art.wrappers
¶
Module providing wrappers for Classifier
instances to simulate different capacities and behaviours, like
blackbox gradient estimation.
Base Class Wrapper¶

class
art.wrappers.
ClassifierWrapper
(classifier)¶ Wrapper class for any classifier instance.
Expectation over Transformations¶

class
art.wrappers.
ExpectationOverTransformations
(classifier: CLASSIFIER_CLASS_LOSS_GRADIENTS_TYPE, sample_size: int, transformation)¶ Implementation of Expectation Over Transformations applied to classifier predictions and gradients, as introduced in Athalye et al. (2017).
Paper link: https://arxiv.org/abs/1707.07397
class_gradient
(x: numpy.ndarray, label: Optional[Union[int, List[int]]] = None, training_mode: bool = False, **kwargs) → numpy.ndarray¶ Compute perclass derivatives of the given classifier w.r.t. x, taking an expectation over transformations.
 Return type
ndarray
 Parameters
x (
ndarray
) – Sample input with shape as expected by the model.label – Index of a specific perclass derivative. If an integer is provided, the gradient of that class output is computed for all samples. If multiple values as provided, the first dimension should match the batch size of x, and each value will be used as target for its corresponding sample in x. If None, then gradients for all classes will be computed for each sample.
training_mode (
bool
) – True for model set to training mode and ‘False for model set to evaluation mode.
 Returns
Array of gradients of input features w.r.t. each class in the form (batch_size, nb_classes, input_shape) when computing for all classes, otherwise shape becomes (batch_size, 1, input_shape) when label parameter is specified.

fit
(*args, **kwargs)¶ Fit the classifier using the training data (x, y).
 Parameters
x – Features in array of shape (nb_samples, nb_features) or (nb_samples, nb_pixels_1, nb_pixels_2, nb_channels) or (nb_samples, nb_channels, nb_pixels_1, nb_pixels_2).
y – Target values (class labels in classification) in array of shape (nb_samples, nb_classes) in onehot encoding format.
batch_size – Size of batches.
nb_epochs – Number of epochs to use for training.
kwargs – Dictionary of frameworkspecific arguments.

get_activations
(x: numpy.ndarray, layer: Union[int, str], batch_size: int) → numpy.ndarray¶ Return the output of the specified layer for input x. layer is specified by layer index (between 0 and nb_layers  1) or by name. The number of layers can be determined by counting the results returned by calling layer_names.
 Return type
ndarray
 Parameters
x (
ndarray
) – Input for computing the activations.layer – Layer for computing the activations.
batch_size (
int
) – Size of batches.
 Returns
The output of layer, where the first dimension is the batch size corresponding to x.

property
input_shape
¶ Return the shape of one input sample.
 Returns
Shape of one input sample.

property
layer_names
¶ Return the hidden layers in the model, if applicable.
 Returns
The hidden layers in the model, input and output layers excluded.
 Return type
list
Warning
layer_names tries to infer the internal structure of the model. This feature comes with no guarantees on the correctness of the result. The intended order of the layers tries to match their order in the model, but this is not guaranteed either.

loss_gradient
(x: numpy.ndarray, y: numpy.ndarray, training_mode: bool = False, **kwargs) → numpy.ndarray¶ Compute the gradient of the given classifier’s loss function w.r.t. x, taking an expectation over transformations.
 Return type
ndarray
 Parameters
x (
ndarray
) – Sample input with shape as expected by the model.y (
ndarray
) – Correct labels, onehot encoded.
 Returns
Array of gradients of the same shape as x.

property
nb_classes
¶ Return the number of output classes.
 Returns
Number of classes in the data.

predict
(*args, **kwargs)¶ Perform prediction of the given classifier for a batch of inputs, taking an expectation over transformations.
 Parameters
x – Input samples.
batch_size – Size of batches.
 Returns
Array of predictions of shape (nb_inputs, nb_classes).

save
(filename: str, path: Optional[str] = None) → None¶ Save a model to file specific to the backend framework.
 Parameters
filename (
str
) – Name of the file where to save the model.path – Path of the directory where to save the model. If no path is specified, the model will be stored in the default data location of ART at ART_DATA_PATH.

QueryEfficient BlackBox Attack¶

class
art.wrappers.
QueryEfficientBBGradientEstimation
(classifier: CLASSIFIER_CLASS_LOSS_GRADIENTS_TYPE, num_basis: int, sigma: float, round_samples: float = 0.0)¶ Implementation of QueryEfficient Blackbox Adversarial Examples. The attack approximates the gradient by maximizing the loss function over samples drawn from random Gaussian noise around the input.
Paper link: https://arxiv.org/abs/1712.07113
class_gradient
(x: numpy.ndarray, label: Optional[Union[int, List[int]]] = None, **kwargs) → numpy.ndarray¶ Compute perclass derivatives w.r.t. x.
 Return type
ndarray
 Parameters
x (
ndarray
) – Input with shape as expected by the classifier’s model.label – Index of a specific perclass derivative. If an integer is provided, the gradient of that class output is computed for all samples. If multiple values as provided, the first dimension should match the batch size of x, and each value will be used as target for its corresponding sample in x. If None, then gradients for all classes will be computed for each sample.
 Returns
Array of gradients of input features w.r.t. each class in the form (batch_size, nb_classes, input_shape) when computing for all classes, otherwise shape becomes (batch_size, 1, input_shape) when label parameter is specified.

fit
(*args, **kwargs)¶ Fit the classifier using the training data (x, y).
 Parameters
x – Features in array of shape (nb_samples, nb_features) or (nb_samples, nb_pixels_1, nb_pixels_2, nb_channels) or (nb_samples, nb_channels, nb_pixels_1, nb_pixels_2).
y – Target values (class labels in classification) in array of shape (nb_samples, nb_classes) in onehot encoding format.
kwargs – Dictionary of frameworkspecific arguments.

get_activations
(x: numpy.ndarray, layer: Union[int, str], batch_size: int) → numpy.ndarray¶ Return the output of the specified layer for input x. layer is specified by layer index (between 0 and nb_layers  1) or by name. The number of layers can be determined by counting the results returned by calling layer_names.
 Return type
ndarray
 Parameters
x (
ndarray
) – Input for computing the activations.layer – Layer for computing the activations.
batch_size (
int
) – Size of batches.
 Returns
The output of layer, where the first dimension is the batch size corresponding to x.

property
input_shape
¶ Return the shape of one input sample.
 Returns
Shape of one input sample.

loss_gradient
(x: numpy.ndarray, y: numpy.ndarray, **kwargs) → numpy.ndarray¶ Compute the gradient of the loss function w.r.t. x.
 Return type
ndarray
 Parameters
x (
ndarray
) – Sample input with shape as expected by the model.y (
ndarray
) – Correct labels, onevsrest encoding.
 Returns
Array of gradients of the same shape as x.

predict
(*args, **kwargs)¶ Perform prediction of the classifier for input x.
 Parameters
x – Features in array of shape (nb_samples, nb_features) or (nb_samples, nb_pixels_1, nb_pixels_2, nb_channels) or (nb_samples, nb_channels, nb_pixels_1, nb_pixels_2).
batch_size – Size of batches.
 Returns
Array of predictions of shape (nb_inputs, nb_classes).

save
(filename: str, path: Optional[str] = None) → None¶ Save a model to file specific to the backend framework.
 Parameters
filename (
str
) – Name of the file where to save the model.path – Path of the directory where to save the model. If no path is specified, the model will be stored in the default data location of ART at ART_DATA_PATH.
