art.attacks
¶
Module providing adversarial attacks under a common interface.
Base Class Attacks¶
-
class
art.attacks.
Attack
(estimator)¶ Abstract base class for all attack abstract base classes.
-
property
estimator
¶ The estimator.
-
property
estimator_requirements
¶ The estimator requirements.
-
set_params
(**kwargs) → None¶ Take in a dictionary of parameters and apply attack-specific checks before saving them as attributes.
- Parameters
kwargs – A dictionary of attack-specific parameters.
-
property
Base Class Evasion Attacks¶
-
class
art.attacks.
EvasionAttack
(**kwargs)¶ Abstract base class for evasion attack classes.
-
generate
(*args, **kwargs)¶ Generate adversarial examples and return them as an array. This method should be overridden by all concrete evasion attack implementations.
- Parameters
x – An array with the original inputs to be attacked.
y – Correct labels or target labels for x, depending if the attack is targeted or not. This parameter is only used by some of the attacks.
- Returns
An array holding the adversarial examples.
-
property
targeted
¶ Return Boolean if attack is targeted. Return None if not applicable.
-
Base Class Poisoning Attacks¶
-
class
art.attacks.
PoisoningAttack
(classifier: Optional[CLASSIFIER_TYPE])¶ Abstract base class for poisoning attack classes
-
class
art.attacks.
PoisoningAttackBlackBox
¶ Abstract base class for poisoning attack classes that have no access to the model (classifier object).
-
class
art.attacks.
PoisoningAttackWhiteBox
(classifier: Optional[CLASSIFIER_TYPE])¶ Abstract base class for poisoning attack classes that have white-box access to the model (classifier object).
-
class
art.attacks.
PoisoningAttackTransformer
(classifier: Optional[CLASSIFIER_TYPE])¶ Abstract base class for poisoning attack classes that return a transformed classifier. These attacks have an additional method, poison_estimator, that returns the poisoned classifier.
-
abstract
poison
(x: numpy.ndarray, y=typing.Union[numpy.ndarray, NoneType], **kwargs) → Tuple[numpy.ndarray, numpy.ndarray]¶ Generate poisoning examples and return them as an array. This method should be overridden by all concrete poisoning attack implementations.
- Parameters
x (
ndarray
) – An array with the original inputs to be attacked.y – Target labels for x. Untargeted attacks set this value to None.
- Returns
An tuple holding the (poisoning examples, poisoning labels).
- Return type
(np.ndarray, np.ndarray)
-
abstract
poison_estimator
(x: numpy.ndarray, y: numpy.ndarray, **kwargs) → CLASSIFIER_TYPE¶ Returns a poisoned version of the classifier used to initialize the attack :type y:
ndarray
:type x:ndarray
:param x: Training data :param y: Training labels :return: A poisoned classifier
-
abstract
Base Class Extraction Attacks¶
-
class
art.attacks.
ExtractionAttack
(estimator)¶ Abstract base class for extraction attack classes.
-
extract
(*args, **kwargs)¶ Extract models and return them as an ART classifier. This method should be overridden by all concrete extraction attack implementations.
- Parameters
x – An array with the original inputs to be attacked.
y – Correct labels or target labels for x, depending if the attack is targeted or not. This parameter is only used by some of the attacks.
- Returns
ART classifier of the extracted model.
-
Base Class Inference Attacks¶
-
class
art.attacks.
InferenceAttack
(estimator)¶ Abstract base class for inference attack classes.
-
class
art.attacks.
AttributeInferenceAttack
(estimator, attack_feature: Union[int, slice] = 0)¶ Abstract base class for attribute inference attack classes.
-
abstract
infer
(x: numpy.ndarray, y: Optional[numpy.ndarray] = None, **kwargs) → numpy.ndarray¶ Infer sensitive properties (attributes, membership training records) from the targeted estimator. This method should be overridden by all concrete inference attack implementations.
- Return type
ndarray
- Parameters
x (
ndarray
) – An array with reference inputs to be used in the attack.y – Labels for x. This parameter is only used by some of the attacks.
- Returns
An array holding the inferred properties.
-
set_params
(**kwargs) → None¶ Take in a dictionary of parameters and applies attack-specific checks before saving them as attributes.
-
abstract
Base Class Reconstruction Attacks¶
-
class
art.attacks.
ReconstructionAttack
(estimator)¶ Abstract base class for reconstruction attack classes.
-
abstract
reconstruct
(x: numpy.ndarray, y: Optional[numpy.ndarray] = None, **kwargs) → Tuple[numpy.ndarray, numpy.ndarray]¶ Reconstruct the training dataset of and from the targeted estimator. This method should be overridden by all concrete inference attack implementations.
- Return type
Tuple
- Parameters
x (
ndarray
) – An array with known records of the training set of estimator.y – An array with known labels of the training set of estimator, if None predicted labels will be used.
- Returns
A tuple of two arrays for the reconstructed training input and labels.
-
set_params
(**kwargs) → None¶ Take in a dictionary of parameters and applies attack-specific checks before saving them as attributes.
-
abstract