secmlt.adv.evasion package

Subpackages

• secmlt.adv.evasion.advlib_attacks package
  • Submodules
  • secmlt.adv.evasion.advlib_attacks.advlib_base module
    • BaseAdvLibEvasionAttack
  • secmlt.adv.evasion.advlib_attacks.advlib_ddn module
    • DDNAdvLib
      • DDNAdvLib.get_perturbation_models()
  • secmlt.adv.evasion.advlib_attacks.advlib_fmn module
    • FMNAdvLib
      • FMNAdvLib.get_perturbation_models()
  • secmlt.adv.evasion.advlib_attacks.advlib_pgd module
    • PGDAdvLib
      • PGDAdvLib.get_perturbation_models()
  • Module contents
• secmlt.adv.evasion.aggregators package
  • Submodules
  • secmlt.adv.evasion.aggregators.ensemble module
    • Ensemble
    • FixedEpsilonEnsemble
    • MinDistanceEnsemble
  • Module contents
• secmlt.adv.evasion.foolbox_attacks package
  • Submodules
  • secmlt.adv.evasion.foolbox_attacks.foolbox_base module
    • BaseFoolboxEvasionAttack
  • secmlt.adv.evasion.foolbox_attacks.foolbox_ddn module
    • DDNFoolbox
      • DDNFoolbox.get_perturbation_models()
  • secmlt.adv.evasion.foolbox_attacks.foolbox_fmn module
    • FMNFoolbox
      • FMNFoolbox.get_perturbation_models()
  • secmlt.adv.evasion.foolbox_attacks.foolbox_pgd module
    • PGDFoolbox
      • PGDFoolbox.get_perturbation_models()
  • Module contents
• secmlt.adv.evasion.modular_attacks package
  • Submodules
  • secmlt.adv.evasion.modular_attacks.eot_gradient module
    • EoTGradientMixin
  • secmlt.adv.evasion.modular_attacks.modular_attack module
    • ModularEvasionAttack
      • ModularEvasionAttack.forward_loss()
      • ModularEvasionAttack.loss_function
      • ModularEvasionAttack.manipulation_function
  • secmlt.adv.evasion.modular_attacks.modular_attack_fixed_eps module
    • ModularEvasionAttackFixedEps
  • secmlt.adv.evasion.modular_attacks.modular_attack_min_distance module
    • ModularEvasionAttackMinDistance
  • Module contents

Submodules

secmlt.adv.evasion.base_evasion_attack module

Base classes for implementing attacks and wrapping backends.

class secmlt.adv.evasion.base_evasion_attack.BaseEvasionAttack

Bases: object

Base class for evasion attacks.

classmethod check_perturbation_model_available(perturbation_model: str) → bool

Check whether the given perturbation model is available for the attack.

Parameters:

perturbation_model (str) – A perturbation model.

Returns:

True if the attack implements the given perturbation model.

Return type:

bool

Raises:

NotImplementedError – Raises NotImplementedError if not implemented in the inherited class.

abstract static get_perturbation_models() → set[str]

Check the perturbation models implemented for the given attack.

Returns:

The set of perturbation models for which the attack is implemented.

Return type:

set[str]

Raises:

NotImplementedError – Raises NotImplementedError if not implemented in the inherited class.

property trackers: list[Tracker] | None

Get the trackers set for this attack.

Returns:

Trackers set for the attack, if any.

Return type:

list[Tracker] | None

class secmlt.adv.evasion.base_evasion_attack.BaseEvasionAttackCreator

Bases: object

Generic creator for evasion attacks.

classmethod check_backend_available(backend: str) → bool

Check if a given backend is available for the attack.

Parameters:

backend (str) – Backend string.

Returns:

True if the given backend is implemented.

Return type:

bool

Raises:

NotImplementedError – Raises NotImplementedError if the requested backend is not in the list of the possible backends (check secmlt.adv.backends).

classmethod get_advlib_implementation() → BaseEvasionAttack

Get the Adversarial Library implementation of the attack.

Returns:

Adversarial Library implementation of the attack.

Return type:

BaseEvasionAttack

Raises:

ImportError – Raises ImportError if Adversarial Library extra is not installed.

abstract static get_backends() → set[str]

Get the available backends for the given attack.

Returns:

Set of implemented backends available for the attack.

Return type:

set[str]

Raises:

NotImplementedError – Raises NotImplementedError if not implemented in the inherited class.

classmethod get_foolbox_implementation() → BaseEvasionAttack

Get the Foolbox implementation of the attack.

Returns:

Foolbox implementation of the attack.

Return type:

BaseEvasionAttack

Raises:

ImportError – Raises ImportError if Foolbox extra is not installed.

classmethod get_implementation(backend: str) → BaseEvasionAttack

Get the implementation of the attack with the given backend.

Parameters:

backend (str) – The backend for the attack. See secmlt.adv.backends for available backends.

Returns:

Attack implementation.

