> For the complete documentation index, see [llms.txt](https://infinitode-docs.gitbook.io/documentation/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://infinitode-docs.gitbook.io/documentation/package-documentation/deepdefend-package-documentation/deepdefend-reference/defenses-functions.md).

# Defenses Functions

**Available functions:**

* [`adversarial_training`](#adversarial-training)`(model, x, y, epsilon=0.01)`: Adversarial Training defense.
* [`feature_squeezing`](#feature-squeezing)`(model, bit_depth=4)`: Feature Squeezing defense.
* [`gradient_masking`](#gradient-masking)`(model, mask_threshold=0.1)`: Gradient Masking defense.
* [`input_transformation`](#input-transformation)`(model, transformation_function=None)`: Input Transformation defense.
* [`defensive_distillation`](#defensive-distillation)`(model, teacher_model, temperature=2)`: Defensive Distillation defense.
* [`randomized_smoothing`](#randomized-smoothing)`(model, noise_level=0.1)`: Randomized Smoothing defense.
* [`feature_denoising`](#feature-denoising)`(model)`: Feature Denoising defense.
* [`thermometer_encoding`](#thermometer-encoding)`(model, num_bins=10)`: Thermometer Encoding defense.
* [`adversarial_logit_pairing`](#adversarial-logit-pairing-alp)`(model, paired_model)`: Adversarial Logit Pairing (ALP) defense.
* [`spatial_smoothing`](#spatial-smoothing)`(model, kernel_size=3)`: Spatial Smoothing defense.
* [`jpeg_compression`](#jpeg-compression)`(model, quality=75)`: JPEG Compression defense.
* [`pixel_deflection`](#pixel-deflection-defense)`(model, deflection_count=100, window_size=10)`: Pixel Deflection defense.
* [`gaussian_blur`](#gaussian-blur-defense)`(model, kernel_size=3, sigma=1.0)`: Gaussian Blur defense.
* [`total_variation_minimization`](#total-variation-minimization-defense)`(model, iterations=10, regularization_parameter=0.1)`: Total Variation Minimization defense.
* [`word_masking`](#word-masking-defense)`(text, mask_token="[MASK]", mask_prob=0.1)`: Simple word masking defense for text.
* [`median_smoothing`](#median-smoothing-defense)`(model, kernel_size=3)`: Median Smoothing defense.

***

### Adversarial Training

Adversarial training is a method where the model is trained on both the original and adversarial examples, aiming to make the model more robust to adversarial attacks.

```
Parameters:
    model (tensorflow.keras.Model): The model to defend.
    x (numpy.ndarray): The input training examples.
    y (numpy.ndarray): The true labels of the training examples.
    epsilon (float): The magnitude of the perturbation (default: 0.01).

Returns:
    defended_model (tensorflow.keras.Model): The adversarially trained model.
```

### Feature Squeezing

Feature squeezing reduces the number of bits used to represent the input features, which can remove certain adversarial perturbations.

```
Parameters:
    model (tensorflow.keras.Model): The model to defend.
    bit_depth (int): The number of bits per feature (default: 4).

Returns:
    defended_model (tensorflow.keras.Model): The model with feature squeezing defense.
```

### Gradient Masking

Gradient masking modifies the gradients during training to make them less informative for adversarial attackers.

```
Parameters:
        model (tensorflow.keras.Model): The model to defend.
        mask_threshold (float): The threshold for masking gradients (default: 0.1).

Returns:
        defended_model (tensorflow.keras.Model): The model with gradient masking defense.
```

### Input Transformation

Input transformation applies a transformation to the input data before feeding it to the model, aiming to remove adversarial perturbations.

```
Parameters:
        model (tensorflow.keras.Model): The model to defend.
        transformation_function (function): The transformation function to apply (default: None).

Returns:
        defended_model (tensorflow.keras.Model): The model with input transformation defense.
```

### Defensive Distillation

Defensive distillation trains a student model to mimic the predictions of a teacher model, which is often a more robust model.

```
Parameters:
        model (tensorflow.keras.Model): The student model to defend.
        teacher_model (tensorflow.keras.Model): The teacher model.
        temperature (float): The temperature parameter for distillation (default: 2).

Returns:
        defended_model (tensorflow.keras.Model): The distilled student model
```

