Target-X: An Efficient Algorithm for Generating Targeted Adversarial Images to Fool Neural Networks

Samer Y. Khamaiseh; Derek Bagagem; Abdullah Al-Alaj; Mathew Mancino; Hakem Alomari; Ahmed Aleroud

doi:10.1109/COMPSAC57700.2023.00087

Target-X: An Efficient Algorithm for Generating Targeted Adversarial Images to Fool Neural Networks

Samer Y. Khamaiseh, Derek Bagagem, Abdullah Al-Alaj, Mathew Mancino, Hakem Alomari, Ahmed Aleroud

Computer & Cyber Sciences

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Deep neural networks (DNNs) have achieved a series of significant successes in a wide spectrum of critical domains. For instance, in the field of computer vision, DNNs become the first choice in developing image recognition and classification solutions. However, DNNs have been recently found vulnerable to manipulations of input samples, called adversarial images. The adversarial images can be classified into two categories: untargeted adversarial images which aim to manipulate the output of the DNNs to any incorrect label and targeted adversarial images which force the prediction of the DNNs to a specified target label predefined by the adversary. That being said, the construction of targeted adversarial images requires careful crafting of the targeted perturbations. Different research works have been done to generate targeted adversarial images. However, the majority of them have two limitations: (1) adding large size of perturbations to generate successfully targeted images, and (2) they require extensive computational resources to be utilized in large-scale datasets. This paper introduces Target-X, a novel and fast method for the construction of adversarial targeted images on large-scale datasets that can fool the state-of-the-art image classification neural networks. We evaluate the performance of Target-X using the well-trained image classification neural networks of different architectures and compare it with the well-known T-FGSM and T-UAP targeted attacks. The reported results demonstrate that Target-X can generate targeted adversarial images with the least perturbations on large-scale datasets that can fool the image classification neural networks and significantly outperform the T-FGSM and T-UAP attacks.

Original language	English (US)
Title of host publication	Proceedings - 2023 IEEE 47th Annual Computers, Software, and Applications Conference, COMPSAC 2023
Editors	Hossain Shahriar, Yuuichi Teranishi, Alfredo Cuzzocrea, Moushumi Sharmin, Dave Towey, AKM Jahangir Alam Majumder, Hiroki Kashiwazaki, Ji-Jiang Yang, Michiharu Takemoto, Nazmus Sakib, Ryohei Banno, Sheikh Iqbal Ahamed
Publisher	IEEE Computer Society
Pages	617-626
Number of pages	10
ISBN (Electronic)	9798350326970
DOIs	https://doi.org/10.1109/COMPSAC57700.2023.00087
State	Published - 2023
Event	47th IEEE Annual Computers, Software, and Applications Conference, COMPSAC 2023 - Hybrid, Torino, Italy Duration: Jun 26 2023 → Jun 30 2023

Publication series

Name	Proceedings - International Computer Software and Applications Conference
Volume	2023-June
ISSN (Print)	0730-3157

Conference

Conference	47th IEEE Annual Computers, Software, and Applications Conference, COMPSAC 2023
Country/Territory	Italy
City	Hybrid, Torino
Period	6/26/23 → 6/30/23

Keywords

adversarial deep neural networks
adversarial images
deep learning
image classification neural networks

ASJC Scopus subject areas

Software
Computer Science Applications

Access to Document

10.1109/COMPSAC57700.2023.00087

Cite this

Khamaiseh, S. Y., Bagagem, D., Al-Alaj, A., Mancino, M., Alomari, H., & Aleroud, A. (2023). Target-X: An Efficient Algorithm for Generating Targeted Adversarial Images to Fool Neural Networks. In H. Shahriar, Y. Teranishi, A. Cuzzocrea, M. Sharmin, D. Towey, AKM. J. A. Majumder, H. Kashiwazaki, J.-J. Yang, M. Takemoto, N. Sakib, R. Banno, & S. I. Ahamed (Eds.), Proceedings - 2023 IEEE 47th Annual Computers, Software, and Applications Conference, COMPSAC 2023 (pp. 617-626). (Proceedings - International Computer Software and Applications Conference; Vol. 2023-June). IEEE Computer Society. https://doi.org/10.1109/COMPSAC57700.2023.00087

