# Attacks Functions

**Available functions:**

* [`fgsm`](#fgsm)`(model, x, y, epsilon=0.01)`: Fast Gradient Sign Method (FGSM) attack.
* [`pgd`](#pgd)`(model, x, y, epsilon=0.01, alpha=0.01, num_steps=10)`: Projected Gradient Descent (PGD) attack.
* [`bim`](#bim)`(model, x, y, epsilon=0.01, alpha=0.01, num_steps=10)`: Basic Iterative Method (BIM) attack.
* [`cw`](#cw)`(model, x, y, epsilon=0.01, c=1, kappa=0, num_steps=10, alpha=0.01)`: Carlini & Wagner (C\&W) attack.
* [`deepfool`](#deepfool)`(model, x, y, num_steps=10)`: DeepFool attack.
* [`jsma`](#jsma)`(model, x, y, theta=0.1, gamma=0.1, num_steps=10)`: Jacobian-based Saliency Map Attack (JSMA).
* [`spsa`](#spsa)`(model, x, y, epsilon=0.01, num_steps=10)`: Simultaneous Perturbation Stochastic Approximation (SPSA) attack.
* [`mim`](#mim)`(model, x, y, epsilon=0.01, alpha=0.01, num_steps=10, decay_factor=1.0)`: Momentum Iterative Method (MIM) attack.
* [`ead`](#ead)`(model, x, y, epsilon=0.01, beta=0.01, num_steps=10, alpha=0.01)`: Elastic Net Attack (EAD).
* [`word_swap`](#word-swap)`(text, swap_dict=None)`: Simple word swap attack for text.
* [`char_swap`](#character-swap)`(text, swap_prob=0.1)`: Simple character swap attack for text.

***

### FGSM

Fast Gradient Sign Method (FGSM) attack.

```
Parameters:
    model (tensorflow.keras.Model): The target model to attack.
    x (numpy.ndarray): The input example to attack.
    y (numpy.ndarray): The true labels of the input example.
    epsilon (float): The magnitude of the perturbation (default: 0.01).

Returns:
    adversarial_example (numpy.ndarray): The perturbed input example.
```

### PGD

Projected Gradient Descent (PGD) attack.

```
Parameters:
    model (tensorflow.keras.Model): The target model to attack.
    x (numpy.ndarray): The input example to attack.
    y (numpy.ndarray): The true labels of the input example.
    epsilon (float): The maximum magnitude of the perturbation (default: 0.01).
    alpha (float): The step size for each iteration (default: 0.01).
    num_steps (int): The number of PGD iterations (default: 10).

Returns:
    adversarial_example (numpy.ndarray): The perturbed input example.
```

### BIM

Basic Iterative Method (BIM) attack.

```
Parameters:
    model (tensorflow.keras.Model): The target model to attack.
    x (numpy.ndarray): The input example to attack.
    y (numpy.ndarray): The true labels of the input example.
    epsilon (float): The maximum magnitude of the perturbation (default: 0.01).
    alpha (float): The step size for each iteration (default: 0.01).
    num_steps (int): The number of BIM iterations (default: 10).

Returns:
    adversarial_example (numpy.ndarray): The perturbed input example.
```

### CW

Carlini & Wagner (C\&W) attack.

```
Parameters:
        model (tensorflow.keras.Model): The target model to attack.
        x (numpy.ndarray): The input example to attack.
        y (numpy.ndarray): The true labels of the input example.
        epsilon (float): The maximum magnitude of the perturbation (default: 0.01).
        c (float): The weight of the L2 norm of the perturbation (default: 1).
        kappa (float): The confidence parameter (default: 0).
        num_steps (int): The number of C&W iterations (default: 10).
        alpha (float): The step size for each iteration (default: 0.01).

Returns:
        adversarial_example (numpy.ndarray): The perturbed input example.
```

### Deepfool

Deepfool attack.

```
Parameters:
        model (tensorflow.keras.Model): The target model to attack.
        x (numpy.ndarray): The input example to attack.
        y (numpy.ndarray): The true labels of the input example.
        num_steps (int): The number of DeepFool iterations (default: 10).

Returns:
        adversarial_example (numpy.ndarray): The perturbed input example.
```

### JSMA

Jacobian-based Saliency Map Attack (JSMA) attack.

```
Parameters:
        model (tensorflow.keras.Model): The target model to attack.
        x (numpy.ndarray): The input example to attack.
        y (numpy.ndarray): The true labels of the input example.
        theta (float): The threshold for selecting pixels (default: 0.1).
        gamma (float): The step size for each iteration (default: 0.1).
        num_steps (int): The number of JSMA iterations (default: 10).

Returns:
        adversarial_example (numpy.ndarray): The perturbed input example.
```

### SPSA

Simultaneous Perturbation Stochastic Approximation (SPSA) attack.

```
Parameters:
        model (tensorflow.keras.Model): The target model to attack.
        x (numpy.ndarray): The input example to attack.
        y (numpy.ndarray): The true labels of the input example.
        epsilon (float): The magnitude of the perturbation (default: 0.01).
        num_steps (int): The number of SPSA iterations (default: 10).
        learning_rate (float): The learning rate for the ADAM optimizer (default: 0.01).
        delta (float): The perturbation size for SPSA (default: 0.01).
        spsa_samples (int): The number of samples for SPSA (default: 128).

Returns:
        adversarial_example (numpy.ndarray): The perturbed input example.
```

### MIM

Momentum Iterative Method (MIM) attack.

```
Parameters:
        model (tensorflow.keras.Model): The target model to attack.
        x (numpy.ndarray): The input example to attack.
        y (numpy.ndarray): The true labels of the input example.
        epsilon (float): The maximum magnitude of the perturbation (default: 0.01).
        alpha (float): The step size for each iteration (default: 0.01).
        num_steps (int): The number of MIM iterations (default: 10).
        decay_factor (float): The decay factor for momentum (default: 1.0).

Returns:
        adversarial_example (numpy.ndarray): The perturbed input example.
```

### EAD

Elastic Net Attack (EAD) attack.

```
Parameters:
        model (tensorflow.keras.Model): The target model to attack.
        x (numpy.ndarray): The input example to attack.
        y (numpy.ndarray): The true labels of the input example.
        epsilon (float): The maximum magnitude of the perturbation (default: 0.01).
        beta (float): The L1 regularization parameter (default: 0.01).
        num_steps (int): The number of EAD iterations (default: 10).
        alpha (float): The step size for each iteration (default: 0.01).

Returns:
        adversarial_example (numpy.ndarray): The perturbed input example.
```

### Word swap

Simple word swap attack for text.

```
Parameters:
        text (str): The input text.
        swap_dict (dict): Dictionary of words and their substitutes.
        
Returns:
        perturbed_text (str): The text with swapped words.
```

### Character swap

Simple character swap attack for text.

```
Parameters:
        text (str): The input text.
        swap_prob (float): The probability of swapping a character in a word (default: 0.1).

Returns:
        perturbed_text (str): The text with swapped characters.
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://infinitode-docs.gitbook.io/documentation/package-documentation/deepdefend-package-documentation/deepdefend-reference/attacks-functions.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.