art.defences.transformer.evasion¶
Module implementing transformer-based defences against evasion attacks.
Defensive Distillation¶
- class art.defences.transformer.evasion.DefensiveDistillation(classifier: CLASSIFIER_TYPE, batch_size: int = 128, nb_epochs: int = 10)¶
Implement the defensive distillation mechanism.
Paper link: https://arxiv.org/abs/1511.04508- __call__(x: ndarray, transformed_classifier: CLASSIFIER_TYPE) CLASSIFIER_TYPE¶
Perform the defensive distillation defence mechanism and return a robuster classifier.
- Parameters:
x (
ndarray) – Dataset for training the transformed classifier.transformed_classifier – A classifier to be transformed for increased robustness. Note that, the objective loss function used for fitting inside the input transformed_classifier must support soft labels, i.e. probability labels.
- Returns:
The transformed classifier.
- __init__(classifier: CLASSIFIER_TYPE, batch_size: int = 128, nb_epochs: int = 10) None¶
Create an instance of the defensive distillation defence.
- Parameters:
classifier – A trained classifier.
batch_size (
int) – Size of batches.nb_epochs (
int) – Number of epochs to use for training.
- fit(x: ndarray, y: ndarray | None = None, **kwargs) None¶
No parameters to learn for this method; do nothing.