perturbation module
Perturbation adaption APIs
- class perturbation.ArtEvasionAttack(name: str, attack: EvasionAttack, inputs_spec: ~armory.data.DataSpecification = <factory>, targets_spec: ~armory.data.DataSpecification = <factory>, generate_kwargs: ~typing.Dict[str, ~typing.Any] = <factory>, use_label_for_untargeted: bool = False, label_targeter: LabelTargeter | None = None)
Bases:
Trackable,PerturbationProtocolA perturbation using an evasion attack from the Adversarial Robustness Toolbox (ART).
Example:
from art.attacks.evasion import ProjectedGradientDescent from charmory.perturbation import ArtEvasionAttack perturb = ArtEvasionAttack( name="PGD", perturbation=ProjectedGradientDescent(classifier), use_label_for_untargeted=False, )
- apply(batch: Batch)
Applies a perturbation to the given batch
- attack: EvasionAttack
- generate_kwargs: Dict[str, Any]
Optional, additional keyword arguments to be used with the evasion attack’s generate method
- inputs_spec: DataSpecification
- label_targeter: LabelTargeter | None = None
Required when the attack is targeted, the label targeter generates the target label that is used as the y argument to the evasion attack’s generate method.
- name: str
Descriptive name of the attack
- property targeted: bool
Whether the attack is targeted. When an attack is targeted, it attempts to optimize the perturbation such that the model’s prediction of the perturbed input matches a desired (targeted) result. When untargeted, the attack may use the natural label as a hint of the prediction result to optimize _away from_.
- targets_spec: DataSpecification
Evasion attack instance
- use_label_for_untargeted: bool = False
When the attack is untargeted, set to True to use the natural labels as the y argument to the evasion attack’s generate method. When False, the y argument will be None.
- class perturbation.ArtPatchAttack(name: str, attack: EvasionAttack, inputs_spec: ~armory.data.DataSpecification = <factory>, targets_spec: ~armory.data.DataSpecification = <factory>, generate_kwargs: ~typing.Dict[str, ~typing.Any] = <factory>, use_label_for_untargeted: bool = False, label_targeter: LabelTargeter | None = None, generate_every_batch: bool = True, apply_patch_kwargs: ~typing.Dict[str, ~typing.Any] = <factory>)
Bases:
ArtEvasionAttackA perturbation using a patch evasion attack from the Adversarial Robustness Toolbox (ART).
Example:
from art.attacks.evasion import AdversarialPatch from charmory.perturbation import ArtPatchAttack perturb = ArtPatchAttack( name="Patch", perturbation=AdversarialPatch(classifier), use_label_for_untargeted=False, )
- apply(batch: Batch)
Applies a perturbation to the given batch
- apply_patch_kwargs: Dict[str, Any]
Optional, additional keyword arguments to be used with the patch attack’s apply_patch method
- generate(batch: Batch)
- generate_every_batch: bool = True
Optional, whether to generate the patch for each batch
- class perturbation.ArtPreprocessorDefence(name: str, defence: Preprocessor, inputs_spec: ~armory.data.DataSpecification = <factory>)
Bases:
Trackable,PerturbationProtocolA perturbation using a preprocessor defense from the Adversarial Robustness Toolbox (ART).
Example:
from art.defences.preprocessor import JpegCompression from charmory.perturbation import ArtPreprocessorDefence perturb = ArtPreprocessorDefence( name="JPEGCompression", defence=JpegCompression(), )
- apply(batch: Batch)
Applies a perturbation to the given batch
- defence: Preprocessor
ART preprocessor defence
- inputs_spec: DataSpecification
Data specification to use for obtaining raw model inputs from batches
- name: str
Descriptive name of the defence