Summary

Supported attacks

Provides different attack and evaluation approaches.

CarliniWagnerL2Metric The L2 version of C&W attack.
CarliniWagnerLinfMetric The L_inf version of C&W attack.
AdditiveNoiseMetric Base class for metric that tests models against additive noise.
AdditiveGaussianNoiseMetric Metric that tests models against Gaussian noise.
AdditiveUniformNoiseMetric Metric that tests models against uniform noise.
BlendedUniformNoiseMetric Blends the image with a uniform noise image until it is misclassified.
GaussianBlurMetric Metric that tests models against Gaussian blurs.
BrightnessMetric Metric that tests models against brightness variations.
ContrastReductionMetric Metric that tests models against brightness variations.
MotionBlurMetric Motion blurs the image until it is misclassified.
RotationMetric Metric that tests models against rotations.
SaltAndPepperNoiseMetric Add salt and pepper noise.
SpatialMetric Metric that tests models against spatial transformations.

Supported models

Provides class to wrap existing models in different frameworks so that they provide a unified API to the benchmarks.

KerasModel Create a Model instance from a Keras model.
PyTorchModel Creates a Model instance from a PyTorch module.
AipModel Base class for models hosted on Baidu AIP platform.
AipAntiPornModel Create a Model instance from an AipAntiPorn model.
GoogleCloudModel Base class for models in Google Cloud.
GoogleSafeSearchModel Create a :class: Model instance from a GoogleSafeSearchModel model.
GoogleObjectDetectionModel Create a :class: Model instance from a GoogleObjectDetectionModel model.
KerasYOLOv3Model
KerasSSD300Model
KerasResNet50RetinaNetModel

Supported adversarial criterions

Provides class to wrap all adversarial criterions so that attacks has uniform API access.

Misclassification Defines adversarials as images for which the predicted class is not the original class.
ConfidentMisclassification Defines adversarials as images for which the probability of any class other than the original is above a given threshold.
TopKMisclassification Defines adversarials as images for which the original class is not one of the top k predicted classes.
TargetClass Defines adversarials as images for which the predicted class is the given target class.
OriginalClassProbability Defines adversarials as images for which the probability of original class is below a given threshold.
TargetClassProbability Defines adversarials as images for which the probability of a given target class is above a given threshold.
MisclassificationAntiPorn Defines adversarials as image for which the probability of being normal is larger than the probability of being porn.
MisclassificationSafeSearch Defines adversarials as image for which the probability of being unsafe is lower than a threshold.
TargetClassMiss Defines adversarials as images for which the target class is not in the detection result.
TargetClassMissGoogle Defines adversarials as images for which the target class is not in the Google object detection result.
WeightedAP Defines adversarials as weighted AP value larger than given threshold.

Supported distance metrics

Provides classes to measure the distance between two images.

MeanSquaredDistance Calculates the mean squared error between two images.
MeanAbsoluteDistance Calculates the mean absolute error between two images.
Linfinity Calculates the L-infinity norm of the difference between two images.
L0 Calculates the L0 norm of the difference between two images.
MSE alias of perceptron.utils.distances.MeanSquaredDistance
MAE alias of perceptron.utils.distances.MeanAbsoluteDistance
Linf alias of perceptron.utils.distances.Linfinity