Target-X: An Efficient Algorithm for Generating Targeted Adversarial Images to Fool Neural Networks. / Khamaiseh, Samer Y.; Bagagem, Derek; Al-Alaj, Abdullah et al.
Proceedings - 2023 IEEE 47th Annual Computers, Software, and Applications Conference, COMPSAC 2023. ed. / Hossain Shahriar; Yuuichi Teranishi; Alfredo Cuzzocrea; Moushumi Sharmin; Dave Towey; AKM Jahangir Alam Majumder; Hiroki Kashiwazaki; Ji-Jiang Yang; Michiharu Takemoto; Nazmus Sakib; Ryohei Banno; Sheikh Iqbal Ahamed. IEEE Computer Society, 2023. p. 617-626 (Proceedings - International Computer Software and Applications Conference; Vol. 2023-June).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Khamaiseh, SY, Bagagem, D, Al-Alaj, A, Mancino, M, Alomari, H & Aleroud, A 2023, Target-X: An Efficient Algorithm for Generating Targeted Adversarial Images to Fool Neural Networks. in H Shahriar, Y Teranishi, A Cuzzocrea, M Sharmin, D Towey, AKMJA Majumder, H Kashiwazaki, J-J Yang, M Takemoto, N Sakib, R Banno & SI Ahamed (eds), Proceedings - 2023 IEEE 47th Annual Computers, Software, and Applications Conference, COMPSAC 2023. Proceedings - International Computer Software and Applications Conference, vol. 2023-June, IEEE Computer Society, pp. 617-626, 47th IEEE Annual Computers, Software, and Applications Conference, COMPSAC 2023, Hybrid, Torino, Italy, 6/26/23. https://doi.org/10.1109/COMPSAC57700.2023.00087

Khamaiseh SY, Bagagem D, Al-Alaj A, Mancino M, Alomari H, Aleroud A. Target-X: An Efficient Algorithm for Generating Targeted Adversarial Images to Fool Neural Networks. In Shahriar H, Teranishi Y, Cuzzocrea A, Sharmin M, Towey D, Majumder AKMJA, Kashiwazaki H, Yang JJ, Takemoto M, Sakib N, Banno R, Ahamed SI, editors, Proceedings - 2023 IEEE 47th Annual Computers, Software, and Applications Conference, COMPSAC 2023. IEEE Computer Society. 2023. p. 617-626. (Proceedings - International Computer Software and Applications Conference). doi: 10.1109/COMPSAC57700.2023.00087

Khamaiseh, Samer Y. ; Bagagem, Derek ; Al-Alaj, Abdullah et al. / Target-X : An Efficient Algorithm for Generating Targeted Adversarial Images to Fool Neural Networks. Proceedings - 2023 IEEE 47th Annual Computers, Software, and Applications Conference, COMPSAC 2023. editor / Hossain Shahriar ; Yuuichi Teranishi ; Alfredo Cuzzocrea ; Moushumi Sharmin ; Dave Towey ; AKM Jahangir Alam Majumder ; Hiroki Kashiwazaki ; Ji-Jiang Yang ; Michiharu Takemoto ; Nazmus Sakib ; Ryohei Banno ; Sheikh Iqbal Ahamed. IEEE Computer Society, 2023. pp. 617-626 (Proceedings - International Computer Software and Applications Conference).

@inproceedings{50c79ee57f2e4ae88f0d6acf84712542,

title = "Target-X: An Efficient Algorithm for Generating Targeted Adversarial Images to Fool Neural Networks",

abstract = "Deep neural networks (DNNs) have achieved a series of significant successes in a wide spectrum of critical domains. For instance, in the field of computer vision, DNNs become the first choice in developing image recognition and classification solutions. However, DNNs have been recently found vulnerable to manipulations of input samples, called adversarial images. The adversarial images can be classified into two categories: untargeted adversarial images which aim to manipulate the output of the DNNs to any incorrect label and targeted adversarial images which force the prediction of the DNNs to a specified target label predefined by the adversary. That being said, the construction of targeted adversarial images requires careful crafting of the targeted perturbations. Different research works have been done to generate targeted adversarial images. However, the majority of them have two limitations: (1) adding large size of perturbations to generate successfully targeted images, and (2) they require extensive computational resources to be utilized in large-scale datasets. This paper introduces Target-X, a novel and fast method for the construction of adversarial targeted images on large-scale datasets that can fool the state-of-the-art image classification neural networks. We evaluate the performance of Target-X using the well-trained image classification neural networks of different architectures and compare it with the well-known T-FGSM and T-UAP targeted attacks. The reported results demonstrate that Target-X can generate targeted adversarial images with the least perturbations on large-scale datasets that can fool the image classification neural networks and significantly outperform the T-FGSM and T-UAP attacks.",

keywords = "adversarial deep neural networks, adversarial images, deep learning, image classification neural networks",

author = "Khamaiseh, {Samer Y.} and Derek Bagagem and Abdullah Al-Alaj and Mathew Mancino and Hakem Alomari and Ahmed Aleroud",

note = "Publisher Copyright: {\textcopyright} 2023 IEEE.; 47th IEEE Annual Computers, Software, and Applications Conference, COMPSAC 2023 ; Conference date: 26-06-2023 Through 30-06-2023",

year = "2023",

doi = "10.1109/COMPSAC57700.2023.00087",

language = "English (US)",

series = "Proceedings - International Computer Software and Applications Conference",

publisher = "IEEE Computer Society",

pages = "617--626",

editor = "Hossain Shahriar and Yuuichi Teranishi and Alfredo Cuzzocrea and Moushumi Sharmin and Dave Towey and Majumder, {AKM Jahangir Alam} and Hiroki Kashiwazaki and Ji-Jiang Yang and Michiharu Takemoto and Nazmus Sakib and Ryohei Banno and Ahamed, {Sheikh Iqbal}",

booktitle = "Proceedings - 2023 IEEE 47th Annual Computers, Software, and Applications Conference, COMPSAC 2023",

