mindarmour.defenses

class AdversarialDefense(network, loss_fn=None, optimizer=None)[source]
Adversarial training using given adversarial examples.
- Parameters
- - network (Cell) – A MindSpore network to be defensed.
  - loss_fn (Functions) – Loss function. Default: None.
  - optimizer () – Optimizer used to train the network. Default: None.

Examples

class mindarmour.defenses.(network, attacks, loss_fn=None, optimizer=None, bounds=(0.0, 1.0), replace_ratio=0.5)[source]
Adversarial defense with attacks.
- Parameters
- - attacks (list[]) – List of attack method.
  - loss_fn (Functions) – Loss function. Default: None.
  - bounds (tuple) – Upper and lower bounds of data. In form of (clip_min,clip_max). Default: (0.0, 1.0).
  - replace_ratio () – Ratio of replacing original samples withadversarial, which must be between 0 and 1. Default: 0.5.
- Raises
- ValueError – If replace_ratio is not between 0 and 1.

Examples

class mindarmour.defenses.NaturalAdversarialDefense(network, loss_fn=None, optimizer=None, bounds=(0.0, 1.0), replace_ratio=0.5, eps=0.1)
Adversarial training based on FGSM.

Reference:

Parameters
- loss_fn (Functions) – Loss function. Default: None.
- optimizer (Cell) – Optimizer used to train the network. Default: None.
- bounds () – Upper and lower bounds of data. In form of (clip_min,clip_max). Default: (0.0, 1.0).
- eps (float) – Step size of the attack method(FGSM). Default: 0.1.

Examples

class ProjectedAdversarialDefense(network, loss_fn=None, optimizer=None, bounds=(0.0, 1.0), replace_ratio=0.5, eps=0.3, eps_iter=0.1, nb_iter=5, norm_level='inf')
Adversarial training based on PGD.

Reference:

Examples