Attacks Functions
Last updated
Was this helpful?
Last updated
Was this helpful?
Was this helpful?
Available functions:
fgsm(model, x, y, epsilon=0.01): Fast Gradient Sign Method (FGSM) attack.
pgd(model, x, y, epsilon=0.01, alpha=0.01, num_steps=10): Projected Gradient Descent (PGD) attack.
bim(model, x, y, epsilon=0.01, alpha=0.01, num_steps=10): Basic Iterative Method (BIM) attack.
cw(model, x, y, epsilon=0.01, c=1, kappa=0, num_steps=10, alpha=0.01): Carlini & Wagner (C&W) attack.
deepfool(model, x, y, num_steps=10): DeepFool attack.
jsma(model, x, y, theta=0.1, gamma=0.1, num_steps=10): Jacobian-based Saliency Map Attack (JSMA).
Fast Gradient Sign Method (FGSM) attack.
Parameters:
model (tensorflow.keras.Model): The target model to attack.
x (numpy.ndarray): The input example to attack.
y (numpy.ndarray): The true labels of the input example.
epsilon (float): The magnitude of the perturbation (default: 0.01).
Returns:
adversarial_example (numpy.ndarray): The perturbed input example.Projected Gradient Descent (PGD) attack.
Parameters:
model (tensorflow.keras.Model): The target model to attack.
x (numpy.ndarray): The input example to attack.
y (numpy.ndarray): The true labels of the input example.
epsilon (float): The maximum magnitude of the perturbation (default: 0.01).
alpha (float): The step size for each iteration (default: 0.01).
num_steps (int): The number of PGD iterations (default: 10).
Returns:
adversarial_example (numpy.ndarray): The perturbed input example.Basic Iterative Method (BIM) attack.
Parameters:
model (tensorflow.keras.Model): The target model to attack.
x (numpy.ndarray): The input example to attack.
y (numpy.ndarray): The true labels of the input example.
epsilon (float): The maximum magnitude of the perturbation (default: 0.01).
alpha (float): The step size for each iteration (default: 0.01).
num_steps (int): The number of BIM iterations (default: 10).
Returns:
adversarial_example (numpy.ndarray): The perturbed input example.Carlini & Wagner (C&W) attack.
Parameters:
model (tensorflow.keras.Model): The target model to attack.
x (numpy.ndarray): The input example to attack.
y (numpy.ndarray): The true labels of the input example.
epsilon (float): The maximum magnitude of the perturbation (default: 0.01).
c (float): The weight of the L2 norm of the perturbation (default: 1).
kappa (float): The confidence parameter (default: 0).
num_steps (int): The number of C&W iterations (default: 10).
alpha (float): The step size for each iteration (default: 0.01).
Returns:
adversarial_example (numpy.ndarray): The perturbed input example.Deepfool attack.
Parameters:
model (tensorflow.keras.Model): The target model to attack.
x (numpy.ndarray): The input example to attack.
y (numpy.ndarray): The true labels of the input example.
num_steps (int): The number of DeepFool iterations (default: 10).
Returns:
adversarial_example (numpy.ndarray): The perturbed input example.Jacobian-based Saliency Map Attack (JSMA) attack.
Parameters:
model (tensorflow.keras.Model): The target model to attack.
x (numpy.ndarray): The input example to attack.
y (numpy.ndarray): The true labels of the input example.
theta (float): The threshold for selecting pixels (default: 0.1).
gamma (float): The step size for each iteration (default: 0.1).
num_steps (int): The number of JSMA iterations (default: 10).
Returns:
adversarial_example (numpy.ndarray): The perturbed input example.