`art.defences.postprocessor`¶

Module implementing postprocessing defences against adversarial attacks.

Base Class Postprocessor¶

class art.defences.postprocessor.Postprocessor(is_fitted: bool = False, apply_fit: bool = True, apply_predict: bool = True)¶

Abstract base class for postprocessing defences. Postprocessing defences are not included in the loss function evaluation for loss gradients or the calculation of class gradients.

abstract __call__(preds: numpy.ndarray) → numpy.ndarray¶

Perform model postprocessing and return postprocessed output.

Return type: ndarray
Parameters: preds (ndarray) – model output to be postprocessed.
Returns: Postprocessed model output.

__init__(is_fitted: bool = False, apply_fit: bool = True, apply_predict: bool = True) → None¶

Create a postprocessing object.

Optionally, set attributes.

property apply_fit¶

Property of the defence indicating if it should be applied at training time.

Returns: True if the defence should be applied when fitting a model, False otherwise.

property apply_predict¶

Property of the defence indicating if it should be applied at test time.

Returns: True if the defence should be applied at prediction time, False otherwise.

fit(preds: numpy.ndarray, **kwargs) → None¶

Fit the parameters of the postprocessor if it has any.

Parameters

preds (ndarray) – Training set to fit the postprocessor.
kwargs – Other parameters.

property is_fitted¶

Return the state of the postprocessing object.

Returns: True if the postprocessing model has been fitted (if this applies).

set_params(**kwargs) → None¶: Take in a dictionary of parameters and apply checks before saving them as attributes.

Class Labels¶

class art.defences.postprocessor.ClassLabels(apply_fit: bool = False, apply_predict: bool = True)¶

Implementation of a postprocessor based on adding class labels to classifier output.

__call__(preds: numpy.ndarray) → numpy.ndarray¶

Perform model postprocessing and return postprocessed output.

Return type: ndarray
Parameters: preds (ndarray) – model output to be postprocessed.
Returns: Postprocessed model output.

__init__(apply_fit: bool = False, apply_predict: bool = True) → None¶

Create a ClassLabels postprocessor.

Parameters

apply_fit (bool) – True if applied during fitting/training.
apply_predict (bool) – True if applied during predicting.

Gaussian Noise¶

class art.defences.postprocessor.GaussianNoise(scale: float = 0.2, apply_fit: bool = False, apply_predict: bool = True)¶

Implementation of a postprocessor based on adding Gaussian noise to classifier output.

__call__(preds: numpy.ndarray) → numpy.ndarray¶

Perform model postprocessing and return postprocessed output.

Return type: ndarray
Parameters: preds (ndarray) – model output to be postprocessed.
Returns: Postprocessed model output.

__init__(scale: float = 0.2, apply_fit: bool = False, apply_predict: bool = True) → None¶

Create a GaussianNoise postprocessor.

Parameters

scale (float) – Standard deviation of the distribution.
apply_fit (bool) – True if applied during fitting/training.
apply_predict (bool) – True if applied during predicting.

High Confidence¶

class art.defences.postprocessor.HighConfidence(cutoff: float = 0.25, apply_fit: bool = False, apply_predict: bool = True)¶

Implementation of a postprocessor based on selecting high confidence predictions to return as classifier output.

__call__(preds: numpy.ndarray) → numpy.ndarray¶

Perform model postprocessing and return postprocessed output.

Return type: ndarray
Parameters: preds (ndarray) – model output to be postprocessed.
Returns: Postprocessed model output.

__init__(cutoff: float = 0.25, apply_fit: bool = False, apply_predict: bool = True) → None¶

Create a HighConfidence postprocessor.

Parameters

cutoff (float) – Minimal value for returned prediction output.
apply_fit (bool) – True if applied during fitting/training.
apply_predict (bool) – True if applied during predicting.

Reverse Sigmoid¶

class art.defences.postprocessor.ReverseSigmoid(beta: float = 1.0, gamma: float = 0.1, apply_fit: bool = False, apply_predict: bool = True)¶

Implementation of a postprocessor based on adding the Reverse Sigmoid perturbation to classifier output.

__call__(preds: numpy.ndarray) → numpy.ndarray¶

Perform model postprocessing and return postprocessed output.

Return type: ndarray
Parameters: preds (ndarray) – model output to be postprocessed.
Returns: Postprocessed model output.

__init__(beta: float = 1.0, gamma: float = 0.1, apply_fit: bool = False, apply_predict: bool = True) → None¶

Create a ReverseSigmoid postprocessor.

Parameters

beta (float) – A positive magnitude parameter.
gamma (float) – A positive dataset and model specific convergence parameter.
apply_fit (bool) – True if applied during fitting/training.
apply_predict (bool) – True if applied during predicting.

Rounded¶

class art.defences.postprocessor.Rounded(decimals: int = 3, apply_fit: bool = False, apply_predict: bool = True)¶

Implementation of a postprocessor based on rounding classifier output.

__call__(preds: numpy.ndarray) → numpy.ndarray¶

Perform model postprocessing and return postprocessed output.

Return type: ndarray
Parameters: preds (ndarray) – model output to be postprocessed.
Returns: Postprocessed model output.

__init__(decimals: int = 3, apply_fit: bool = False, apply_predict: bool = True) → None¶

Create a Rounded postprocessor.

Parameters

decimals (int) – Number of decimal places after the decimal point.
apply_fit (bool) – True if applied during fitting/training.
apply_predict (bool) – True if applied during predicting.

art.defences.postprocessor¶

Base Class Postprocessor¶

Class Labels¶

Gaussian Noise¶

High Confidence¶

Reverse Sigmoid¶

Rounded¶

`art.defences.postprocessor`¶