secml.adv.attacks

• secml.adv.attacks.evasion
  • CAttackEvasion
  • CAttackEvasionPGD
  • CAttackEvasionPGDLS
  • CAttackEvasionCleverhans
• secml.adv.attacks.poisoning
  • CAttackPoisoning
  • CAttackPoisoningLogisticRegression
  • CAttackPoisoningRidge
  • CAttackPoisoningSVM

CAttack

class secml.adv.attacks.c_attack.CAttack(classifier, surrogate_classifier, surrogate_data=None, distance=None, dmax=None, lb=None, ub=None, discrete=False, y_target=None, attack_classes='all', solver_type=None, solver_params=None)

Bases: secml.core.c_creator.CCreator

Interface class for evasion and poisoning attacks.

Parameters

classifierCClassifier

Target classifier.

surrogate_classifierCClassifier

Surrogate classifier, assumed to be already trained.

surrogate_dataCDataset or None, optional

Dataset on which the the surrogate classifier has been trained on. Is only required if the classifier is nonlinear.

distance{‘l1’ or ‘l2’}, optional

Norm to use for computing the distance of the adversarial example from the original sample. Default ‘l2’.

dmaxscalar, optional

Maximum value of the perturbation. Default 1.

lb, ubint or CArray, optional

Lower/Upper bounds. If int, the same bound will be applied to all the features. If CArray, a different bound can be specified for each feature. Default lb = 0, ub = 1.

discrete: True/False (default: false).

If True, input space is considered discrete (integer-valued), otherwise continuous.

y_targetint or None, optional

If None an error-generic attack will be performed, else a error-specific attack to have the samples misclassified as belonging to the y_target class.

attack_classes‘all’ or CArray, optional

Array with the classes that can be manipulated by the attacker or

‘all’ (default) if all classes can be manipulated.

solver_typestr or None, optional

Identifier of the solver to be used.

solver_paramsdict or None, optional

Parameters for the solver. Default None, meaning that default parameters will be used.

Attributes

attack_classes

class_type

Defines class type.

classifier

Returns classifier

discrete

Returns True if feature space is discrete, False if continuous.

distance

todo

dmax

Returns dmax

f_eval

Returns the number of function evaluations made during the attack.

f_opt

Returns the value of the objective function evaluated on the optimal point founded by the attack.

f_seq

Returns a CArray containing the values of the objective function evaluations made by the attack.

grad_eval

Returns the number of function evaluations made during the attack.

issparse

lb

Returns lb

logger

Logger for current object.

n_dim

solver_params

solver_type

surrogate_classifier

Returns surrogate classifier

surrogate_data

Returns surrogate data

ub

Returns ub

verbose

Verbosity level of logger output.

x_opt

Returns the optimal point founded by the attack.

x_seq

Returns a CArray (number of iteration * number of features) containing the values of the attack point path.

y_target

Methods

copy(self)	Returns a shallow copy of current class.
create([class_item])	This method creates an instance of a class with given type.
deepcopy(self)	Returns a deep copy of current class.
get_class_from_type(class_type)	Return the class associated with input type.
get_params(self)	Returns the dictionary of class parameters.
get_state(self)	Returns the object state dictionary.
get_subclasses()	Get all the subclasses of the calling class.
is_attack_class(self, y)	Returns True/False if the input class can be attacked.
list_class_types()	This method lists all types of available subclasses of calling one.
load(path)	Loads object from file.
load_state(self, path)	Sets the object state from file.
run(self, x, y[, ds_init])	Perform attack for the i-th param name attack power.
save(self, path)	Save class object to file.
save_state(self, path)	Store the object state to file.
set(self, param_name, param_value[, copy])	Set a parameter of the class.
set_params(self, params_dict[, copy])	Set all parameters passed as a dictionary {key: value}.
set_state(self, state_dict[, copy])	Sets the object state using input dictionary.
timed([msg])	Timer decorator.

property attack_classes

property classifier

Returns classifier

property discrete

Returns True if feature space is discrete, False if continuous.

property distance

todo

property dmax

Returns dmax

property f_eval

Returns the number of function evaluations made during the attack.

Warning

Due to a known issue, if more then one sample is passed to .run(), this property will only return the data relative to the last optimized one. This behavior will change in a future version.

property f_opt

Returns the value of the objective function evaluated on the optimal point founded by the attack.

Warning

Due to a known issue, if more then one sample is passed to .run(), this property will only return the data relative to the last optimized one. This behavior will change in a future version.

property f_seq

Returns a CArray containing the values of the objective function evaluations made by the attack.

Warning

Due to a known issue, if more then one sample is passed to .run(), this property will only return the data relative to the last optimized one. This behavior will change in a future version.

property grad_eval

Returns the number of function evaluations made during the attack.

Warning

Due to a known issue, if more then one sample is passed to .run(), this property will only return the data relative to the last optimized one. This behavior will change in a future version.

is_attack_class(self, y)

Returns True/False if the input class can be attacked.

Parameters

yint or CArray

CArray or single label of the class to to be checked.

Returns

bool or CArray

True if class y can be manipulated by the attacker,

False otherwise. If CArray, a True/False value for each input label will be returned.

property issparse

property lb

Returns lb

property n_dim

abstract run(self, x, y, ds_init=None)

Perform attack for the i-th param name attack power.

Parameters

xCArray

Initial sample.

yint or CArray

The true label of x.

ds_initCDataset or None, optional.

Dataset for warm start.

property solver_params

property solver_type

property surrogate_classifier

Returns surrogate classifier

property surrogate_data

Returns surrogate data

property ub

Returns ub

property x_opt

Returns the optimal point founded by the attack.

Warning

Due to a known issue, if more then one sample is passed to .run(), this property will only return the data relative to the last optimized one. This behavior will change in a future version.

property x_seq

Returns a CArray (number of iteration * number of features) containing the values of the attack point path.

Warning

Due to a known issue, if more then one sample is passed to .run(), this property will only return the data relative to the last optimized one. This behavior will change in a future version.

property y_target