art.defences.detector.evasion.subsetscanning

This module implements the fast generalized subset scan based detector.

Subset Scanning Detector

class art.defences.detector.evasion.subsetscanning.SubsetScanningDetector(classifier: art.estimators.classification.classifier.ClassifierNeuralNetwork, bgd_data: numpy.ndarray, layer: Union[int, str], verbose: bool = True)

Fast generalized subset scan based detector by McFowland, E., Speakman, S., and Neill, D. B. (2013).

calculate_pvalue_ranges(eval_x: numpy.ndarray)numpy.ndarray

Returns computed p-value ranges.

Return type

ndarray

Parameters

eval_x (ndarray) – Data being evaluated for anomalies.

Returns

P-value ranges.

property channels_first
Returns

Boolean to indicate index of the color channels in the sample x.

class_gradient(x: numpy.ndarray, label: Optional[Union[int, List[int]]] = None, training_mode: bool = False, **kwargs)numpy.ndarray

Compute per-class derivatives w.r.t. x.

Return type

ndarray

Parameters
  • x (ndarray) – Sample input with shape as expected by the model.

  • label – Index of a specific per-class derivative. If an integer is provided, the gradient of that class output is computed for all samples. If multiple values as provided, the first dimension should match the batch size of x, and each value will be used as target for its corresponding sample in x. If None, then gradients for all classes will be computed for each sample.

  • training_mode (bool) – True for model set to training mode and ‘False for model set to evaluation mode.

Returns

Array of gradients of input features w.r.t. each class in the form (batch_size, nb_classes, input_shape) when computing for all classes, otherwise shape becomes (batch_size, 1, input_shape) when label parameter is specified.

property classifier
Returns

Classifier.

property clip_values

Return the clip values of the input samples.

Returns

Clip values (min, max).

compute_loss(x: numpy.ndarray, y: numpy.ndarray, **kwargs)numpy.ndarray

Compute the loss of the neural network for samples x.

Parameters
  • x (ndarray) – Samples of shape (nb_samples, nb_features) or (nb_samples, nb_pixels_1, nb_pixels_2, nb_channels) or (nb_samples, nb_channels, nb_pixels_1, nb_pixels_2).

  • y (ndarray) – Target values (class labels) one-hot-encoded of shape (nb_samples, nb_classes) or indices of shape (nb_samples,).

Returns

Loss values.

Return type

Format as expected by the model

fit(*args, **kwargs)

Fit the detector using training data. Assumes that the classifier is already trained.

Raises

NotImplementedException – This method is not supported for detectors.

fit_generator(generator: DataGenerator, nb_epochs: int = 20, **kwargs)None

Fit the classifier using the generator gen that yields batches as specified. This function is not supported for this detector.

Raises

NotImplementedException – This method is not supported for detectors.

get_activations(x: numpy.ndarray, layer: Union[int, str], batch_size: int, framework: bool = False)numpy.ndarray

Return the output of the specified layer for input x. layer is specified by layer index (between 0 and nb_layers - 1) or by name. The number of layers can be determined by counting the results returned by calling layer_names. This function is not supported for this detector.

Raises

NotImplementedException – This method is not supported for detectors.

property input_shape

Return the shape of one input sample.

Returns

Shape of one input sample.

loss_gradient(x: numpy.ndarray, y: numpy.ndarray, training_mode: bool = False, **kwargs)numpy.ndarray

Compute the gradient of the loss function w.r.t. x.

Return type

ndarray

Parameters
  • x (ndarray) – Sample input with shape as expected by the model.

  • y (ndarray) – Target values (class labels) one-hot-encoded of shape (nb_samples, nb_classes) or indices of shape (nb_samples,).

  • training_mode (bool) – True for model set to training mode and ‘False for model set to evaluation mode.

Returns

Array of gradients of the same shape as x.

property nb_classes

Return the number of output classes.

Returns

Number of classes in the data.

predict(*args, **kwargs)

Perform detection of adversarial data and return prediction as tuple.

Raises

NotImplementedException – This method is not supported for detectors.

save(filename: str, path: Optional[str] = None)None

Save a model to file in the format specific to the backend framework. This function is not supported for ensembles.

Parameters
  • filename (str) – Name of the file where to store the model.

  • path – Path of the folder where to store the model. If no path is specified, the model will be stored in the default data location of the library ART_DATA_PATH.

scan(clean_x: numpy.ndarray, adv_x: numpy.ndarray, clean_size: Optional[int] = None, advs_size: Optional[int] = None, run: int = 10)Tuple[list, list, float]

Returns scores of highest scoring subsets.

Return type

Tuple

Parameters
  • clean_x (ndarray) – Data presumably without anomalies.

  • adv_x (ndarray) – Data presumably with anomalies (adversarial samples).

  • clean_size

  • advs_size

  • run (int) –

Returns

(clean_scores, adv_scores, detectionpower).