A Python toolbox to create adversarial examples that fool neural networks in PyTorch, TensorFlow, and JAX
MIT License
Bot releases are visible (Hide)
Published by jonasrauber almost 5 years ago
threshold
argument to stop attacks once that threshold is reachedfoolbox.attacks
now refers to the attacks with batch support. The old attacks can still be accessed under foolbox.v1.attacks
. Batch support has been added to almost all attacks and new attacks will only be implemented with batch support. If you need batch support for an old attack that has not yet been adapted, please open an issue.
Published by jonasrauber about 5 years ago
Published by jonasrauber over 5 years ago
Batch-support is finally here!
See #316 for details until we have updated the documentation. Right now it's still limited to a few attacks, but feel free to open an issue for any attack that you need. It's easy to extend to new attacks, we just haven't done it yet and will prioritize based on requests.
Published by jonasrauber almost 6 years ago
Foolbox now has an easy way to load models or defenses from Git repos: https://foolbox.readthedocs.io/en/latest/user/zoo.html
Published by jonasrauber almost 6 years ago
Published by jonasrauber about 6 years ago
added missing backward()
support to the CompositeModel
model wrapper
Published by jonasrauber about 6 years ago
The foolbox.models.TensorFlowModel.from_keras
constructor now automatically uses the session used by tf.keras
instead of TensorFlow's default session.
Published by jonasrauber about 6 years ago
tensorflow.keras
models: TensorFlowModel.from_keras(...)
Published by jonasrauber about 6 years ago
threshold
to the attack or Adversarial
instance during initializationAdversarial
instance anymore)Published by jonasrauber about 6 years ago
fmodel.predictions(adversarial.image)
, but it can be useful for non-deterministic models. Note that very close to the decision boundary even otherwise deterministic models can become stochastic because of non-deterministic floating point operations such as reduce_sum
. In addtion to the new output
attribute, there is also a new adversarial_class
attribute for convience; it just takes the argmax of the output.Published by jonasrauber about 6 years ago
Fixed assertions that prevented custom preprocessing functions from changing the shape of the input (see #187).
Published by jonasrauber over 6 years ago
EvoluationaryStrategiesGradientEstimator
as an alternative to the CoordinateWiseGradientEstimator
introduced in 1.3.0 (thanks to @lukas-schott)Published by jonasrauber over 6 years ago
ModelWithEstimatedGradients
model wrapper to replace a model's gradients with gradients estimated by an arbitrary gradient estimatorCoordinateWiseGradientEstimator
and an easy template to implement custom gradient estimatorsBinarizationRefinementAttack
that uses information about a model's input binarization to refine adversarials found by other attacksConfidentMisclassification
criterionbinarize
function in in utils to provide a consistent way to specify input binarization as part of the preprocessingbatch_crossentropy
in utilsGradientLess
model wrapper to ModelWithoutGradients
Published by jonasrauber over 6 years ago
Published by jonasrauber over 6 years ago
__call__
method as well as parameter documentationPublished by jonasrauber over 6 years ago
Improved the documentation and the availability of useful function signatures. Attack parameters are now be fully documented, like everything else, and this documentation is directly accessible within Jupyter / IPython and IDEs.
Published by jonasrauber over 6 years ago
CompositeModel
and added it to docsL0
and Linfinity
(Linf
) distance measuresDeepFoolLinfinityAttack
DeepFoolAttack
to DeepFoolL2Attack
DeepFoolAttack
now chooses norm to optimize based on the employed distance measure (alternative, p=2
or p=np.inf
can be passed)Published by jonasrauber over 6 years ago
Fixed a numeric issue when attacking Keras models that provide probability outputs (instead of logits) using a gradient-based attack.
Published by jonasrauber over 6 years ago
Fixed package dependency issues.
Published by jonasrauber over 6 years ago