}

TY - GEN

T1 - Target-X

T2 - 47th IEEE Annual Computers, Software, and Applications Conference, COMPSAC 2023

AU - Khamaiseh, Samer Y.

AU - Bagagem, Derek

AU - Al-Alaj, Abdullah

AU - Mancino, Mathew

AU - Alomari, Hakem

AU - Aleroud, Ahmed

PY - 2023

Y1 - 2023

N2 - Deep neural networks (DNNs) have achieved a series of significant successes in a wide spectrum of critical domains. For instance, in the field of computer vision, DNNs become the first choice in developing image recognition and classification solutions. However, DNNs have been recently found vulnerable to manipulations of input samples, called adversarial images. The adversarial images can be classified into two categories: untargeted adversarial images which aim to manipulate the output of the DNNs to any incorrect label and targeted adversarial images which force the prediction of the DNNs to a specified target label predefined by the adversary. That being said, the construction of targeted adversarial images requires careful crafting of the targeted perturbations. Different research works have been done to generate targeted adversarial images. However, the majority of them have two limitations: (1) adding large size of perturbations to generate successfully targeted images, and (2) they require extensive computational resources to be utilized in large-scale datasets. This paper introduces Target-X, a novel and fast method for the construction of adversarial targeted images on large-scale datasets that can fool the state-of-the-art image classification neural networks. We evaluate the performance of Target-X using the well-trained image classification neural networks of different architectures and compare it with the well-known T-FGSM and T-UAP targeted attacks. The reported results demonstrate that Target-X can generate targeted adversarial images with the least perturbations on large-scale datasets that can fool the image classification neural networks and significantly outperform the T-FGSM and T-UAP attacks.

AB - Deep neural networks (DNNs) have achieved a series of significant successes in a wide spectrum of critical domains. For instance, in the field of computer vision, DNNs become the first choice in developing image recognition and classification solutions. However, DNNs have been recently found vulnerable to manipulations of input samples, called adversarial images. The adversarial images can be classified into two categories: untargeted adversarial images which aim to manipulate the output of the DNNs to any incorrect label and targeted adversarial images which force the prediction of the DNNs to a specified target label predefined by the adversary. That being said, the construction of targeted adversarial images requires careful crafting of the targeted perturbations. Different research works have been done to generate targeted adversarial images. However, the majority of them have two limitations: (1) adding large size of perturbations to generate successfully targeted images, and (2) they require extensive computational resources to be utilized in large-scale datasets. This paper introduces Target-X, a novel and fast method for the construction of adversarial targeted images on large-scale datasets that can fool the state-of-the-art image classification neural networks. We evaluate the performance of Target-X using the well-trained image classification neural networks of different architectures and compare it with the well-known T-FGSM and T-UAP targeted attacks. The reported results demonstrate that Target-X can generate targeted adversarial images with the least perturbations on large-scale datasets that can fool the image classification neural networks and significantly outperform the T-FGSM and T-UAP attacks.

KW - adversarial deep neural networks

KW - adversarial images

KW - deep learning

KW - image classification neural networks

UR - http://www.scopus.com/inward/record.url?scp=85168876808&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85168876808&partnerID=8YFLogxK

U2 - 10.1109/COMPSAC57700.2023.00087

DO - 10.1109/COMPSAC57700.2023.00087

M3 - Conference contribution

AN - SCOPUS:85168876808

T3 - Proceedings - International Computer Software and Applications Conference

SP - 617

EP - 626

BT - Proceedings - 2023 IEEE 47th Annual Computers, Software, and Applications Conference, COMPSAC 2023

A2 - Shahriar, Hossain

A2 - Teranishi, Yuuichi

A2 - Cuzzocrea, Alfredo

A2 - Sharmin, Moushumi

A2 - Towey, Dave

A2 - Majumder, AKM Jahangir Alam

A2 - Kashiwazaki, Hiroki

A2 - Yang, Ji-Jiang

A2 - Takemoto, Michiharu

A2 - Sakib, Nazmus

A2 - Banno, Ryohei

A2 - Ahamed, Sheikh Iqbal

PB - IEEE Computer Society

Y2 - 26 June 2023 through 30 June 2023

ER -

Target-X: An Efficient Algorithm for Generating Targeted Adversarial Images to Fool Neural Networks

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this