from the class distribution. Based on this, we reduce the adversarial attack problem to a multi-objective optimization problem that enhances the perturbation quality. Furthermore, to speed up the optimization process, we propose to use a representation model for RNN to capture deeply embedded vulnerable samples whose features deviate from the latent manifold. Experiments on 11 UCR and UEA datasets showcase that TSFool significantly outperforms six white-box and three black-box benchmark attacks in terms of effectiveness, efficiency and imperceptibility from various perspectives including standard measure, human study and real-world defense.

Machine Learning,Cryptography and Security

Jiawei Zhao,Lizhe Xie,Yuning Zhang,Siqi Gu,Zheng Wang,Yining Hu

DOI: https://doi.org/10.2139/ssrn.4850545

2024-01-01

Abstract:Deep Neural Networks (DNNs) have been shown to be vulnerable to adversarial examples. The existence of adversarial examples significantly hinders the development of deep learning technologies in domains with high-security requirements. However, current defense methods often lack universality, being effective only against specific adversarial attacks. This study focuses on analyzing adversarial examples through changes in model attention, classifying attack algorithms into attention-shifting and attention-attenuation categories. To counter attention-shifting attacks, a defense module named Feature Pyramid-based Attention Space-guided (FPAS) is proposed, which spatially retracts the shifting attention in adversarial examples, thereby enhancing the model's overall defense capability. Attention-based Non-Local (ANL) is a proposed defense module to counter attention-attenuation attacks. This module enhances the model's focus on critical features, efficiently constructing a robust defense model with low implementation cost and minimal intrusion into the original model. By integrating FPAS and ANL into the Wide-ResNet model within a boosting framework, the study demonstrates their synergistic defense capability. Even with eight adversarial samples embedded with adversarial patches, our FPAS_at and ANL_at models demonstrated significant improvements over the baseline, enhancing the average defense rate by 5.47% and 7.74%, respectively. Extensive experiments confirm that this universal defense strategy offers comprehensive protection against adversarial attacks at a lower implementation cost compared to current mainstream defense methods, while also being adaptable for integration with existing defense strategies to further enhance adversarial robustness.

Zhengyang Li,Wenhao Liang,Chang Dong,Weitong Chen,Dong Huang

2024-08-21

Abstract:This study investigates the vulnerability of time series classification models to adversarial attacks, with a focus on how these models process local versus global information under such conditions. By leveraging the Normalized Auto Correlation Function (NACF), an exploration into the inclination of neural networks is conducted. It is demonstrated that regularization techniques, particularly those employing Fast Fourier Transform (FFT) methods and targeting frequency components of perturbations, markedly enhance the effectiveness of attacks. Meanwhile, the defense strategies, like noise introduction and Gaussian filtering, are shown to significantly lower the Attack Success Rate (ASR), with approaches based on noise introducing notably effective in countering high-frequency distortions. Furthermore, models designed to prioritize global information are revealed to possess greater resistance to adversarial manipulations. These results underline the importance of designing attack and defense mechanisms, informed by frequency domain analysis, as a means to considerably reinforce the resilience of neural network models against adversarial threats.

Machine Learning,Cryptography and Security

Yao Li,Minhao Cheng,Cho-Jui Hsieh,Thomas C. M. Lee

DOI: https://doi.org/10.1080/00031305.2021.2006781

2021-11-19

Abstract:Despite the efficiency and scalability of machine learning systems, recent studies have demonstrated that many classification methods, especially deep neural networks (DNNs), are vulnerable to adversarial examples; i.e., examples that are carefully crafted to fool a well-trained classification model while being indistinguishable from natural data to human. This makes it potentially unsafe to apply DNNs or related methods in security-critical areas. Since this issue was first identified by Biggio et al. (2013) and Szegedy et al.(2014), much work has been done in this field, including the development of attack methods to generate adversarial examples and the construction of defense techniques to guard against such examples. This paper aims to introduce this topic and its latest developments to the statistical community, primarily focusing on the generation and guarding of adversarial examples. Computing codes (in python and R) used in the numerical experiments are publicly available for readers to explore the surveyed methods. It is the hope of the authors that this paper will encourage more statisticians to work on this important and exciting field of generating and defending against adversarial examples.

