Fool 'Em All - Fool-X: A Powerful & Fast Method for Generating Effective Adversarial Images

Samer Y. Khamaiseh; Mathew Mancino; Deirdre Jost; Abdullah Al-Alaj; Derek Bagagem; Edoardo Serra

doi:10.1109/BigData62323.2024.10825226

Fool 'Em All - Fool-X: A Powerful & Fast Method for Generating Effective Adversarial Images

Samer Y. Khamaiseh
, Mathew Mancino
, Deirdre Jost
, Abdullah Al-Alaj
, Derek Bagagem
, Edoardo Serra

Computer Science Department

Miami University
CACI International Inc.
Virginia Wesleyan College
Boise State University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

1 Scopus citations

Abstract

The well-trained image classification neural networks are vulnerable to adversarial examples. An adversarial example is a malicious input carefully crafted by adding small perturbations to the original input, leading to misclassification. Despite advancements in generating adversarial examples, to the best of our knowledge, none of the well-known adversarial attacks can generate effective adversarial examples that work efficiently on large-scale datasets and very deep neural network architectures. In contrast to ordinary adversarial examples, effective adversarial examples have all the following four characteristics: (1) the ability to maximize the loss of DNNs, (2) the ability to cause a high misclassification rate for both undefended and defended DNN models using various defense methods, (3) minimal perturbations with low computational overhead on large-scale datasets, (4) the ability to be transferable across different DNN architectures.To fill this void, we propose Fool-X, an algorithm to generate effective adversarial examples with the least perturbations that can fool state-of-the-art image classification neural networks. To evaluate the performance of Fool-X, we have conducted extensive experiments using 12 baseline adversarial training defense methods and six state-of-the-art adversarial attacks. The results reported on ImageNet-ILSVRC, CIFAR-100, and CIFAR-10 demonstrate that the proposed Fool-X algorithm can generate effective adversarial examples on large-scale datasets that can successfully fool the well-trained, defended image classification neural networks and significantly outperform the state-of-the-art adversarial attacks. The code is available: https://github.com/LAiSR-SK/fool-X-Attack

Original language	English
Title of host publication	Proceedings - 2024 IEEE International Conference on Big Data, BigData 2024
Editors	Wei Ding, Chang-Tien Lu, Fusheng Wang, Liping Di, Kesheng Wu, Jun Huan, Raghu Nambiar, Jundong Li, Filip Ilievski, Ricardo Baeza-Yates, Xiaohua Hu
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	7041-7050
Number of pages	10
ISBN (Electronic)	9798350362480
DOIs	https://doi.org/10.1109/BigData62323.2024.10825226
State	Published - 2024
Event	2024 IEEE International Conference on Big Data, BigData 2024 - Washington, United States Duration: 15 Dec 2024 → 18 Dec 2024

Publication series

Name	Proceedings - 2024 IEEE International Conference on Big Data, BigData 2024
ISSN (Print)	2639-1589
ISSN (Electronic)	2573-2978

Conference

Conference	2024 IEEE International Conference on Big Data, BigData 2024
Country/Territory	United States
City	Washington
Period	15/12/24 → 18/12/24

Keywords

Adversarial Examples
Adversarial Machine Learning
Cross-model Transferability;
Deep Neural Networks

Access to Document

10.1109/BigData62323.2024.10825226

Cite this

Khamaiseh, S. Y., Mancino, M., Jost, D., Al-Alaj, A., Bagagem, D., & Serra, E. (2024). Fool 'Em All - Fool-X: A Powerful & Fast Method for Generating Effective Adversarial Images. In W. Ding, C.-T. Lu, F. Wang, L. Di, K. Wu, J. Huan, R. Nambiar, J. Li, F. Ilievski, R. Baeza-Yates, & X. Hu (Eds.), Proceedings - 2024 IEEE International Conference on Big Data, BigData 2024 (pp. 7041-7050). (Proceedings - 2024 IEEE International Conference on Big Data, BigData 2024). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/BigData62323.2024.10825226

Khamaiseh, Samer Y. ; Mancino, Mathew ; Jost, Deirdre et al. / Fool 'Em All - Fool-X : A Powerful & Fast Method for Generating Effective Adversarial Images. Proceedings - 2024 IEEE International Conference on Big Data, BigData 2024. editor / Wei Ding ; Chang-Tien Lu ; Fusheng Wang ; Liping Di ; Kesheng Wu ; Jun Huan ; Raghu Nambiar ; Jundong Li ; Filip Ilievski ; Ricardo Baeza-Yates ; Xiaohua Hu. Institute of Electrical and Electronics Engineers Inc., 2024. pp. 7041-7050 (Proceedings - 2024 IEEE International Conference on Big Data, BigData 2024).

