def __init__( self, estimator: Union["CLASSIFIER_LOSS_GRADIENTS_TYPE", "OBJECT_DETECTOR_TYPE"], norm: Union[int, float, str] = np.inf, eps: Union[int, float, np.ndarray] = 0.3, eps_step: Union[int, float, np.ndarray] = 0.1, max_iter: int = 100, targeted: bool = False, num_random_init: int = 0, batch_size: int = 32, random_eps: bool = False, summary_writer: Union[str, bool, SummaryWriter] = False, verbose: bool = True, ): """ Create a :class:`.ProjectedGradientDescent` instance. :param estimator: An trained estimator. :param norm: The norm of the adversarial perturbation supporting "inf", np.inf, 1 or 2. :param eps: Maximum perturbation that the attacker can introduce. :param eps_step: Attack step size (input variation) at each iteration. :param random_eps: When True, epsilon is drawn randomly from truncated normal distribution. The literature suggests this for FGSM based training to generalize across different epsilons. eps_step is modified to preserve the ratio of eps / eps_step. The effectiveness of this method with PGD is untested (https://arxiv.org/pdf/1611.01236.pdf). :param max_iter: The maximum number of iterations. :param targeted: Indicates whether the attack is targeted (True) or untargeted (False). :param num_random_init: Number of random initialisations within the epsilon ball. For num_random_init=0 starting at the original input. :param batch_size: Size of the batch on which adversarial samples are generated. :param summary_writer: Activate summary writer for TensorBoard. Default is `False` and deactivated summary writer. If `True` save runs/CURRENT_DATETIME_HOSTNAME in current directory. If of type `str` save in path. If of type `SummaryWriter` apply provided custom summary writer. Use hierarchical folder structure to compare between runs easily. e.g. pass in ‘runs/exp1’, ‘runs/exp2’, etc. for each new experiment to compare across them. :param verbose: Show progress bars. """ super().__init__(estimator=estimator, summary_writer=False) self.norm = norm self.eps = eps self.eps_step = eps_step self.max_iter = max_iter self.targeted = targeted self.num_random_init = num_random_init self.batch_size = batch_size self.random_eps = random_eps self.verbose = verbose ProjectedGradientDescent._check_params(self) self._attack: Union[ProjectedGradientDescentPyTorch, ProjectedGradientDescentTensorFlowV2, ProjectedGradientDescentNumpy] if isinstance(self.estimator, PyTorchClassifier ) and self.estimator.all_framework_preprocessing: self._attack = ProjectedGradientDescentPyTorch( estimator=estimator, # type: ignore norm=norm, eps=eps, eps_step=eps_step, max_iter=max_iter, targeted=targeted, num_random_init=num_random_init, batch_size=batch_size, random_eps=random_eps, summary_writer=summary_writer, verbose=verbose, ) elif isinstance(self.estimator, TensorFlowV2Classifier ) and self.estimator.all_framework_preprocessing: self._attack = ProjectedGradientDescentTensorFlowV2( estimator=estimator, # type: ignore norm=norm, eps=eps, eps_step=eps_step, max_iter=max_iter, targeted=targeted, num_random_init=num_random_init, batch_size=batch_size, random_eps=random_eps, summary_writer=summary_writer, verbose=verbose, ) else: self._attack = ProjectedGradientDescentNumpy( estimator=estimator, norm=norm, eps=eps, eps_step=eps_step, max_iter=max_iter, targeted=targeted, num_random_init=num_random_init, batch_size=batch_size, random_eps=random_eps, summary_writer=summary_writer, verbose=verbose, )
def __init__( self, estimator, norm: int = np.inf, eps: float = 0.3, eps_step: float = 0.1, max_iter: int = 100, targeted: bool = False, num_random_init: int = 0, batch_size: int = 32, random_eps: bool = False, ): """ Create a :class:`.ProjectedGradientDescent` instance. :param estimator: An trained estimator. :param norm: The norm of the adversarial perturbation supporting np.inf, 1 or 2. :param eps: Maximum perturbation that the attacker can introduce. :param eps_step: Attack step size (input variation) at each iteration. :param random_eps: When True, epsilon is drawn randomly from truncated normal distribution. The literature suggests this for FGSM based training to generalize across different epsilons. eps_step is modified to preserve the ratio of eps / eps_step. The effectiveness of this method with PGD is untested (https://arxiv.org/pdf/1611.01236.pdf). :param max_iter: The maximum number of iterations. :param targeted: Indicates whether the attack is targeted (True) or untargeted (False). :param num_random_init: Number of random initialisations within the epsilon ball. For num_random_init=0 starting at the original input. :param batch_size: Size of the batch on which adversarial samples are generated. """ super(ProjectedGradientDescent, self).__init__(estimator=estimator) self.norm = norm self.eps = eps self.eps_step = eps_step self.max_iter = max_iter self.targeted = targeted self.num_random_init = num_random_init self.batch_size = batch_size self.random_eps = random_eps ProjectedGradientDescent._check_params(self) no_preprocessing = self.estimator.preprocessing is None or ( np.all(self.estimator.preprocessing[0] == 0) and np.all(self.estimator.preprocessing[1] == 1)) no_defences = not self.estimator.preprocessing_defences and not self.estimator.postprocessing_defences self._attack: Union[ProjectedGradientDescentPyTorch, ProjectedGradientDescentTensorFlowV2, ProjectedGradientDescentNumpy] if isinstance(self.estimator, PyTorchClassifier) and no_preprocessing and no_defences: self._attack = ProjectedGradientDescentPyTorch( estimator=estimator, norm=norm, eps=eps, eps_step=eps_step, max_iter=max_iter, targeted=targeted, num_random_init=num_random_init, batch_size=batch_size, random_eps=random_eps, ) elif isinstance( self.estimator, TensorFlowV2Classifier) and no_preprocessing and no_defences: self._attack = ProjectedGradientDescentTensorFlowV2( estimator=estimator, norm=norm, eps=eps, eps_step=eps_step, max_iter=max_iter, targeted=targeted, num_random_init=num_random_init, batch_size=batch_size, random_eps=random_eps, ) else: self._attack = ProjectedGradientDescentNumpy( estimator=estimator, norm=norm, eps=eps, eps_step=eps_step, max_iter=max_iter, targeted=targeted, num_random_init=num_random_init, batch_size=batch_size, random_eps=random_eps, )