Example #1
0
def get_attack(attack, fmodel):
    args = []
    kwargs = {}
    # L0
    if attack == 'SAPA':
        A = fa.SaltAndPepperNoiseAttack()
    elif attack == 'PA':
        A = fa.L1BrendelBethgeAttack()

    # L2
    elif 'IGD' in attack:
        A = fa.L2BasicIterativeAttack()
    elif attack == 'AGNA':
        A = fa.L2AdditiveGaussianNoiseAttack()
    elif attack == 'BA':
        A = fa.BoundaryAttack()
    elif 'DeepFool' in attack:
        A = fa.L2DeepFoolAttack()
    elif attack == 'PAL2':
        A = fa.L2BrendelBethgeAttack()
    elif attack == "CWL2":
        A = fa.L2CarliniWagnerAttack()

    # L inf
    elif 'FGSM' in attack and not 'IFGSM' in attack:
        A = fa.FGSM()
    elif 'PGD' in attack:
        A = fa.LinfPGD()
    elif 'IGM' in attack:
        A = fa.LinfBrendelBethgeAttack()
    else:
        raise Exception('Not implemented')
    return A, 0, 0, 0
Example #2
0
def get_attack(attack, fmodel):
    args = []
    kwargs = {}
    # L0
    if attack == 'SAPA':
        metric = foolbox.distances.L0
        A = fa.SaltAndPepperNoiseAttack(fmodel, distance = metric)
    elif attack == 'PA':
        metric = foolbox.distances.L0
        A = fa.PointwiseAttack(fmodel, distance = metric)

    # L2
    elif 'IGD' in attack:
        metric = foolbox.distances.MSE
        A = fa.L2BasicIterativeAttack(fmodel, distance = metric)
        # kwargs['epsilons'] = 1.5
    elif attack == 'AGNA':
        metric = foolbox.distances.MSE
        kwargs['epsilons'] = np.linspace(0.5, 1, 50)
        A = fa.AdditiveGaussianNoiseAttack(fmodel, distance = metric)
    elif attack == 'BA':
        metric = foolbox.distances.MSE
        A = fa.BoundaryAttack(fmodel, distance = metric)
        kwargs['log_every_n_steps'] = 500001
    elif 'DeepFool' in attack:
        metric = foolbox.distances.MSE
        A = fa.DeepFoolL2Attack(fmodel, distance = metric)
    elif attack == 'PAL2':
        metric = foolbox.distances.MSE
        A = fa.PointwiseAttack(fmodel, distance = metric)
    elif attack == "CWL2":
        metric = foolbox.distances.MSE
        A = fa.CarliniWagnerL2Attack(fmodel, distance = metric)

    # L inf
    elif 'FGSM' in attack and not 'IFGSM' in attack:
        metric = foolbox.distances.Linf
        A = fa.FGSM(fmodel, distance = metric)
        kwargs['epsilons'] = 20
    elif 'PGD' in attack:
        metric = foolbox.distances.Linf
        A = fa.LinfinityBasicIterativeAttack(fmodel, distance = metric)
    elif 'IGM' in attack:
        metric = foolbox.distances.Linf
        A = fa.MomentumIterativeAttack(fmodel, distance = metric)
    else:
        raise Exception('Not implemented')
    return A, metric, args, kwargs
Example #3
0
                  steps=20,
                  decision_rule="L1",
                  regularization=0),
     uses_grad=True,
 ),
 AttackTestTarget(fa.NewtonFoolAttack(steps=20), uses_grad=True),
 AttackTestTarget(fa.VirtualAdversarialAttack(steps=50, xi=1),
                  10,
                  uses_grad=True),
 AttackTestTarget(fa.PGD(), Linf(1.0), uses_grad=True),
 AttackTestTarget(fa.L2PGD(), L2(50.0), uses_grad=True),
 AttackTestTarget(fa.L1PGD(), 5000.0, uses_grad=True),
 AttackTestTarget(fa.LinfBasicIterativeAttack(abs_stepsize=0.2),
                  Linf(1.0),
                  uses_grad=True),
 AttackTestTarget(fa.L2BasicIterativeAttack(), L2(50.0), uses_grad=True),
 AttackTestTarget(fa.L1BasicIterativeAttack(), 5000.0, uses_grad=True),
 AttackTestTarget(fa.SparseL1DescentAttack(), 5000.0, uses_grad=True),
 AttackTestTarget(fa.FGSM(), Linf(100.0), uses_grad=True),
 AttackTestTarget(FGSM_GE(), Linf(100.0)),
 AttackTestTarget(fa.FGM(), L2(100.0), uses_grad=True),
 AttackTestTarget(fa.L1FastGradientAttack(), 5000.0, uses_grad=True),
 AttackTestTarget(fa.GaussianBlurAttack(steps=10),
                  uses_grad=True,
                  requires_real_model=True),
 AttackTestTarget(
     fa.GaussianBlurAttack(steps=10, max_sigma=224.0),
     uses_grad=True,
     requires_real_model=True,
 ),
 AttackTestTarget(fa.L2DeepFoolAttack(steps=50, loss="logits"),
Example #4
0
 ),
 (
     fa.EADAttack(binary_search_steps=3,
                  steps=20,
                  decision_rule="L1",
                  regularization=0),
     None,
     True,
     False,
 ),
 (fa.NewtonFoolAttack(steps=20), None, True, False),
 (fa.VirtualAdversarialAttack(steps=50, xi=1), 10, True, False),
 (fa.PGD(), Linf(1.0), True, False),
 (fa.L2PGD(), L2(50.0), True, False),
 (fa.LinfBasicIterativeAttack(abs_stepsize=0.2), Linf(1.0), True, False),
 (fa.L2BasicIterativeAttack(), L2(50.0), True, False),
 (fa.FGSM(), Linf(100.0), True, False),
 (fa.FGM(), L2(100.0), True, False),
 (fa.GaussianBlurAttack(steps=10), None, True, True),
 (fa.GaussianBlurAttack(steps=10, max_sigma=224.0), None, True, True),
 (fa.L2DeepFoolAttack(steps=50, loss="logits"), None, True, False),
 (fa.L2DeepFoolAttack(steps=50, loss="crossentropy"), None, True, False),
 (fa.LinfDeepFoolAttack(steps=50), None, True, False),
 (fa.BoundaryAttack(steps=50), None, False, False),
 (
     fa.BoundaryAttack(
         steps=110,
         init_attack=fa.LinearSearchBlendedUniformNoiseAttack(steps=50),
         update_stats_every_k=1,
     ),
     None,