mindarmour
MindArmour, a tool box of MindSpore to enhance model security andtrustworthiness against adversarial examples.
- class
mindarmour.
Attack
[source] The abstract base class for all attack classes creating adversarial examples.
batchgenerate
(_inputs, labels, batch_size=64)[source]Generate adversarial examples in batch, based on input samples andtheir labels.
- Parameters
inputs (numpy.ndarray) – Samples based on which adversarialexamples are generated.
labels (numpy.ndarray) – Labels of samples, whose values determinedby specific attacks.
batch_size (int) – The number of samples in one batch.
Returns
- numpy.ndarray, generated adversarial examples
Examples
- Copy>>> inputs = Tensor([[0.2, 0.4, 0.5, 0.2], [0.7, 0.2, 0.4, 0.3]])
- >>> labels = [3, 0]
- >>> advs = attack.batch_generate(inputs, labels, batch_size=2)
- abstract
generate
(inputs, labels)[source] Generate adversarial examples based on normal samples and their labels.
- Parameters
inputs (numpy.ndarray) – Samples based on which adversarialexamples are generated.
labels (numpy.ndarray) – Labels of samples, whose values determinedby specific attacks.
Raises
- NotImplementedError – It is an abstract method.
- class
mindarmour.
BlackModel
[source] The abstract class which treats the target model as a black box. The modelshould be defined by users.
isadversarial
(_data, label, is_targeted)[source]Check if input sample is adversarial example or not.
- Parameters
data (numpy.ndarray) – The input sample to be check, typically somemaliciously perturbed examples.
label (numpy.ndarray) – For targeted attacks, label is intendedlabel of perturbed example. For untargeted attacks, label isoriginal label of corresponding unperturbed sample.
is_targeted (bool) – For targeted/untargeted attacks, select True/False.
Returns
- bool.
-
-
If True, the input sample is adversarial.
-
If False, the input sample is not adversarial.
- abstract
predict
(inputs)[source] Predict using the user specified model. The shape of predict resultsshould be (m, n), where n represents the number of classes this modelclassifies.
- Parameters
inputs (numpy.ndarray) – The input samples to be predicted.
Raises
- NotImplementedError – It is an abstract method.
- class
mindarmour.
Detector
[source] The abstract base class for all adversarial example detectors.
- abstract
detect
(inputs)[source] Detect adversarial examples from input samples.
- Parameters
inputs (Union__[numpy.ndarray, list, tuple]) – The input samples to bedetected.
Raises
- NotImplementedError – It is an abstract method.
abstract
detectdiff
(_inputs)[source]Calculate the difference between the input samples and de-noised samples.
- Parameters
inputs (Union__[numpy.ndarray, list, tuple]) – The input samples to bedetected.
Raises
- NotImplementedError – It is an abstract method.
abstract
fit
(inputs, labels=None)[source]Fit a threshold and refuse adversarial examples whose difference fromtheir denoised versions are larger than the threshold. The threshold isdetermined by a certain false positive rate when applying to normal samples.
- Parameters
inputs (numpy.ndarray) – The input samples to calculate the threshold.
labels (numpy.ndarray) – Labels of training data.
Raises
- NotImplementedError – It is an abstract method.
abstract
transform
(inputs)[source]Filter adversarial noises in input samples.
- Parameters
inputs (Union__[numpy.ndarray, list, tuple]) – The input samples to betransformed.
Raises
- NotImplementedError – It is an abstract method.
- abstract
- class
mindarmour.
Defense
(network)[source] The abstract base class for all defense classes defending adversarialexamples.
- Parameters
network (Cell) – A MindSpore-style deep learning model to be defensed.
batchdefense
(_inputs, labels, batch_size=32, epochs=5)[source]Defense model with samples in batch.
- Parameters
inputs (numpy.ndarray) – Samples based on which adversarialexamples are generated.
labels (numpy.ndarray) – Labels of input samples.
batch_size (int) – Number of samples in one batch.
epochs (int) – Number of epochs.
Returns
numpy.ndarray, loss of batch_defense operation.
Raises
- ValueError – If batch_size is 0.
abstract
defense
(inputs, labels)[source]Defense model with samples.
- Parameters
inputs (numpy.ndarray) – Samples based on which adversarialexamples are generated.
labels (numpy.ndarray) – Labels of input samples.
Raises
- NotImplementedError – It is an abstract method.