# Defenses Functions

**Available functions:**

* [`adversarial_training`](#adversarial-training)`(model, x, y, epsilon=0.01)`: Adversarial Training defense.
* [`feature_squeezing`](#feature-squeezing)`(model, bit_depth=4)`: Feature Squeezing defense.
* [`gradient_masking`](#gradient-masking)`(model, mask_threshold=0.1)`: Gradient Masking defense.
* [`input_transformation`](#input-transformation)`(model, transformation_function=None)`: Input Transformation defense.
* [`defensive_distillation`](#defensive-distillation)`(model, teacher_model, temperature=2)`: Defensive Distillation defense.
* [`randomized_smoothing`](#randomized-smoothing)`(model, noise_level=0.1)`: Randomized Smoothing defense.
* [`feature_denoising`](#feature-denoising)`(model)`: Feature Denoising defense.
* [`thermometer_encoding`](#thermometer-encoding)`(model, num_bins=10)`: Thermometer Encoding defense.
* [`adversarial_logit_pairing`](#adversarial-logit-pairing-alp)`(model, paired_model)`: Adversarial Logit Pairing (ALP) defense.
* [`spatial_smoothing`](#spatial-smoothing)`(model, kernel_size=3)`: Spatial Smoothing defense.
* [`jpeg_compression`](#jpeg-compression)`(model, quality=75)`: JPEG Compression defense.
* [`pixel_deflection`](#pixel-deflection-defense)`(model, deflection_count=100, window_size=10)`: Pixel Deflection defense.
* [`gaussian_blur`](#gaussian-blur-defense)`(model, kernel_size=3, sigma=1.0)`: Gaussian Blur defense.
* [`total_variation_minimization`](#total-variation-minimization-defense)`(model, iterations=10, regularization_parameter=0.1)`: Total Variation Minimization defense.
* [`word_masking`](#word-masking-defense)`(text, mask_token="[MASK]", mask_prob=0.1)`: Simple word masking defense for text.
* [`median_smoothing`](#median-smoothing-defense)`(model, kernel_size=3)`: Median Smoothing defense.

***

### Adversarial Training

Adversarial training is a method where the model is trained on both the original and adversarial examples, aiming to make the model more robust to adversarial attacks.

```
Parameters:
    model (tensorflow.keras.Model): The model to defend.
    x (numpy.ndarray): The input training examples.
    y (numpy.ndarray): The true labels of the training examples.
    epsilon (float): The magnitude of the perturbation (default: 0.01).

Returns:
    defended_model (tensorflow.keras.Model): The adversarially trained model.
```

### Feature Squeezing

Feature squeezing reduces the number of bits used to represent the input features, which can remove certain adversarial perturbations.

```
Parameters:
    model (tensorflow.keras.Model): The model to defend.
    bit_depth (int): The number of bits per feature (default: 4).

Returns:
    defended_model (tensorflow.keras.Model): The model with feature squeezing defense.
```

### Gradient Masking

Gradient masking modifies the gradients during training to make them less informative for adversarial attackers.

```
Parameters:
        model (tensorflow.keras.Model): The model to defend.
        mask_threshold (float): The threshold for masking gradients (default: 0.1).

Returns:
        defended_model (tensorflow.keras.Model): The model with gradient masking defense.
```

### Input Transformation

Input transformation applies a transformation to the input data before feeding it to the model, aiming to remove adversarial perturbations.

```
Parameters:
        model (tensorflow.keras.Model): The model to defend.
        transformation_function (function): The transformation function to apply (default: None).

Returns:
        defended_model (tensorflow.keras.Model): The model with input transformation defense.
```

### Defensive Distillation

Defensive distillation trains a student model to mimic the predictions of a teacher model, which is often a more robust model.

```
Parameters:
        model (tensorflow.keras.Model): The student model to defend.
        teacher_model (tensorflow.keras.Model): The teacher model.
        temperature (float): The temperature parameter for distillation (default: 2).

Returns:
        defended_model (tensorflow.keras.Model): The distilled student model
```