### Randomized Smoothing

Randomized smoothing adds random noise to the input data to make the model more robust to adversarial attacks.

```
Parameters:
        model (tensorflow.keras.Model): The model to defend.
        noise_level (float): The standard deviation of the Gaussian noise (default: 0.1).

Returns:
        defended_model (tensorflow.keras.Model): The model with randomized smoothing defense.
```

### Feature Denoising

Feature denoising applies denoising operations to the input data to remove adversarial perturbations.

```
Parameters:
        model (tensorflow.keras.Model): The model to defend.

Returns:
        defended_model (tensorflow.keras.Model): The model with feature denoising defense.
```

### Thermometer Encoding

Thermometer encoding discretizes the input features into bins, making it harder for adversarial perturbations to affect the model.

```
Parameters:
        model (tensorflow.keras.Model): The model to defend.
        num_bins (int): The number of bins for encoding (default: 10).

Returns:
        defended_model (tensorflow.keras.Model): The model with thermometer encoding defense.
```

### Adversarial Logit Pairing (ALP)

Adversarial logit pairing encourages the logits of adversarial examples to be similar to those of clean examples.

```
Parameters:
        model (tensorflow.keras.Model): The model to defend.
        paired_model (tensorflow.keras.Model): The paired model for logit pairing.

Returns:
        defended_model (tensorflow.keras.Model): The model with adversarial logit pairing defense.
```

### Spatial Smoothing

Spatial smoothing applies a smoothing filter to the input data to remove adversarial perturbations.

```
Parameters:
        model (tensorflow.keras.Model): The model to defend.
        kernel_size (int): The size of the smoothing kernel (default: 3).

Returns:
        defended_model (tensorflow.keras.Model): The model with spatial smoothing defense.
```

### JPEG Compression

JPEG compression reduces the size of an image by discarding some information, which can also remove adversarial perturbations.

```
Parameters:
        model (tensorflow.keras.Model): The model to defend.
        quality (int): The JPEG compression quality (0-100), default is 75.

Returns:
        defended_model (tensorflow.keras.Model): The model with JPEG compression defense.
```

### Pixel Deflection Defense

Randomly deflects pixels to nearby locations to disrupt adversarial perturbations.

```
Parameters:
        model (tensorflow.keras.Model): The model to defend.
        deflection_count (int): Number of pixels to deflect (default: 100).
        window_size (int): The range for random deflection (default: 10).

Returns:
        defended_model (tensorflow.keras.Model): The model with pixel deflection defense.
```

### Gaussian Blur Defense

Applies Gaussian blurring to the input data to remove adversarial perturbations.

```
Parameters:
        model (tensorflow.keras.Model): The model to defend.
        kernel_size (int): The size of the Gaussian kernel (default: 3).
        sigma (float): The standard deviation of the Gaussian kernel (default: 1.0).

Returns:
        defended_model (tensorflow.keras.Model): The model with Gaussian blur defense.
```

### Total Variation Minimization Defense

Reconstructs the input image by minimizing total variation.

```
Parameters:
        model (tensorflow.keras.Model): The model to defend.
        iterations (int): Number of reconstruction iterations (default: 10).
        regularization_parameter (float): The regularization parameter (default: 0.1).

Returns:
        defended_model (tensorflow.keras.Model): The model with TV minimization defense.
```

### Word Masking Defense

Simple word masking defense for text.

```
Parameters:
        text (str): The input text.
        mask_token (str): The token to use for masking (default: "[MASK]").
        mask_prob (float): The probability of masking a word (default: 0.1).

Returns:
        defended_text (str): The text with randomly masked words.
```

### Median Smoothing Defense

Applies median filtering to the input data to remove adversarial perturbations.

```
Parameters:
        model (tensorflow.keras.Model): The model to defend.
        kernel_size (int): The size of the smoothing kernel (default: 3).

Returns:
        defended_model (tensorflow.keras.Model): The model with median smoothing defense.
```