@inproceedings{d15c36b5e469410a8c6ed3a3d75e9634,

title = "Fool 'Em All - Fool-X: A Powerful \& Fast Method for Generating Effective Adversarial Images",

abstract = "The well-trained image classification neural networks are vulnerable to adversarial examples. An adversarial example is a malicious input carefully crafted by adding small perturbations to the original input, leading to misclassification. Despite advancements in generating adversarial examples, to the best of our knowledge, none of the well-known adversarial attacks can generate effective adversarial examples that work efficiently on large-scale datasets and very deep neural network architectures. In contrast to ordinary adversarial examples, effective adversarial examples have all the following four characteristics: (1) the ability to maximize the loss of DNNs, (2) the ability to cause a high misclassification rate for both undefended and defended DNN models using various defense methods, (3) minimal perturbations with low computational overhead on large-scale datasets, (4) the ability to be transferable across different DNN architectures.To fill this void, we propose Fool-X, an algorithm to generate effective adversarial examples with the least perturbations that can fool state-of-the-art image classification neural networks. To evaluate the performance of Fool-X, we have conducted extensive experiments using 12 baseline adversarial training defense methods and six state-of-the-art adversarial attacks. The results reported on ImageNet-ILSVRC, CIFAR-100, and CIFAR-10 demonstrate that the proposed Fool-X algorithm can generate effective adversarial examples on large-scale datasets that can successfully fool the well-trained, defended image classification neural networks and significantly outperform the state-of-the-art adversarial attacks. The code is available: https://github.com/LAiSR-SK/fool-X-Attack",

keywords = "Adversarial Examples, Adversarial Machine Learning, Cross-model Transferability;, Deep Neural Networks",

author = "Khamaiseh, \{Samer Y.\} and Mathew Mancino and Deirdre Jost and Abdullah Al-Alaj and Derek Bagagem and Edoardo Serra",

note = "Publisher Copyright: {\textcopyright} 2024 IEEE.; 2024 IEEE International Conference on Big Data, BigData 2024 ; Conference date: 15-12-2024 Through 18-12-2024",

year = "2024",

doi = "10.1109/BigData62323.2024.10825226",

language = "English",

series = "Proceedings - 2024 IEEE International Conference on Big Data, BigData 2024",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "7041--7050",

editor = "Wei Ding and Chang-Tien Lu and Fusheng Wang and Liping Di and Kesheng Wu and Jun Huan and Raghu Nambiar and Jundong Li and Filip Ilievski and Ricardo Baeza-Yates and Xiaohua Hu",

booktitle = "Proceedings - 2024 IEEE International Conference on Big Data, BigData 2024",

address = "United States",

}

Khamaiseh, SY, Mancino, M, Jost, D, Al-Alaj, A, Bagagem, D & Serra, E 2024, Fool 'Em All - Fool-X: A Powerful & Fast Method for Generating Effective Adversarial Images. in W Ding, C-T Lu, F Wang, L Di, K Wu, J Huan, R Nambiar, J Li, F Ilievski, R Baeza-Yates & X Hu (eds), Proceedings - 2024 IEEE International Conference on Big Data, BigData 2024. Proceedings - 2024 IEEE International Conference on Big Data, BigData 2024, Institute of Electrical and Electronics Engineers Inc., pp. 7041-7050, 2024 IEEE International Conference on Big Data, BigData 2024, Washington, United States, 15/12/24. https://doi.org/10.1109/BigData62323.2024.10825226

Fool 'Em All - Fool-X: A Powerful & Fast Method for Generating Effective Adversarial Images. / Khamaiseh, Samer Y.; Mancino, Mathew; Jost, Deirdre et al.
Proceedings - 2024 IEEE International Conference on Big Data, BigData 2024. ed. / Wei Ding; Chang-Tien Lu; Fusheng Wang; Liping Di; Kesheng Wu; Jun Huan; Raghu Nambiar; Jundong Li; Filip Ilievski; Ricardo Baeza-Yates; Xiaohua Hu. Institute of Electrical and Electronics Engineers Inc., 2024. p. 7041-7050 (Proceedings - 2024 IEEE International Conference on Big Data, BigData 2024).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Fool 'Em All - Fool-X

T2 - 2024 IEEE International Conference on Big Data, BigData 2024

AU - Khamaiseh, Samer Y.

