art.wrappers

Module providing wrappers for Classifier instances to simulate different capacities and behaviours, like black-box gradient estimation.

Base Class Wrapper

class art.wrappers.ClassifierWrapper(classifier)

Wrapper class for any classifier instance.

Expectation over Transformations

class art.wrappers.ExpectationOverTransformations(classifier: art.estimators.classification.classifier.ClassifierGradients, sample_size: int, transformation)

Implementation of Expectation Over Transformations applied to classifier predictions and gradients, as introduced in Athalye et al. (2017).

class_gradient(*args, **kwargs)

Compute per-class derivatives of the given classifier w.r.t. x, taking an expectation over transformations.

Parameters
  • x – Sample input with shape as expected by the model.

  • label – Index of a specific per-class derivative. If an integer is provided, the gradient of that class output is computed for all samples. If multiple values as provided, the first dimension should match the batch size of x, and each value will be used as target for its corresponding sample in x. If None, then gradients for all classes will be computed for each sample.

Returns

Array of gradients of input features w.r.t. each class in the form (batch_size, nb_classes, input_shape) when computing for all classes, otherwise shape becomes (batch_size, 1, input_shape) when label parameter is specified.

fit(*args, **kwargs)

Fit the classifier using the training data (x, y).

Parameters
  • x – Features in array of shape (nb_samples, nb_features) or (nb_samples, nb_pixels_1, nb_pixels_2, nb_channels) or (nb_samples, nb_channels, nb_pixels_1, nb_pixels_2).

  • y – Target values (class labels in classification) in array of shape (nb_samples, nb_classes) in one-hot encoding format.

  • batch_size – Size of batches.

  • nb_epochs – Number of epochs to use for training.

  • kwargs – Dictionary of framework-specific arguments.

get_activations(*args, **kwargs)

Return the output of the specified layer for input x. layer is specified by layer index (between 0 and nb_layers - 1) or by name. The number of layers can be determined by counting the results returned by calling layer_names.

Parameters
  • x – Input for computing the activations.

  • layer – Layer for computing the activations.

  • batch_size – Size of batches.

Returns

The output of layer, where the first dimension is the batch size corresponding to x.

property layer_names

Return the hidden layers in the model, if applicable.

Returns

The hidden layers in the model, input and output layers excluded.

Return type

list

Warning

layer_names tries to infer the internal structure of the model. This feature comes with no guarantees on the correctness of the result. The intended order of the layers tries to match their order in the model, but this is not guaranteed either.

loss_gradient(*args, **kwargs)

Compute the gradient of the given classifier’s loss function w.r.t. x, taking an expectation over transformations.

Parameters
  • x – Sample input with shape as expected by the model.

  • y – Correct labels, one-hot encoded.

Returns

Array of gradients of the same shape as x.

nb_classes() → int

Return the number of output classes.

Returns

Number of classes in the data.

predict(*args, **kwargs)

Perform prediction of the given classifier for a batch of inputs, taking an expectation over transformations.

Parameters
  • x – Test set.

  • batch_size – Size of batches.

Returns

Array of predictions of shape (nb_inputs, nb_classes).

save(filename: str, path: Optional[str] = None) → None

Save a model to file specific to the backend framework.

Parameters
  • filename (str) – Name of the file where to save the model.

  • path – Path of the directory where to save the model. If no path is specified, the model will be stored in the default data location of ART at ART_DATA_PATH.

set_learning_phase(train: bool) → None

Set the learning phase for the backend framework.

Parameters

train (bool) – True if the learning phase is training, False if learning phase is not training.

Query-Efficient Black-Box Attack

class art.wrappers.QueryEfficientBBGradientEstimation(classifier: art.estimators.classification.classifier.ClassifierGradients, num_basis: int, sigma: float, round_samples: float = 0.0)

Implementation of Query-Efficient Black-box Adversarial Examples. The attack approximates the gradient by maximizing the loss function over samples drawn from random Gaussian noise around the input.

class_gradient(*args, **kwargs)

Compute per-class derivatives w.r.t. x.

Parameters
  • x – Input with shape as expected by the classifier’s model.

  • label – Index of a specific per-class derivative. If an integer is provided, the gradient of that class output is computed for all samples. If multiple values as provided, the first dimension should match the batch size of x, and each value will be used as target for its corresponding sample in x. If None, then gradients for all classes will be computed for each sample.

Returns

Array of gradients of input features w.r.t. each class in the form (batch_size, nb_classes, input_shape) when computing for all classes, otherwise shape becomes (batch_size, 1, input_shape) when label parameter is specified.

fit(*args, **kwargs)

Fit the classifier using the training data (x, y).

Parameters
  • x – Features in array of shape (nb_samples, nb_features) or (nb_samples, nb_pixels_1, nb_pixels_2, nb_channels) or (nb_samples, nb_channels, nb_pixels_1, nb_pixels_2).

  • y – Target values (class labels in classification) in array of shape (nb_samples, nb_classes) in one-hot encoding format.

  • kwargs – Dictionary of framework-specific arguments.

get_activations(*args, **kwargs)

Return the output of the specified layer for input x. layer is specified by layer index (between 0 and nb_layers - 1) or by name. The number of layers can be determined by counting the results returned by calling layer_names.

Parameters
  • x – Input for computing the activations.

  • layer – Layer for computing the activations.

  • batch_size – Size of batches.

Returns

The output of layer, where the first dimension is the batch size corresponding to x.

loss_gradient(*args, **kwargs)

Compute the gradient of the loss function w.r.t. x.

Parameters
  • x – Sample input with shape as expected by the model.

  • y – Correct labels, one-vs-rest encoding.

Returns

Array of gradients of the same shape as x.

predict(*args, **kwargs)

Perform prediction of the classifier for input x.

Parameters
  • x – Features in array of shape (nb_samples, nb_features) or (nb_samples, nb_pixels_1, nb_pixels_2, nb_channels) or (nb_samples, nb_channels, nb_pixels_1, nb_pixels_2).

  • batch_size – Size of batches.

Returns

Array of predictions of shape (nb_inputs, nb_classes).

save(filename: str, path: Optional[str] = None) → None

Save a model to file specific to the backend framework.

Parameters
  • filename (str) – Name of the file where to save the model.

  • path – Path of the directory where to save the model. If no path is specified, the model will be stored in the default data location of ART at ART_DATA_PATH.

set_learning_phase(train: bool) → None

Set the learning phase for the backend framework.

Parameters

train (bool) – True if the learning phase is training, False if learning phase is not training.