### Randomized Smoothing

Randomized smoothing adds random noise to the input data to make the model more robust to adversarial attacks.

```
Parameters:
        model (tensorflow.keras.Model): The model to defend.
        noise_level (float): The standard deviation of the Gaussian noise (default: 0.1).

Returns:
        defended_model (tensorflow.keras.Model): The model with randomized smoothing defense.
```

### Feature Denoising

Feature denoising applies denoising operations to the input data to remove adversarial perturbations.

```
Parameters:
        model (tensorflow.keras.Model): The model to defend.

Returns:
        defended_model (tensorflow.keras.Model): The model with feature denoising defense.
```

### Thermometer Encoding

Thermometer encoding discretizes the input features into bins, making it harder for adversarial perturbations to affect the model.

```
Parameters:
        model (tensorflow.keras.Model): The model to defend.
        num_bins (int): The number of bins for encoding (default: 10).

Returns:
        defended_model (tensorflow.keras.Model): The model with thermometer encoding defense.
```

### Adversarial Logit Pairing (ALP)

Adversarial logit pairing encourages the logits of adversarial examples to be similar to those of clean examples.

```
Parameters:
        model (tensorflow.keras.Model): The model to defend.
        paired_model (tensorflow.keras.Model): The paired model for logit pairing.

Returns:
        defended_model (tensorflow.keras.Model): The model with adversarial logit pairing defense.
```

### Spatial Smoothing

Spatial smoothing applies a smoothing filter to the input data to remove adversarial perturbations.

```
Parameters:
        model (tensorflow.keras.Model): The model to defend.
        kernel_size (int): The size of the smoothing kernel (default: 3).

Returns:
        defended_model (tensorflow.keras.Model): The model with spatial smoothing defense.
```

### JPEG Compression

JPEG compression reduces the size of an image by discarding some information, which can also remove adversarial perturbations.

```
Parameters:
        model (tensorflow.keras.Model): The model to defend.
        quality (int): The JPEG compression quality (0-100), default is 75.

Returns:
        defended_model (tensorflow.keras.Model): The model with JPEG compression defense.
```

### Pixel Deflection Defense

Randomly deflects pixels to nearby locations to disrupt adversarial perturbations.

```
Parameters:
        model (tensorflow.keras.Model): The model to defend.
        deflection_count (int): Number of pixels to deflect (default: 100).
        window_size (int): The range for random deflection (default: 10).

Returns:
        defended_model (tensorflow.keras.Model): The model with pixel deflection defense.
```

### Gaussian Blur Defense

Applies Gaussian blurring to the input data to remove adversarial perturbations.

```
Parameters:
        model (tensorflow.keras.Model): The model to defend.
        kernel_size (int): The size of the Gaussian kernel (default: 3).
        sigma (float): The standard deviation of the Gaussian kernel (default: 1.0).

Returns:
        defended_model (tensorflow.keras.Model): The model with Gaussian blur defense.
```

### Total Variation Minimization Defense

Reconstructs the input image by minimizing total variation.

```
Parameters:
        model (tensorflow.keras.Model): The model to defend.
        iterations (int): Number of reconstruction iterations (default: 10).
        regularization_parameter (float): The regularization parameter (default: 0.1).

Returns:
        defended_model (tensorflow.keras.Model): The model with TV minimization defense.
```

### Word Masking Defense

Simple word masking defense for text.

```
Parameters:
        text (str): The input text.
        mask_token (str): The token to use for masking (default: "[MASK]").
        mask_prob (float): The probability of masking a word (default: 0.1).

Returns:
        defended_text (str): The text with randomly masked words.
```

### Median Smoothing Defense

Applies median filtering to the input data to remove adversarial perturbations.

```
Parameters:
        model (tensorflow.keras.Model): The model to defend.
        kernel_size (int): The size of the smoothing kernel (default: 3).

Returns:
        defended_model (tensorflow.keras.Model): The model with median smoothing defense.
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://infinitode-docs.gitbook.io/documentation/package-documentation/deepdefend-package-documentation/deepdefend-reference/defenses-functions.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.