Cryptography and Security,Machine Learning

LIU Kun,ZENG En,LIU Bohan,LI Junda,LI Jiangrong

DOI: https://doi.org/10.11936/bjutxb2022090028

2023-01-01

Abstract:To ensure the security of the attack detection model of time series data, an adversarial attack and adversarial defense method based on multivariate time series data was proposed. First, the escape attack implemented in the test phase was designed for the autoencoder-based attack detection model. Second, according to the designed adversarial attack samples, the adversarial defense strategy based on the Jacobian regularization method was proposed. The Jacobian matrix in the calculation model training process was taken as the regular term in the objective function to improve the defense capability of the deep learning model. The attack effects of the proposed attack methods and the defense effect of the proposed adversarial defense method were verified on the BATADAL dataset of industrial water treatment.

Fazle Karim,Somshubra Majumdar,Houshang Darabi

DOI: https://doi.org/10.48550/arXiv.1902.10755

2019-03-01

Abstract:Time series classification models have been garnering significant importance in the research community. However, not much research has been done on generating adversarial samples for these models. These adversarial samples can become a security concern. In this paper, we propose utilizing an adversarial transformation network (ATN) on a distilled model to attack various time series classification models. The proposed attack on the classification model utilizes a distilled model as a surrogate that mimics the behavior of the attacked classical time series classification models. Our proposed methodology is applied onto 1-Nearest Neighbor Dynamic Time Warping (1-NN ) DTW, a Fully Connected Network and a Fully Convolutional Network (FCN), all of which are trained on 42 University of California Riverside (UCR) datasets. In this paper, we show both models were susceptible to attacks on all 42 datasets. To the best of our knowledge, such an attack on time series classification models has never been done before. Finally, we recommend future researchers that develop time series classification models to incorporating adversarial data samples into their training data sets to improve resilience on adversarial samples and to consider model robustness as an evaluative metric.

Machine Learning

David J. Miller,Yulia Wang,George Kesidis

DOI: https://doi.org/10.48550/arXiv.1712.06646

2018-06-28

Abstract:A significant threat to the recent, wide deployment of machine learning-based systems, including deep neural networks (DNNs), is adversarial learning attacks. We analyze possible test-time evasion-attack mechanisms and show that, in some important cases, when the image has been attacked, correctly classifying it has no utility: i) when the image to be attacked is (even arbitrarily) selected from the attacker's cache; ii) when the sole recipient of the classifier's decision is the attacker. Moreover, in some application domains and scenarios it is highly actionable to detect the attack irrespective of correctly classifying in the face of it (with classification still performed if no attack is detected). We hypothesize that, even if human-imperceptible, adversarial perturbations are machine-detectable. We propose a purely unsupervised anomaly detector (AD) that, unlike previous works: i) models the joint density of a deep layer using highly suitable null hypothesis density models (matched in particular to the non- negative support for RELU layers); ii) exploits multiple DNN layers; iii) leverages a "source" and "destination" class concept, source class uncertainty, the class confusion matrix, and DNN weight information in constructing a novel decision statistic grounded in the Kullback-Leibler divergence. Tested on MNIST and CIFAR-10 image databases under three prominent attack strategies, our approach outperforms previous detection methods, achieving strong ROC AUC detection accuracy on two attacks and better accuracy than recently reported for a variety of methods on the strongest (CW) attack. We also evaluate a fully white box attack on our system. Finally, we evaluate other important performance measures, such as classification accuracy, versus detection rate and attack strength.

Machine Learning,Cryptography and Security

Lin Jing,Njilla Laurent L.,Xiong Kaiqi

DOI: https://doi.org/10.1186/s13635-021-00125-2

2022-01-01

EURASIP Journal on Information Security

Abstract:Deep neural networks (DNNs) are widely used to handle many difficult tasks, such as image classification and malware detection, and achieve outstanding performance. However, recent studies on adversarial examples, which have maliciously undetectable perturbations added to their original samples that are indistinguishable by human eyes but mislead the machine learning approaches, show that machine learning models are vulnerable to security attacks. Though various adversarial retraining techniques have been developed in the past few years, none of them is scalable. In this paper, we propose a new iterative adversarial retraining approach to robustify the model and to reduce the effectiveness of adversarial inputs on DNN models. The proposed method retrains the model with both Gaussian noise augmentation and adversarial generation techniques for better generalization. Furthermore, the ensemble model is utilized during the testing phase in order to increase the robust test accuracy. The results from our extensive experiments demonstrate that the proposed approach increases the robustness of the DNN model against various adversarial attacks, specifically, fast gradient sign attack, Carlini and Wagner (C&W) attack, Projected Gradient Descent (PGD) attack, and DeepFool attack. To be precise, the robust classifier obtained by our proposed approach can maintain a performance accuracy of 99% on average on the standard test set. Moreover, we empirically evaluate the runtime of two of the most effective adversarial attacks, i.e., C&W attack and BIM attack, to find that the C&W attack can utilize GPU for faster adversarial example generation than the BIM attack can. For this reason, we further develop a parallel implementation of the proposed approach. This parallel implementation makes the proposed approach scalable for large datasets and complex models.

