Scribd
Upload
175 views

Welcome To The Adversarial Robustness Toolbox - Adversarial Robustness Toolbox 1.2.0 Documentation

The Adversarial Robustness Toolbox (ART) is a Python library that helps developers and researchers defend machine learning models against adversarial threats like evasion, extraction, and poisoning attacks. It provides tools to build and test defenses for models using state-of-the-art attacks. ART supports many machine learning frameworks and algorithms. It includes implementations for attacks, defenses, detections, metrics, and more to evaluate and improve model robustness. The code is open source on GitHub and the library is under active development.

Uploaded by

Nida Amalia
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
175 views

Welcome To The Adversarial Robustness Toolbox - Adversarial Robustness Toolbox 1.2.0 Documentation

The Adversarial Robustness Toolbox (ART) is a Python library that helps developers and researchers defend machine learning models against adversarial threats like evasion, extraction, and poisoning attacks. It provides tools to build and test defenses for models using state-of-the-art attacks. ART supports many machine learning frameworks and algorithms. It includes implementations for attacks, defenses, detections, metrics, and more to evaluate and improve model robustness. The code is open source on GitHub and the library is under active development.

Uploaded by

Nida Amalia
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

Docs » Welcome to the Adversarial Robustness Toolbox

Welcome to the Adversarial Robustness Toolbox

Adversarial Robustness Toolbox (ART) is a Python library suppor ng developers and


researchers in defending Machine Learning models (Deep Neural Networks, Gradient
Boosted Decision Trees, Support Vector Machines, Random Forests, Logis c Regression,
Gaussian Processes, Decision Trees, Scikit-learn Pipelines, etc.) against adversarial threats
(including evasion, extrac on and poisoning) and helps making AI systems more secure and
trustworthy. Machine Learning models are vulnerable to adversarial examples, which are
inputs (images, texts, tabular data, etc.) deliberately cra ed to produce a desired response by
the Machine Learning model. ART provides the tools to build and deploy defences and test
them with adversarial a acks.

Defending Machine Learning models involves cer fying and verifying model robustness and
model hardening with approaches such as pre-processing inputs, augmen ng training data
with adversarial examples, and leveraging run me detec on methods to flag any inputs that
might have been modified by an adversary. ART includes a acks for tes ng defenses with
state-of-the-art threat models.

The code of ART is on GitHub.

The library is under con nuous development and feedback, bug reports and contribu ons are
very welcome.

Supported Machine Learning Libraries


TensorFlow (v1 and v2) (h ps://www.tensorflow.org)
Keras (h ps://www.keras.io)
PyTorch (h ps://www.pytorch.org)
MXNet (h ps://mxnet.apache.org)
Scikit-learn (h ps://www.scikit-learn.org)
XGBoost (h ps://www.xgboost.ai)
LightGBM (h ps://lightgbm.readthedocs.io)
CatBoost (h ps://www.catboost.ai)
GPy (h ps://sheffieldml.github.io/GPy/)

Implemented Attacks, Defences, Detections, Metrics,


Certifications and Verifications
Evasion A acks:

Threshold A ack (Vargas et al., 2019)


Pixel A ack (Vargas et al., 2019, Su et al., 2019)
HopSkipJump a ack (Chen et al., 2019)
High Confidence Low Uncertainty adversarial examples (Grosse et al., 2018)
Projected gradient descent (Madry et al., 2017)
NewtonFool (Jang et al., 2017)
Elas c net a ack (Chen et al., 2017a)
Spa al transforma on a ack (Engstrom et al., 2017)
Query-efficient black-box a ack (Ilyas et al., 2017)
Zeroth-order op miza on a ack (Chen et al., 2017b)
Decision-based a ack / Boundary a ack (Brendel et al., 2018)
Adversarial patch (Brown et al., 2017)
Decision tree a ack (Papernot et al., 2016b)
Carlini & Wagner (C&W) L_2 and L_inf a acks (Carlini and Wagner, 2016)
Basic itera ve method (Kurakin et al., 2016)
Jacobian saliency map (Papernot et al., 2016a)
Universal perturba on (Moosavi-Dezfooli et al., 2016)
DeepFool (Moosavi-Dezfooli et al., 2015)
Virtual adversarial method (Miyato et al., 2015)
Fast gradient method (Goodfellow et al., 2014)

Extrac on A acks:

Func onally Equivalent Extrac on (Jagielski et al., 2019)


Copycat CNN (Correia-Silva et al., 2018)
KnockoffNets (Orekondy et al., 2018)

Poisoning A acks:

Poisoning A ack on SVM (Biggio et al., 2013)


Backdoor A ack (Gu, et. al., 2017)

Defences - Preprocessor:

Thermometer encoding (Buckman et al., 2018)


Total variance minimiza on (Guo et al., 2018)
PixelDefend (Song et al., 2017)
Gaussian data augmenta on (Zantedeschi et al., 2017)
Feature squeezing (Xu et al., 2017)
Spa al smoothing (Xu et al., 2017)
JPEG compression (Dziugaite et al., 2016)
Label smoothing (Warde-Farley and Goodfellow, 2016)
Virtual adversarial training (Miyato et al., 2015)
Defences - Postprocessor:

