Existing time series anomaly detection methods lack robustness under adversarial attacks, and conventional ℓp-norm-based defenses fail to adequately capture temporal structures. This work proposes the first certified robust defense framework tailored to the Dynamic Time Warping (DTW) metric space by extending randomized smoothing beyond ℓp norms, thereby better aligning with the intrinsic temporal characteristics of time series data. By introducing a novel lower-bound transformation technique that relates DTW distance to ℓp distance, the method achieves significant robustness improvements across diverse datasets and models. Under DTW-based adversarial attacks, it boosts the F1 score by up to 18.7%, demonstrating its effectiveness in enhancing certified robustness for time series anomaly detection.

Time-series anomaly detection is critical for ensuring safety in high-stakes applications, where robustness is a fundamental requirement rather than a mere performance metric. Addressing the vulnerability of these systems to adversarial manipulation is therefore essential. Existing defenses are largely heuristic or provide certified robustness only under $\ell_p$-norm constraints, which are incompatible with time-series data. In particular, $\ell_p$-norm fails to capture the intrinsic temporal structure in time series, causing small temporal distortions to significantly alter the $\ell_p$-norm measures. Instead, the similarity metric \emph{Dynamic Time Warping} (DTW) is more suitable and widely adopted in the time-series domain, as DTW accounts for temporal alignment and remains robust to temporal variations. To date, however, there has been no certifiable robustness result in this metric that provides guarantees. In this work, we introduce the first \emph{DTW-certified robust defense} in time-series anomaly detection by adapting the randomized smoothing paradigm. We develop this certificate by bridging the $\ell_p$-norm to DTW distance through a lower-bound transformation. Extensive experiments across various datasets and models validate the effectiveness and practicality of our theoretical approach. Results demonstrate significantly improved performance, e.g., up to 18.7\% in F1-score under DTW-based adversarial attacks compared to traditional certified models.