secml.adv.attacks

• secml.adv.attacks.evasion
  • CAttackEvasion
  • CAttackEvasionPGD
  • CAttackEvasionPGDLS
  • CAttackEvasionCleverhans
• secml.adv.attacks.poisoning
  • CAttackPoisoning
  • CAttackPoisoningLogisticRegression
  • CAttackPoisoningRidge
  • CAttackPoisoningSVM

CAttack

class secml.adv.attacks.c_attack.CAttack(classifier, surrogate_classifier, surrogate_data=None, distance=None, dmax=None, lb=None, ub=None, discrete=False, y_target=None, attack_classes='all', solver_type=None, solver_params=None)

Bases: secml.core.c_creator.CCreator

Interface class for evasion and poisoning attacks.

Parameters

classifierCClassifier

Target classifier.

surrogate_classifierCClassifier

Surrogate classifier, assumed to be already trained.

surrogate_dataCDataset or None, optional

Dataset on which the the surrogate classifier has been trained on. Is only required if the classifier is nonlinear.

distance{‘l1’ or ‘l2’}, optional

Norm to use for computing the distance of the adversarial example from the original sample. Default ‘l2’.

dmaxscalar, optional

Maximum value of the perturbation. Default 1.

lb, ubint or CArray, optional

Lower/Upper bounds. If int, the same bound will be applied to all the features. If CArray, a different bound can be specified for each feature. Default lb = 0, ub = 1.

discrete: True/False (default: false).

If True, input space is considered discrete (integer-valued), otherwise continuous.

y_targetint or None, optional

If None an error-generic attack will be performed, else a error-specific attack to have the samples misclassified as belonging to the y_target class.

attack_classes‘all’ or CArray, optional

Array with the classes that can be manipulated by the attacker or

‘all’ (default) if all classes can be manipulated.

solver_typestr or None, optional

Identifier of the solver to be used.

solver_paramsdict or None, optional

Parameters for the solver. Default None, meaning that default parameters will be used.

Attributes

attack_classes

class_type

Defines class type.

classifier

Returns classifier

discrete

Returns True if feature space is discrete, False if continuous.

distance

todo

dmax

Returns dmax

f_eval

f_opt

f_seq

grad_eval

issparse

lb

Returns lb

logger

Logger for current object.

n_dim

solver_params

solver_type

surrogate_classifier

Returns surrogate classifier

surrogate_data

Returns surrogate data

ub

Returns ub

verbose

Verbosity level of logger output.

x_opt

x_seq

y_target

Methods

copy(self)	Returns a shallow copy of current class.
create([class_item])	This method creates an instance of a class with given type.
deepcopy(self)	Returns a deep copy of current class.
get_class_from_type(class_type)	Return the class associated with input type.
get_params(self)	Returns the dictionary of class parameters.
get_subclasses()	Get all the subclasses of the calling class.
is_attack_class(self, y)	Returns True/False if the input class can be attacked.
list_class_types()	This method lists all types of available subclasses of calling one.
load(path)	Loads class from pickle object.
run(self, x, y[, ds_init])	Perform attack for the i-th param name attack power.
save(self, path)	Save class object using pickle.
set(self, param_name, param_value[, copy])	Set a parameter that has a specific name to a specific value.
set_params(self, params_dict[, copy])	Set all parameters passed as a dictionary {key: value}.
timed([msg])	Timer decorator.

property attack_classes

property classifier

Returns classifier

property discrete

Returns True if feature space is discrete, False if continuous.

property distance

todo

property dmax

Returns dmax

property f_eval

property f_opt

property f_seq

property grad_eval

is_attack_class(self, y)

Returns True/False if the input class can be attacked.

Parameters

yint or CArray

CArray or single label of the class to to be checked.

Returns

bool or CArray

True if class y can be manipulated by the attacker,

False otherwise. If CArray, a True/False value for each input label will be returned.

property issparse

property lb

Returns lb

property n_dim

abstract run(self, x, y, ds_init=None)

Perform attack for the i-th param name attack power.

Parameters

xCArray

Initial sample.

yint or CArray

The true label of x.

ds_initCDataset or None, optional.

Dataset for warm start.

property solver_params

property solver_type

property surrogate_classifier

Returns surrogate classifier

property surrogate_data

Returns surrogate data

property ub

Returns ub

property x_opt

property x_seq

property y_target