Reverse Sigmoid (Lee et al., 2018)


Random Noise (Chandrasekaranet al., 2018)
Class Labels (Tramer et al., 2016, Chandrasekaranet al., 2018)
High Confidence (Tramer et al., 2016)
Rounding (Tramer et al., 2016)

Defences - Trainer:

Adversarial training (Szegedy et al., 2013)


Adversarial training Madry PGD (Madry et al., 2017)

Defences - Transformer:

Defensive Dis llatoin (Papernot et al., 2015)

Robustness Metrics, Cer fica ons and Verifica ons:

Clique Method Robustness Verifica on (Hongge et al., 2019)


Randomized Smoothing (Cohen et al., 2019)
CLEVER (Weng et al., 2018)
Loss sensi vity (Arpit et al., 2017)
Empirical robustness (Moosavi-Dezfooli et al., 2015)

Detec on of adversarial Examples:

Basic detector based on inputs


Detector trained on the ac va ons of a specific layer
Detector based on Fast Generalized Subset Scan (Speakman et al., 2018)

Detec on of poisoning a acks:

Detec on based on ac va ons analysis (Chen et al., 2018)


Detec on based on data provenance (Baracaldo et al., 2018)

User guide
Setup
Installa on with pip
Manual installa on
Examples
Get Started with ART
Applica ons
Notebooks
Adversarial training
TensorFlow v2
A acks
Classifiers
Detectors
Poisoning
Cer fica on and Verifica on

Modules
art.attacks

Base Class A acks


Base Class Evasion A acks
Base Class Poisoning A acks
Base Class Extrac on A acks
art.attacks.evasion

Adversarial Patch
Decision-Based A ack
Carlini and Wagner L_2 A ack
Carlini and Wagner L_inf A ack
DeepFool
Elas c Net A ack (EAD)
Fast Gradient Method (FGM)
Basic Itera ve Method (BIM)
Projected Gradient Descent (PGD)
Jacobian Saliency Map A ack (JSMA)
NewtonFool
PixelA ack
ThresholdA ack
Spa al Transforma ons A ack
Universal Perturba on A ack
Virtual Adversarial Method
Zeroth-Order Op miza on A ack (ZOO)
HopSkipJump A ack
Decision Tree A ack
High Confidence Low Uncertainty A ack
art.attacks.extraction

Copycat CNN
Func onally Equivalent Extrac on
Knockoff Nets
art.attacks.poisoning

Poisoning SVM A ack


Backdoor Poisoning A ack
art.classifiers

BlackBox Wrapper
Keras Wrapper
MXNet Wrapper
PyTorch Wrapper
TensorFlow Wrapper
TensorFlow v2 Wrapper
Ensemble Wrapper
Scikit-learn Classifier Wrapper
GPy Gaussian Process Wrapper
Base Class
Base Class Neural Network
Base Class Gradients
art.classifiers.scikitlearn

Scikit-learn DecisionTreeClassifier Wrapper


Scikit-learn ExtraTreeClassifier Wrapper
Scikit-learn AdaBoostClassifier Wrapper
Scikit-learn BaggingClassifier Wrapper
Scikit-learn ExtraTreesClassifier Wrapper
Scikit-learn GradientBoos ngClassifier Wrapper
Scikit-learn RandomForestClassifier Wrapper
Scikit-learn Logis cRegression Wrapper
Scikit-learn SVC Wrapper
Base Class Scikit-learn
art.data_generators

Base Class
Framework-Specific Data Generators
art.defences

art.defences.postprocessor

Postprocessor
Class Labels
Gaussian Noise
High Confidence
Reverse Sigmoid
Rounded
art.defences.preprocessor

Preprocessor
Feature Squeezing
Gaussian Data Augmenta on
JPEG Compression
Label Smoothing
PixelDefend
Spa al Smoothing
Thermometer Encoding
Total Variance Minimiza on
art.defences.trainer

Trainer
Adversarial Training
Adversarial Training Madry PGD
art.defences.transformer

Transformer
Defensive Dis lla on
art.detection

Binary Input Detector


Binary Ac va on Detector
art.detection.subsetscanning

Subset Scanning Detector


art.exceptions

ClassifierError
art.poison_detection

Ac va on Defence
Data Provenance Defense
Base Class
art.metrics

Clique Method Robustness Verifica on


Loss Sensi vity
Empirical Robustness
CLEVER
art.utils

Math Opera ons


Label Opera ons
Dataset Opera ons
art.wrappers

Expecta on over Transforma ons


Query-Efficient Black-Box A ack
Randomized Smoothing
Base Wrapper
tests.utils

Test Base Classes


Trained Models for Uni ests, MNIST
Trained Models for Uni ests, Iris
Random Number Generators

Indices and tables


Index
Module Index
Search Page

You might also like