Attacks Functions

Available functions:

• fgsm(model, x, y, epsilon=0.01): Fast Gradient Sign Method (FGSM) attack.

• pgd(model, x, y, epsilon=0.01, alpha=0.01, num_steps=10): Projected Gradient Descent (PGD) attack.

• bim(model, x, y, epsilon=0.01, alpha=0.01, num_steps=10): Basic Iterative Method (BIM) attack.

• cw(model, x, y, epsilon=0.01, c=1, kappa=0, num_steps=10, alpha=0.01): Carlini & Wagner (C&W) attack.

• deepfool(model, x, y, num_steps=10): DeepFool attack.

• jsma(model, x, y, theta=0.1, gamma=0.1, num_steps=10): Jacobian-based Saliency Map Attack (JSMA).

• spsa(model, x, y, epsilon=0.01, num_steps=10): Simultaneous Perturbation Stochastic Approximation (SPSA) attack.

---

FGSM

Fast Gradient Sign Method (FGSM) attack.

Parameters:
    model (tensorflow.keras.Model): The target model to attack.
    x (numpy.ndarray): The input example to attack.
    y (numpy.ndarray): The true labels of the input example.
    epsilon (float): The magnitude of the perturbation (default: 0.01).

Returns:
    adversarial_example (numpy.ndarray): The perturbed input example.

PGD

Projected Gradient Descent (PGD) attack.

Parameters:
    model (tensorflow.keras.Model): The target model to attack.
    x (numpy.ndarray): The input example to attack.
    y (numpy.ndarray): The true labels of the input example.
    epsilon (float): The maximum magnitude of the perturbation (default: 0.01).
    alpha (float): The step size for each iteration (default: 0.01).
    num_steps (int): The number of PGD iterations (default: 10).

Returns:
    adversarial_example (numpy.ndarray): The perturbed input example.

BIM

Basic Iterative Method (BIM) attack.

Parameters:
    model (tensorflow.keras.Model): The target model to attack.
    x (numpy.ndarray): The input example to attack.
    y (numpy.ndarray): The true labels of the input example.
    epsilon (float): The maximum magnitude of the perturbation (default: 0.01).
    alpha (float): The step size for each iteration (default: 0.01).
    num_steps (int): The number of BIM iterations (default: 10).

Returns:
    adversarial_example (numpy.ndarray): The perturbed input example.

CW

Carlini & Wagner (C&W) attack.

Parameters:
        model (tensorflow.keras.Model): The target model to attack.
        x (numpy.ndarray): The input example to attack.
        y (numpy.ndarray): The true labels of the input example.
        epsilon (float): The maximum magnitude of the perturbation (default: 0.01).
        c (float): The weight of the L2 norm of the perturbation (default: 1).
        kappa (float): The confidence parameter (default: 0).
        num_steps (int): The number of C&W iterations (default: 10).
        alpha (float): The step size for each iteration (default: 0.01).

Returns:
        adversarial_example (numpy.ndarray): The perturbed input example.

Deepfool

Deepfool attack.

Parameters:
        model (tensorflow.keras.Model): The target model to attack.
        x (numpy.ndarray): The input example to attack.
        y (numpy.ndarray): The true labels of the input example.
        num_steps (int): The number of DeepFool iterations (default: 10).

Returns:
        adversarial_example (numpy.ndarray): The perturbed input example.

JSMA

Jacobian-based Saliency Map Attack (JSMA) attack.

Parameters:
        model (tensorflow.keras.Model): The target model to attack.
        x (numpy.ndarray): The input example to attack.
        y (numpy.ndarray): The true labels of the input example.
        theta (float): The threshold for selecting pixels (default: 0.1).
        gamma (float): The step size for each iteration (default: 0.1).
        num_steps (int): The number of JSMA iterations (default: 10).

Returns:
        adversarial_example (numpy.ndarray): The perturbed input example.

SPSA

Simultaneous Perturbation Stochastic Approximation (SPSA) attack.

Parameters:
        model (tensorflow.keras.Model): The target model to attack.
        x (numpy.ndarray): The input example to attack.
        y (numpy.ndarray): The true labels of the input example.
        epsilon (float): The magnitude of the perturbation (default: 0.01).
        num_steps (int): The number of SPSA iterations (default: 10).
        learning_rate (float): The learning rate for the ADAM optimizer (default: 0.01).
        delta (float): The perturbation size for SPSA (default: 0.01).
        spsa_samples (int): The number of samples for SPSA (default: 128).

Returns:
        adversarial_example (numpy.ndarray): The perturbed input example.