`art.defences.postprocessor`¶

Module implementing postprocessing defences against adversarial attacks.

Base Class Postprocessor¶

class art.defences.postprocessor.Postprocessor¶

Abstract base class for postprocessing defences. Postprocessing defences are not included in the loss function evaluation for loss gradients or the calculation of class gradients.

abstract __call__(preds: numpy.ndarray) → numpy.ndarray¶

Perform model postprocessing and return postprocessed output.

Return type: ndarray
Parameters: preds (ndarray) – model output to be postprocessed.
Returns: Postprocessed model output.

__init__() → None¶: Create a postprocessing object.

abstract property apply_fit¶

Property of the defence indicating if it should be applied at training time.

Returns: True if the defence should be applied when fitting a model, False otherwise.

abstract property apply_predict¶

Property of the defence indicating if it should be applied at test time.

Returns: True if the defence should be applied at prediction time, False otherwise.

abstract fit(preds: numpy.ndarray, **kwargs) → None¶

Fit the parameters of the postprocessor if it has any.

Parameters

preds (ndarray) – Training set to fit the postprocessor.
kwargs – Other parameters.

property is_fitted¶

Return the state of the postprocessing object.

Returns: True if the postprocessing model has been fitted (if this applies).

set_params(**kwargs) → None¶: Take in a dictionary of parameters and apply checks before saving them as attributes.

Class Labels¶

class art.defences.postprocessor.ClassLabels(apply_fit: bool = False, apply_predict: bool = True)¶

Implementation of a postprocessor based on adding class labels to classifier output.

__call__(preds: numpy.ndarray) → numpy.ndarray¶

Perform model postprocessing and return postprocessed output.

Return type: ndarray
Parameters: preds (ndarray) – model output to be postprocessed.
Returns: Postprocessed model output.

__init__(apply_fit: bool = False, apply_predict: bool = True) → None¶

Create a ClassLabels postprocessor.

Parameters

apply_fit (bool) – True if applied during fitting/training.
apply_predict (bool) – True if applied during predicting.

property apply_fit¶

Property of the defence indicating if it should be applied at training time.

Returns: True if the defence should be applied when fitting a model, False otherwise.

property apply_predict¶

Property of the defence indicating if it should be applied at test time.

Returns: True if the defence should be applied at prediction time, False otherwise.

fit(preds: numpy.ndarray, **kwargs) → None¶: No parameters to learn for this method; do nothing.

Gaussian Noise¶

class art.defences.postprocessor.GaussianNoise(scale: float = 0.2, apply_fit: bool = False, apply_predict: bool = True)¶

Implementation of a postprocessor based on adding Gaussian noise to classifier output.

__call__(preds: numpy.ndarray) → numpy.ndarray¶

Perform model postprocessing and return postprocessed output.

Return type: ndarray
Parameters: preds (ndarray) – model output to be postprocessed.
Returns: Postprocessed model output.

__init__(scale: float = 0.2, apply_fit: bool = False, apply_predict: bool = True) → None¶

Create a GaussianNoise postprocessor.

Parameters

scale (float) – Standard deviation of the distribution.
apply_fit (bool) – True if applied during fitting/training.
apply_predict (bool) – True if applied during predicting.

property apply_fit¶

Property of the defence indicating if it should be applied at training time.

Returns: True if the defence should be applied when fitting a model, False otherwise.

property apply_predict¶

Property of the defence indicating if it should be applied at test time.

Returns: True if the defence should be applied at prediction time, False otherwise.

fit(preds: numpy.ndarray, **kwargs) → None¶: No parameters to learn for this method; do nothing.

High Confidence¶

class art.defences.postprocessor.HighConfidence(cutoff: float = 0.25, apply_fit: bool = False, apply_predict: bool = True)¶

Implementation of a postprocessor based on selecting high confidence predictions to return as classifier output.

__call__(preds: numpy.ndarray) → numpy.ndarray¶

Perform model postprocessing and return postprocessed output.

Return type: ndarray
Parameters: preds (ndarray) – model output to be postprocessed.
Returns: Postprocessed model output.

__init__(cutoff: float = 0.25, apply_fit: bool = False, apply_predict: bool = True) → None¶

Create a HighConfidence postprocessor.

Parameters

cutoff (float) – Minimal value for returned prediction output.
apply_fit (bool) – True if applied during fitting/training.
apply_predict (bool) – True if applied during predicting.

property apply_fit¶

Property of the defence indicating if it should be applied at training time.

Returns: True if the defence should be applied when fitting a model, False otherwise.

property apply_predict¶

Property of the defence indicating if it should be applied at test time.

Returns: True if the defence should be applied at prediction time, False otherwise.

fit(preds: numpy.ndarray, **kwargs) → None¶: No parameters to learn for this method; do nothing.

Reverse Sigmoid¶

class art.defences.postprocessor.ReverseSigmoid(beta: float = 1.0, gamma: float = 0.1, apply_fit: bool = False, apply_predict: bool = True)¶

Implementation of a postprocessor based on adding the Reverse Sigmoid perturbation to classifier output.

__call__(preds: numpy.ndarray) → numpy.ndarray¶

Perform model postprocessing and return postprocessed output.

Return type: ndarray
Parameters: preds (ndarray) – model output to be postprocessed.
Returns: Postprocessed model output.

__init__(beta: float = 1.0, gamma: float = 0.1, apply_fit: bool = False, apply_predict: bool = True) → None¶

Create a ReverseSigmoid postprocessor.

Parameters

beta (float) – A positive magnitude parameter.
gamma (float) – A positive dataset and model specific convergence parameter.
apply_fit (bool) – True if applied during fitting/training.
apply_predict (bool) – True if applied during predicting.

property apply_fit¶

Property of the defence indicating if it should be applied at training time.

Returns: True if the defence should be applied when fitting a model, False otherwise.

property apply_predict¶

Property of the defence indicating if it should be applied at test time.

Returns: True if the defence should be applied at prediction time, False otherwise.

fit(preds: numpy.ndarray, **kwargs) → None¶: No parameters to learn for this method; do nothing.

Rounded¶

class art.defences.postprocessor.Rounded(decimals: int = 3, apply_fit: bool = False, apply_predict: bool = True)¶

Implementation of a postprocessor based on rounding classifier output.

__call__(preds: numpy.ndarray) → numpy.ndarray¶

Perform model postprocessing and return postprocessed output.

Return type: ndarray
Parameters: preds (ndarray) – model output to be postprocessed.
Returns: Postprocessed model output.

__init__(decimals: int = 3, apply_fit: bool = False, apply_predict: bool = True) → None¶

Create a Rounded postprocessor.

Parameters

decimals (int) – Number of decimal places after the decimal point.
apply_fit (bool) – True if applied during fitting/training.
apply_predict (bool) – True if applied during predicting.

property apply_fit¶

Property of the defence indicating if it should be applied at training time.

Returns: True if the defence should be applied when fitting a model, False otherwise.

property apply_predict¶

Property of the defence indicating if it should be applied at test time.

Returns: True if the defence should be applied at prediction time, False otherwise.

fit(preds: numpy.ndarray, **kwargs) → None¶: No parameters to learn for this method; do nothing.

art.defences.postprocessor¶

Base Class Postprocessor¶

Class Labels¶

Gaussian Noise¶

High Confidence¶

Reverse Sigmoid¶

Rounded¶

`art.defences.postprocessor`¶