> For the complete documentation index, see [llms.txt](https://infinitode-docs.gitbook.io/documentation/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://infinitode-docs.gitbook.io/documentation/package-documentation/deepdefend-package-documentation/deepdefend-reference/attacks-functions.md).

# Attacks Functions

**Available functions:**

* [`fgsm`](#fgsm)`(model, x, y, epsilon=0.01)`: Fast Gradient Sign Method (FGSM) attack.
* [`pgd`](#pgd)`(model, x, y, epsilon=0.01, alpha=0.01, num_steps=10)`: Projected Gradient Descent (PGD) attack.
* [`bim`](#bim)`(model, x, y, epsilon=0.01, alpha=0.01, num_steps=10)`: Basic Iterative Method (BIM) attack.
* [`cw`](#cw)`(model, x, y, epsilon=0.01, c=1, kappa=0, num_steps=10, alpha=0.01)`: Carlini & Wagner (C\&W) attack.
* [`deepfool`](#deepfool)`(model, x, y, num_steps=10)`: DeepFool attack.
* [`jsma`](#jsma)`(model, x, y, theta=0.1, gamma=0.1, num_steps=10)`: Jacobian-based Saliency Map Attack (JSMA).
* [`spsa`](#spsa)`(model, x, y, epsilon=0.01, num_steps=10)`: Simultaneous Perturbation Stochastic Approximation (SPSA) attack.
* [`mim`](#mim)`(model, x, y, epsilon=0.01, alpha=0.01, num_steps=10, decay_factor=1.0)`: Momentum Iterative Method (MIM) attack.
* [`ead`](#ead)`(model, x, y, epsilon=0.01, beta=0.01, num_steps=10, alpha=0.01)`: Elastic Net Attack (EAD).
* [`word_swap`](#word-swap)`(text, swap_dict=None)`: Simple word swap attack for text.
* [`char_swap`](#character-swap)`(text, swap_prob=0.1)`: Simple character swap attack for text.

***

### FGSM

Fast Gradient Sign Method (FGSM) attack.

```
Parameters:
    model (tensorflow.keras.Model): The target model to attack.
    x (numpy.ndarray): The input example to attack.
    y (numpy.ndarray): The true labels of the input example.
    epsilon (float): The magnitude of the perturbation (default: 0.01).

Returns:
    adversarial_example (numpy.ndarray): The perturbed input example.
```

### PGD

Projected Gradient Descent (PGD) attack.

```
Parameters:
    model (tensorflow.keras.Model): The target model to attack.
    x (numpy.ndarray): The input example to attack.
    y (numpy.ndarray): The true labels of the input example.
    epsilon (float): The maximum magnitude of the perturbation (default: 0.01).
    alpha (float): The step size for each iteration (default: 0.01).
    num_steps (int): The number of PGD iterations (default: 10).

Returns:
    adversarial_example (numpy.ndarray): The perturbed input example.
```

### BIM

Basic Iterative Method (BIM) attack.

```
Parameters:
    model (tensorflow.keras.Model): The target model to attack.
    x (numpy.ndarray): The input example to attack.
    y (numpy.ndarray): The true labels of the input example.
    epsilon (float): The maximum magnitude of the perturbation (default: 0.01).
    alpha (float): The step size for each iteration (default: 0.01).
    num_steps (int): The number of BIM iterations (default: 10).

Returns:
    adversarial_example (numpy.ndarray): The perturbed input example.
```

### CW

Carlini & Wagner (C\&W) attack.

```
Parameters:
        model (tensorflow.keras.Model): The target model to attack.
        x (numpy.ndarray): The input example to attack.
        y (numpy.ndarray): The true labels of the input example.
        epsilon (float): The maximum magnitude of the perturbation (default: 0.01).
        c (float): The weight of the L2 norm of the perturbation (default: 1).
        kappa (float): The confidence parameter (default: 0).
        num_steps (int): The number of C&W iterations (default: 10).
        alpha (float): The step size for each iteration (default: 0.01).

Returns:
        adversarial_example (numpy.ndarray): The perturbed input example.
```

### Deepfool

Deepfool attack.

```
Parameters:
        model (tensorflow.keras.Model): The target model to attack.
        x (numpy.ndarray): The input example to attack.
        y (numpy.ndarray): The true labels of the input example.
        num_steps (int): The number of DeepFool iterations (default: 10).

Returns:
        adversarial_example (numpy.ndarray): The perturbed input example.
```

### JSMA

Jacobian-based Saliency Map Attack (JSMA) attack.

```
Parameters:
        model (tensorflow.keras.Model): The target model to attack.
        x (numpy.ndarray): The input example to attack.
        y (numpy.ndarray): The true labels of the input example.
        theta (float): The threshold for selecting pixels (default: 0.1).
        gamma (float): The step size for each iteration (default: 0.1).
        num_steps (int): The number of JSMA iterations (default: 10).

Returns:
        adversarial_example (numpy.ndarray): The perturbed input example.
```

### SPSA

Simultaneous Perturbation Stochastic Approximation (SPSA) attack.

```
Parameters:
        model (tensorflow.keras.Model): The target model to attack.
        x (numpy.ndarray): The input example to attack.
        y (numpy.ndarray): The true labels of the input example.
        epsilon (float): The magnitude of the perturbation (default: 0.01).
        num_steps (int): The number of SPSA iterations (default: 10).
        learning_rate (float): The learning rate for the ADAM optimizer (default: 0.01).
        delta (float): The perturbation size for SPSA (default: 0.01).
        spsa_samples (int): The number of samples for SPSA (default: 128).

Returns:
        adversarial_example (numpy.ndarray): The perturbed input example.
```

### MIM

Momentum Iterative Method (MIM) attack.

```
Parameters:
        model (tensorflow.keras.Model): The target model to attack.
        x (numpy.ndarray): The input example to attack.
        y (numpy.ndarray): The true labels of the input example.
        epsilon (float): The maximum magnitude of the perturbation (default: 0.01).
        alpha (float): The step size for each iteration (default: 0.01).
        num_steps (int): The number of MIM iterations (default: 10).
        decay_factor (float): The decay factor for momentum (default: 1.0).

Returns:
        adversarial_example (numpy.ndarray): The perturbed input example.
```

### EAD

Elastic Net Attack (EAD) attack.

```
Parameters:
        model (tensorflow.keras.Model): The target model to attack.
        x (numpy.ndarray): The input example to attack.
        y (numpy.ndarray): The true labels of the input example.
        epsilon (float): The maximum magnitude of the perturbation (default: 0.01).
        beta (float): The L1 regularization parameter (default: 0.01).
        num_steps (int): The number of EAD iterations (default: 10).
        alpha (float): The step size for each iteration (default: 0.01).

Returns:
        adversarial_example (numpy.ndarray): The perturbed input example.
```

### Word swap

Simple word swap attack for text.

```
Parameters:
        text (str): The input text.
        swap_dict (dict): Dictionary of words and their substitutes.
        
Returns:
        perturbed_text (str): The text with swapped words.
```

### Character swap

Simple character swap attack for text.

```
Parameters:
        text (str): The input text.
        swap_prob (float): The probability of swapping a character in a word (default: 0.1).

Returns:
        perturbed_text (str): The text with swapped characters.
```
