secmlt.adv.evasion.aggregators package

Submodules

secmlt.adv.evasion.aggregators.ensemble module

Ensemble metrics for getting best results across multiple attacks.

class secmlt.adv.evasion.aggregators.ensemble.Ensemble[source]

Bases: ABC

Abstract class for creating an ensemble metric.

__call__(model: BaseModel, data_loader: torch.utils.data.DataLoader, adv_loaders: list[torch.utils.data.DataLoader]) torch.utils.data.DataLoader.torch.Tuple.torch.Tensor[source]

Get the worst-case of the metric with the given implemented criterion.

Parameters:

  • model (BaseModel) – Model to use for predictions.

  • data_loader (DataLoader) – Test dataloader.

  • adv_loaders (list[DataLoader]) – List of dataloaders returned by multiple attacks.

Returns:

The worst-case metric computed on the multiple attacks.

Return type:

DataLoader[torch.Tuple[torch.Tensor]]

abstract _get_best(model: BaseModel, samples: torch.Tensor, labels: torch.Tensor, x_adv: torch.Tensor, best_x_adv: torch.Tensor) torch.Tensor[source]

Get the best result from multiple attacks.

Parameters:

  • model (BaseModel) – Model to use to predict.

  • samples (torch.Tensor) – Input samples.

  • labels (torch.Tensor) – Labels for the samples.

  • x_adv (torch.Tensor) – Adversarial examples.

  • best_x_adv (torch.Tensor) – Best adversarial examples found so far.

Returns:

Best adversarial examples between the current x_adv and the ones already tested on the given model.

Return type:

torch.Tensor

class secmlt.adv.evasion.aggregators.ensemble.FixedEpsilonEnsemble(loss_fn: torch.nn.Module, maximize: bool = True, y_target: torch.Tensor | None = None)[source]

Bases: Ensemble

Wrapper for ensembling results of multiple fixed-epsilon attacks.

__init__(loss_fn: torch.nn.Module, maximize: bool = True, y_target: torch.Tensor | None = None) None[source]

Create fixed epsilon ensemble.

Parameters:

  • loss_fn (torch.nn.Module) – Loss function to maximize (or minimize).

  • maximize (bool, optional) – If True maximizes the loss otherwise it minimizes it, by default True.

  • y_target (torch.Tensor | None, optional) – Target label for targeted attacks, None for untargeted, by default None.

_get_best(model: BaseModel, samples: torch.Tensor, labels: torch.Tensor, x_adv: torch.Tensor, best_x_adv: torch.Tensor) torch.Tensor[source]

Get the adversarial examples with maximum (or minimum) loss.

Parameters:

  • model (BaseModel) – Model to use to predict.

  • samples (torch.Tensor) – Input samples.

  • labels (torch.Tensor) – Labels for the samples.

  • x_adv (torch.Tensor) – Adversarial examples.

  • best_x_adv (torch.Tensor) – Best adversarial examples found so far.

Returns:

The maximum-loss adversarial examples found so far.

Return type:

torch.Tensor

class secmlt.adv.evasion.aggregators.ensemble.MinDistanceEnsemble(perturbation_model: str)[source]

Bases: Ensemble

Wrapper for ensembling results of multiple minimum-distance attacks.

__init__(perturbation_model: str) None[source]

Create MinDistance Ensemble.

Parameters:

perturbation_model (str) – Perturbation model to use to compute the distance.

_get_best(model: BaseModel, samples: torch.Tensor, labels: torch.Tensor, x_adv: torch.Tensor, best_x_adv: torch.Tensor) torch.Tensor[source]

Get the adversarial examples with minimal perturbation.

Parameters:

  • model (BaseModel) – Model to use to predict.

  • samples (torch.Tensor) – Input samples.

  • labels (torch.Tensor) – Labels for the samples.

  • x_adv (torch.Tensor) – Adversarial examples.

  • best_x_adv (torch.Tensor) – Best adversarial examples found so far.

Returns:

The minimum-distance adversarial examples found so far.

Return type:

torch.Tensor

Module contents

Aggregator functions for multiple attacks or multiple attack runs.