AU - Mancino, Mathew

AU - Jost, Deirdre

AU - Al-Alaj, Abdullah

AU - Bagagem, Derek

AU - Serra, Edoardo

PY - 2024

Y1 - 2024

N2 - The well-trained image classification neural networks are vulnerable to adversarial examples. An adversarial example is a malicious input carefully crafted by adding small perturbations to the original input, leading to misclassification. Despite advancements in generating adversarial examples, to the best of our knowledge, none of the well-known adversarial attacks can generate effective adversarial examples that work efficiently on large-scale datasets and very deep neural network architectures. In contrast to ordinary adversarial examples, effective adversarial examples have all the following four characteristics: (1) the ability to maximize the loss of DNNs, (2) the ability to cause a high misclassification rate for both undefended and defended DNN models using various defense methods, (3) minimal perturbations with low computational overhead on large-scale datasets, (4) the ability to be transferable across different DNN architectures.To fill this void, we propose Fool-X, an algorithm to generate effective adversarial examples with the least perturbations that can fool state-of-the-art image classification neural networks. To evaluate the performance of Fool-X, we have conducted extensive experiments using 12 baseline adversarial training defense methods and six state-of-the-art adversarial attacks. The results reported on ImageNet-ILSVRC, CIFAR-100, and CIFAR-10 demonstrate that the proposed Fool-X algorithm can generate effective adversarial examples on large-scale datasets that can successfully fool the well-trained, defended image classification neural networks and significantly outperform the state-of-the-art adversarial attacks. The code is available: https://github.com/LAiSR-SK/fool-X-Attack

AB - The well-trained image classification neural networks are vulnerable to adversarial examples. An adversarial example is a malicious input carefully crafted by adding small perturbations to the original input, leading to misclassification. Despite advancements in generating adversarial examples, to the best of our knowledge, none of the well-known adversarial attacks can generate effective adversarial examples that work efficiently on large-scale datasets and very deep neural network architectures. In contrast to ordinary adversarial examples, effective adversarial examples have all the following four characteristics: (1) the ability to maximize the loss of DNNs, (2) the ability to cause a high misclassification rate for both undefended and defended DNN models using various defense methods, (3) minimal perturbations with low computational overhead on large-scale datasets, (4) the ability to be transferable across different DNN architectures.To fill this void, we propose Fool-X, an algorithm to generate effective adversarial examples with the least perturbations that can fool state-of-the-art image classification neural networks. To evaluate the performance of Fool-X, we have conducted extensive experiments using 12 baseline adversarial training defense methods and six state-of-the-art adversarial attacks. The results reported on ImageNet-ILSVRC, CIFAR-100, and CIFAR-10 demonstrate that the proposed Fool-X algorithm can generate effective adversarial examples on large-scale datasets that can successfully fool the well-trained, defended image classification neural networks and significantly outperform the state-of-the-art adversarial attacks. The code is available: https://github.com/LAiSR-SK/fool-X-Attack

KW - Adversarial Examples

KW - Adversarial Machine Learning

KW - Cross-model Transferability;

KW - Deep Neural Networks

UR - https://www.scopus.com/pages/publications/85218055902

U2 - 10.1109/BigData62323.2024.10825226

DO - 10.1109/BigData62323.2024.10825226

M3 - Conference contribution

AN - SCOPUS:85218055902

T3 - Proceedings - 2024 IEEE International Conference on Big Data, BigData 2024

SP - 7041

EP - 7050

BT - Proceedings - 2024 IEEE International Conference on Big Data, BigData 2024

A2 - Ding, Wei

A2 - Lu, Chang-Tien

A2 - Wang, Fusheng

A2 - Di, Liping

A2 - Wu, Kesheng

A2 - Huan, Jun

A2 - Nambiar, Raghu

A2 - Li, Jundong

A2 - Ilievski, Filip

A2 - Baeza-Yates, Ricardo

A2 - Hu, Xiaohua

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 15 December 2024 through 18 December 2024

ER -

Khamaiseh SY, Mancino M, Jost D, Al-Alaj A, Bagagem D, Serra E. Fool 'Em All - Fool-X: A Powerful & Fast Method for Generating Effective Adversarial Images. In Ding W, Lu CT, Wang F, Di L, Wu K, Huan J, Nambiar R, Li J, Ilievski F, Baeza-Yates R, Hu X, editors, Proceedings - 2024 IEEE International Conference on Big Data, BigData 2024. Institute of Electrical and Electronics Engineers Inc. 2024. p. 7041-7050. (Proceedings - 2024 IEEE International Conference on Big Data, BigData 2024). doi: 10.1109/BigData62323.2024.10825226

Fool 'Em All - Fool-X: A Powerful & Fast Method for Generating Effective Adversarial Images

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this