Attack

Modules


class torchattacks.attack.Attack(name, model)[source]

Base class for all attacks.

Note

It automatically set device to the device where given model is. It basically changes training mode to eval during attack process. To change this, please see set_training_mode.

forward(*input)[source]

It defines the computation performed at every call. Should be overridden by all subclasses.

get_mode()[source]

Get attack mode.

save(data_loader, save_path=None, verbose=True, return_verbose=False, save_pred=False)[source]

Save adversarial images as torch.tensor from given torch.utils.data.DataLoader.

Parameters:
  • save_path (str) – save_path.
  • data_loader (torch.utils.data.DataLoader) – data loader.
  • verbose (bool) – True for displaying detailed information. (Default: True)
  • return_verbose (bool) – True for returning detailed information. (Default: False)
  • save_pred (bool) – True for saving predicted labels (Default: False)
set_mode_default()[source]

Set attack mode as default mode.

set_mode_targeted_by_function(target_map_function=None)[source]

Set attack mode as targeted.

Parameters:target_map_function (function) – Label mapping function. e.g. lambda images, labels:(labels+1)%10. None for using input labels as targeted labels. (Default)
set_mode_targeted_least_likely(kth_min=1)[source]

Set attack mode as targeted with least likely labels. :param kth_min: label with the k-th smallest probability used as target labels. (Default: 1) :type kth_min: str

set_mode_targeted_random()[source]

Set attack mode as targeted with random labels. :param num_classses: number of classes. :type num_classses: str

set_return_type(type)[source]

Set the return type of adversarial images: int or float.

Parameters:type (str) – ‘float’ or ‘int’. (Default: ‘float’)

Note

If ‘int’ is used for the return type, the file size of adversarial images can be reduced (about 1/4 for CIFAR10). However, if the attack originally outputs float adversarial images (e.g. using small step-size than 1/255), it might reduce the attack success rate of the attack.

set_training_mode(model_training=False, batchnorm_training=False, dropout_training=False)[source]

Set training mode during attack process.

Parameters:
  • model_training (bool) – True for using training mode for the entire model during attack process.
  • batchnorm_training (bool) – True for using training mode for batchnorms during attack process.
  • dropout_training (bool) – True for using training mode for dropouts during attack process.

Note

For RNN-based models, we cannot calculate gradients with eval mode. Thus, it should be changed to the training mode during the attack.