Other attacks¶
-
class
foolbox.attacks.
BinarizationRefinementAttack
(model=None, criterion=<foolbox.criteria.Misclassification object>, distance=<class 'foolbox.distances.MeanSquaredDistance'>, threshold=None)[source]¶ For models that preprocess their inputs by binarizing the inputs, this attack can improve adversarials found by other attacks. It does os by utilizing information about the binarization and mapping values to the corresponding value in the clean input or to the right side of the threshold.
-
as_generator
(self, a, starting_point=None, threshold=None, included_in='upper')[source]¶ For models that preprocess their inputs by binarizing the inputs, this attack can improve adversarials found by other attacks. It does this by utilizing information about the binarization and mapping values to the corresponding value in the clean input or to the right side of the threshold.
Parameters: - input_or_adv : numpy.ndarray or
Adversarial
The original, unperturbed input as a numpy.ndarray or an
Adversarial
instance.- label : int
The reference label of the original input. Must be passed if a is a numpy.ndarray, must not be passed if a is an
Adversarial
instance.- unpack : bool
If true, returns the adversarial input, otherwise returns the Adversarial object.
- starting_point : numpy.ndarray
Adversarial input to use as a starting point.
- threshold : float
The treshold used by the models binarization. If none, defaults to (model.bounds()[1] - model.bounds()[0]) / 2.
- included_in : str
Whether the threshold value itself belongs to the lower or upper interval.
- input_or_adv : numpy.ndarray or
-
-
class
foolbox.attacks.
PrecomputedAdversarialsAttack
(model=None, criterion=<foolbox.criteria.Misclassification object>, distance=<class 'foolbox.distances.MeanSquaredDistance'>, threshold=None)[source]¶ Attacks a model using precomputed adversarial candidates.
-
as_generator
(self, a, candidate_inputs, candidate_outputs)[source]¶ Attacks a model using precomputed adversarial candidates.
Parameters: - input_or_adv : numpy.ndarray or
Adversarial
The original, unperturbed input as a numpy.ndarray or an
Adversarial
instance.- label : int
The reference label of the original input. Must be passed if a is a numpy.ndarray, must not be passed if a is an
Adversarial
instance.- unpack : bool
If true, returns the adversarial input, otherwise returns the Adversarial object.
- candidate_inputs : numpy.ndarray
The original inputs that will be expected by this attack.
- candidate_outputs : numpy.ndarray
The adversarial candidates corresponding to the inputs.
- input_or_adv : numpy.ndarray or
-
-
class
foolbox.attacks.
InversionAttack
(model=None, criterion=<foolbox.criteria.Misclassification object>, distance=<class 'foolbox.distances.MeanSquaredDistance'>, threshold=None)[source]¶ Creates “negative images” by inverting the pixel values according to [R57cf8375f1ff-1].
References
[R57cf8375f1ff-1] Hossein Hosseini, Baicen Xiao, Mayoore Jaiswal, Radha Poovendran, “On the Limitation of Convolutional Neural Networks in Recognizing Negative Images”,
-
as_generator
(self, a)[source]¶ Creates “negative images” by inverting the pixel values.
Parameters: - inputs : numpy.ndarray
Batch of inputs with shape as expected by the underlying model.
- labels : numpy.ndarray
Class labels of the inputs as a vector of integers in [0, number of classes).
- unpack : bool
If true, returns the adversarial inputs as an array, otherwise returns Adversarial objects.
-