secmlt.adv.evasion.foolbox_attacks package

Submodules

secmlt.adv.evasion.foolbox_attacks.foolbox_base module

Generic wrapper for Foolbox evasion attacks.

class secmlt.adv.evasion.foolbox_attacks.foolbox_base.BaseFoolboxEvasionAttack(foolbox_attack: type[foolbox.attacks.base.Attack], epsilon: float = torch.inf, y_target: int | None = None, lb: float = 0.0, ub: float = 1.0, trackers: type[secmlt.trackers.tracker.Tracker] | None = None)[source]

Bases: BaseEvasionAttack

Generic wrapper for Foolbox Evasion attacks.

__init__(foolbox_attack: type[foolbox.attacks.base.Attack], epsilon: float = torch.inf, y_target: int | None = None, lb: float = 0.0, ub: float = 1.0, trackers: type[secmlt.trackers.tracker.Tracker] | None = None) None[source]

Wrap Foolbox attacks.

Parameters:

  • foolbox_attack (Type[Attack]) – Foolbox attack class to wrap.

  • epsilon (float, optional) – Perturbation constraint, by default torch.inf.

  • y_target (int | None, optional) – Target label for the attack, None if untargeted, by default None.

  • lb (float, optional) – Lower bound of the input space, by default 0.0.

  • ub (float, optional) – Upper bound of the input space, by default 1.0.

  • trackers (type[TRACKER_TYPE] | None, optional) – Trackers for the attack (unallowed in Foolbox), by default None.

secmlt.adv.evasion.foolbox_attacks.foolbox_pgd module

Wrapper of the PGD attack implemented in Foolbox.

class secmlt.adv.evasion.foolbox_attacks.foolbox_pgd.PGDFoolbox(perturbation_model: str, epsilon: float, num_steps: int, step_size: float, random_start: bool, y_target: int | None = None, lb: float = 0.0, ub: float = 1.0, **kwargs)[source]

Bases: BaseFoolboxEvasionAttack

Wrapper of the Foolbox implementation of the PGD attack.

__init__(perturbation_model: str, epsilon: float, num_steps: int, step_size: float, random_start: bool, y_target: int | None = None, lb: float = 0.0, ub: float = 1.0, **kwargs) None[source]

Create PGD attack with Foolbox backend.

Parameters:

  • perturbation_model (str) – Perturbation model for the attack.

  • epsilon (float) – Maximum perturbation allowed.

  • num_steps (int) – Number of iterations for the attack.

  • step_size (float) – Attack step size.

  • random_start (bool) – True for randomly initializing the perturbation.

  • y_target (int | None, optional) – Target label for the attack, None for untargeted, by default None.

  • lb (float, optional) – Lower bound of the input space, by default 0.0.

  • ub (float, optional) – Upper bound of the input space, by default 1.0.

static get_perturbation_models() set[str][source]

Check the perturbation models implemented for this attack.

Returns:

The list of perturbation models implemented for this attack.

Return type:

set[str]

Module contents

Wrappers of Foolbox library for evasion attacks.