Date of Award
8-1-2025
Degree Name
Master of Science
Department
Computer Science
First Advisor
Imteaj, Ahmed
Abstract
Adversarial attacks have revealed the fragility of deep neural networks, but most targeted attacks remain model-specific and struggle to generalize across different model architectures. In this paper, we propose a transferable targeted attack framework that unifies momentum, input diversity, and translation invariance within a Projected Gradient Descent (PGD) optimization scheme. Our method is designed to craft adversarial examples that not only mislead individual models but transfer to unseen architectures while steering predictions toward a fixed target class. We evaluate the proposed method on five diverse image classification models: ResNet-50, EfficientNet-B0, DenseNet-121, Swin Transformer, and MobileViT, using CIFAR-10 dataset as the benchmark. Through a leave-one-out ensemble strategy, we achieve a consistent improvement in targeted attack success rate on held-out models, demonstrating the method’s improved transferability. This work exposes critical vulnerabilities in both convolutional and transformer-based vision models and offers a scalable blueprint for designing stronger, more generalizable adversarial attacks.
Access
This thesis is only available for download to the SIUC community. Current SIUC affiliates may also access this paper off campus by searching Dissertations & Theses @ Southern Illinois University Carbondale from ProQuest. Others should contact the interlibrary loan department of your local library or contact ProQuest's Dissertation Express service.