perceptron.benchmarks

Provides different attack and evaluation approaches.

CarliniWagnerL2Metric The L2 version of C&W attack.
CarliniWagnerLinfMetric The L_inf version of C&W attack.
AdditiveNoiseMetric Base class for metric that tests models against additive noise.
AdditiveGaussianNoiseMetric Metric that tests models against Gaussian noise.
AdditiveUniformNoiseMetric Metric that tests models against uniform noise.
BlendedUniformNoiseMetric Blends the image with a uniform noise image until it is misclassified.
GaussianBlurMetric Metric that tests models against Gaussian blurs.
BrightnessMetric Metric that tests models against brightness variations.
ContrastReductionMetric Metric that tests models against brightness variations.
MotionBlurMetric Motion blurs the image until it is misclassified.
RotationMetric Metric that tests models against rotations.
SaltAndPepperNoiseMetric Add salt and pepper noise.
SpatialMetric Metric that tests models against spatial transformations.
class perceptron.benchmarks.Metric(model=None, criterion=None, distance=<class 'perceptron.utils.distances.MeanSquaredDistance'>, threshold=None)[source]

Abstract base class for DNN robustness metrics.

The Metric class represents a robustness testing metric that searches for adversarial examples with minimum perturbation. It should be subclassed when implementing new metrics.

Parameters:
model : a Model instance

The model that should be tested by the metric.

criterion : a Criterion instance

The criterion that determines which images are adversarial.

distance : a Distance class

The measure used to quantify similarity between images.

threshold : float or Distance

If not None, the testing will stop as soon as the adversarial perturbation has a size smaller than this threshold. Can be an instance of the Distance class passed to the distance argument, or a float assumed to have the same unit as the the given distance. If None, the test will simply minimize the distance as good as possible. Note that the threshold only influences early stopping of the test; the returned adversarial does not necessarily have smaller perturbation size than this threshold; the reached_threshold() method can be used to check if the threshold has been reached.

Notes

If a subclass overwrites the constructor, it should call the super constructor with args and kwargs.

__call__(self, input, **kwargs)[source]

Call self as a function.

__init__(self, model=None, criterion=None, distance=<class 'perceptron.utils.distances.MeanSquaredDistance'>, threshold=None)[source]

Initialize self. See help(type(self)) for accurate signature.

__weakref__

list of weak references to the object (if defined)

name(self)[source]

Returns a human readable name that uniquely identifies the metric with its hyperparameters.

Returns:
str

Human readable name that uniquely identifies the metric with its hyperparameters.

Notes

Defaults to the class name but subclasses can provide more descriptive names and must take hyperparameters into account.