secmlt.adv.evasion.advlib_attacks package

Submodules

secmlt.adv.evasion.advlib_attacks.advlib_base module

Generic wrapper for Adversarial Library evasion attacks.

class secmlt.adv.evasion.advlib_attacks.advlib_base.BaseAdvLibEvasionAttack(advlib_attack: Callable[[...], torch.Tensor], epsilon: float = torch.inf, y_target: int | None = None, loss_function: str = 'ce', lb: float = 0.0, ub: float = 1.0, trackers: type[secmlt.trackers.tracker.Tracker] | None = None)[source]

Bases: BaseEvasionAttack

Generic wrapper for Adversarial Library Evasion attacks.

__init__(advlib_attack: Callable[[...], torch.Tensor], epsilon: float = torch.inf, y_target: int | None = None, loss_function: str = 'ce', lb: float = 0.0, ub: float = 1.0, trackers: type[secmlt.trackers.tracker.Tracker] | None = None) None[source]

Wrap Adversarial Library attacks.

Parameters:

  • advlib_attack (Callable[..., torch.Tensor]) – The Adversarial Library attack function to wrap. The function returns the adversarial examples.

  • epsilon (float, optional) – The perturbation constraint. The default value is torch.inf, which means no constraint.

  • y_target (int | None, optional) – The target label for the attack. If None, the attack is untargeted. The default value is None.

  • loss_function (str, optional) – The loss function to be used for the attack. The default value is “ce”.

  • lb (float, optional) – The lower bound for the perturbation. The default value is 0.0.

  • ub (float, optional) – The upper bound for the perturbation. The default value is 1.0.

  • trackers (type[TRACKER_TYPE] | None, optional) – Trackers for the attack (unallowed in Adversarial Library), by default None.

secmlt.adv.evasion.advlib_attacks.advlib_pgd module

Wrapper of the PGD attack implemented in Adversarial Library.

class secmlt.adv.evasion.advlib_attacks.advlib_pgd.PGDAdvLib(perturbation_model: str, epsilon: float, num_steps: int, random_start: bool, step_size: float, restarts: int = 1, loss_function: str = 'ce', y_target: int | None = None, lb: float = 0.0, ub: float = 1.0, **kwargs)[source]

Bases: BaseAdvLibEvasionAttack

Wrapper of the Adversarial Library implementation of the PGD attack.

__init__(perturbation_model: str, epsilon: float, num_steps: int, random_start: bool, step_size: float, restarts: int = 1, loss_function: str = 'ce', y_target: int | None = None, lb: float = 0.0, ub: float = 1.0, **kwargs) None[source]

Initialize a PGD attack with the Adversarial Library backend.

Parameters:

  • perturbation_model (str) – The perturbation model to be used for the attack.

  • epsilon (float) – The maximum perturbation allowed.

  • num_steps (int) – The number of iterations for the attack.

  • random_start (bool) – If True, the perturbation will be randomly initialized.

  • step_size (float) – The attack step size.

  • restarts (int, optional) – The number of attack restarts. The default value is 1.

  • loss_function (str, optional) – The loss function to be used for the attack. The default value is “ce”.

  • y_target (int | None, optional) – The target label for the attack. If None, the attack is untargeted. The default value is None.

  • lb (float, optional) – The lower bound for the perturbation. The default value is 0.0.

  • ub (float, optional)

Raises:

ValueError – If the provided loss_function is not supported by the PGD attack using the Adversarial Library backend.

static get_perturbation_models() set[str][source]

Check the perturbation models implemented for this attack.

Returns:

The list of perturbation models implemented for this attack.

Return type:

set[str]

Module contents

Wrappers of Adversarial Library for evasion attacks.