Extend BlackBoxClassifier* to accept a tuple of input/labels instead of callable

Trusted-AI / adversarial-robustness-toolbox

Adversarial Robustness Toolbox (ART) - Python Library for Machine Learning Security - Evasion, Poisoning, Extraction, Inference - Red and Blue Teams

https://adversarial-robustness-toolbox.readthedocs.io/en/latest/

MIT License

4.72k stars 1.14k forks source link

Extend BlackBoxClassifier* to accept a tuple of input/labels instead of callable #1215

Closed beat-buesser closed 2 years ago

beat-buesser commented 3 years ago

@abigailgold Thank you very much for this feature proposal.

We would like to run inference attacks without any access to a model and only a tuple of inputs and labels. Therefore we would like to extend BlackBoxClassifier and BlackBoxClassifierNeuralNetwork to accept also a tuple of inputs and labels and by default convert them into a predict method based on a look-up table.

Abhishek2271 commented 3 years ago

hi @beat-buesser,

This is a very useful feature indeed. However, I also realized that we can use the TensorFlowClassifier which is whitebox classifier as input to the blackbox attacks as well. Just research purposes, to study adversarial examples, does it make a difference in using TensorFlowClassifier instead of BlackBoxClassifiers to craft adversarial examples as the algorithm underneath still does not use the model parameters?

abigailgold commented 3 years ago

@Abhishek2271 Yes, you can continue to use them as before if you have a model in hand. This is just to support an additional use case, where the model itself is not available for testing and only its predictions are available.