Shahroz Tariq,Binh M. Le,Simon S. Woo

DOI: https://doi.org/10.1145/3511808.3557073

2022-08-24

Abstract:Time series anomaly detection is extensively studied in statistics, economics, and computer science. Over the years, numerous methods have been proposed for time series anomaly detection using deep learning-based methods. Many of these methods demonstrate state-of-the-art performance on benchmark datasets, giving the false impression that these systems are robust and deployable in many practical and industrial real-world scenarios. In this paper, we demonstrate that the performance of state-of-the-art anomaly detection methods is degraded substantially by adding only small adversarial perturbations to the sensor data. We use different scoring metrics such as prediction errors, anomaly, and classification scores over several public and private datasets ranging from aerospace applications, server machines, to cyber-physical systems in power plants. Under well-known adversarial attacks from Fast Gradient Sign Method (FGSM) and Projected Gradient Descent (PGD) methods, we demonstrate that state-of-the-art deep neural networks (DNNs) and graph neural networks (GNNs) methods, which claim to be robust against anomalies and have been possibly integrated in real-life systems, have their performance drop to as low as 0%. To the best of our understanding, we demonstrate, for the first time, the vulnerabilities of anomaly detection systems against adversarial attacks. The overarching goal of this research is to raise awareness towards the adversarial vulnerabilities of time series anomaly detectors.

Machine Learning,Cryptography and Security

Su Zheng,Jialin Chen,Lingli Wang

DOI: https://doi.org/10.1109/ijcnn.2019.8852078

2019-01-01

Abstract:Deep neural networks (DNNs) are widely applied to image classification tasks. Due to the fact that these models are usually vulnerable, subtle perturbations of pixels may lead to classification errors, which poses a serious threat to the success of DNN applications. Moreover, perturbations of pixels can also corrupt other pattern recognition models such as Naive Bayes (NB), Decision Tree (DT) and Random Forest (RF). In this paper, a general method is proposed to carry out targeted black-box attacks for image classification models. The proposed method can achieve targeted fool rates (TFRs) of 0.873 and 0.781 on CIFAR-10 dataset with and without the access to the training set of the target model respectively. For cross-model attacks, the proposed method can still achieve a TFR of 0.630 on CIFAR-10. Furthermore, the proposed method is able to mount attacks for up to 100 classes on CIFAR-100 dataset with a TFR of 0.721, successfully handling 99 cases for each class. In our experiments, the proposed method shows higher performance and higher reliability than other black-box attack methods, with 0.123 greater maximum TFR and 0.602 greater minimum TFR than previous methods UPSET and ANGRI on CIFAR-10 in attacks trained on a single model.

Xiaohui Kuang,Hongyi Liu,Ye Wang,Qikun Zhang,Quanxin Zhang,Jun Zheng

DOI: https://doi.org/10.1109/access.2019.2956553

IF: 3.9

2019-01-01

IEEE Access

Abstract:Deep neural networks(DNNs) are widely used in AI-controlled Cyber-Physical Systems (CPS) to controll cars, robotics, water treatment plants and railways. However, DNNs have vulnerabilities to well-designed input samples that are called adversarial examples. Adversary attack is one of the important techniques for detecting and improving the security of neural networks. Existing attacks, including state-of-the-art black-box attack have a lower success rate and make invalid queries that are not beneficial to obtain the direction of generating adversarial examples. For these reasons, this paper proposed a CMA-ES-based adversarial attack on black-box DNNs. Firstly, an efficient method to reduce the number of invalid queries is introduced. Secondly, a black-box attack of generating adversarial examples to fit a high-dimensional independent Gaussian distribution of the local solution space is proposed. Finally, a new CMA-based perturbation compression method is applied to make the process of reducing perturbation smoother. Experimental results on ImageNet classifiers show that the proposed attack has a higher success-rate than the state-of-the-art black-box attack but reduce the number of queries by 30% equally.