Return type:

BaseEvasionAttack

secmlt.adv.evasion.ddn module

Decoupled Direction and Norm (DDN) attack implementation.

class secmlt.adv.evasion.ddn.DDN(num_steps: int, eps_init: float = 0.03137254901960784, gamma: float = 0.05, y_target: int | None = None, lb: float = 0.0, ub: float = 1.0, backend: str = 'native', trackers: list[Tracker] | None = None, **kwargs)

Bases: BaseEvasionAttackCreator

Creator for the Decoupled Direction and Norm (DDN) attack.

static get_backends() → list[str]

Get available implementations for the DDN attack.

class secmlt.adv.evasion.ddn.DDNNative(num_steps: int, eps_init: float = 0.03137254901960784, gamma: float = 0.05, y_target: int | None = None, lb: float = 0.0, ub: float = 1.0, trackers: list[Tracker] | None = None, **kwargs)

Bases: ModularEvasionAttackMinDistance

Native implementation of the Decoupled Direction and Norm (DDN) attack.

classmethod get_perturbation_models() → set[str]

Check if a given perturbation model is implemented.

Returns:

Set of perturbation models available for this attack.

Return type:

set[str]

secmlt.adv.evasion.fmn module

Implementations of the Fast Minimum-Norm evasion attack.

class secmlt.adv.evasion.fmn.FMN(perturbation_model: str, num_steps: int, step_size: float, min_step_size: float | None = None, gamma: float = 0.05, y_target: int | None = None, lb: float = 0.0, ub: float = 1.0, backend: str = 'native', trackers: list[Tracker] | None = None, **kwargs)

Bases: BaseEvasionAttackCreator

Creator for the Fast Minimum-Norm (FMN) attack.

static get_backends() → list[str]

Get available implementations for the FMN attack.

class secmlt.adv.evasion.fmn.FMNNative(perturbation_model: str, num_steps: int, max_step_size: float, y_target: int | None = None, lb: float = 0.0, ub: float = 1.0, trackers: list[Tracker] | None = None, gamma: float = 0.05, min_step_size: float | None = None)

Bases: ModularEvasionAttackMinDistance

Native implementation of the Fast Minimum-Norm attack.

classmethod get_perturbation_models() → set[str]

Check if a given perturbation model is implemented.

Returns:

Set of perturbation models available for this attack.

Return type:

set[str]

secmlt.adv.evasion.perturbation_models module

Implementation of perturbation models for perturbations of adversarial examples.

class secmlt.adv.evasion.perturbation_models.LpPerturbationModels

Bases: object

Lp perturbation models.

L0 = 'l0'

L1 = 'l1'

L2 = 'l2'

LINF = 'linf'

dual_norms: ClassVar[dict[str, float]] = {'l0': None, 'l1': inf, 'l2': 2, 'linf': 1}

classmethod get_dual(perturbation_model: str) → float

Get the float representation of p from the given string.

Parameters:

perturbation_model (str) – One of the strings defined in PerturbationModels.pert_models.

Returns:

The float representation of p, to use. e.g., in torch.norm(p=…).

Return type:

float

Raises:

ValueError – Raises ValueError if the norm given is not in PerturbationModels.pert_models

classmethod get_p(perturbation_model: str) → float

Get the float representation of p from the given string.

Parameters:

perturbation_model (str) – One of the strings defined in PerturbationModels.pert_models.

Returns:

The float representation of p, to use. e.g., in torch.norm(p=…).

Return type:

float

Raises:

ValueError – Raises ValueError if the norm given is not in PerturbationModels.pert_models

classmethod is_perturbation_model_available(perturbation_model: str) → bool

Check availability of the perturbation model requested.

Parameters:

perturbation_model (str) – A perturbation model as a string.

Returns:

True if the perturbation model is found in PerturbationModels.pert_models.

Return type:

bool

pert_models: ClassVar[dict[str, float]] = {'l0': 0, 'l1': 1, 'l2': 2, 'linf': inf}

secmlt.adv.evasion.pgd module

Implementations of the Projected Gradient Descent evasion attack.

class secmlt.adv.evasion.pgd.PGD(perturbation_model: str, epsilon: float, num_steps: int, step_size: float, random_start: bool = False, y_target: int | None = None, lb: float = 0.0, ub: float = 1.0, backend: str = 'foolbox', trackers: list[Tracker] | None = None, **kwargs)

Bases: BaseEvasionAttackCreator

Creator for the Projected Gradient Descent (PGD) attack.

static get_backends() → list[str]

Get available implementations for the PGD attack.

class secmlt.adv.evasion.pgd.PGDNative(perturbation_model: str, epsilon: float, num_steps: int, step_size: float, random_start: bool, y_target: int | None = None, lb: float = 0.0, ub: float = 1.0, trackers: list[Tracker] | None = None, **kwargs)

Bases: ModularEvasionAttackFixedEps

Native implementation of the Projected Gradient Descent attack.

classmethod get_perturbation_models() → set[str]

Check if a given perturbation model is implemented.

Returns:

Set of perturbation models available for this attack.

Return type:

set[str]

Module contents

Evasion attack functionalities.