Stateful Detection of Black-Box Adversarial Attacks - Githubissues

Trusted-AI / adversarial-robustness-toolbox

Adversarial Robustness Toolbox (ART) - Python Library for Machine Learning Security - Evasion, Poisoning, Extraction, Inference - Red and Blue Teams

https://adversarial-robustness-toolbox.readthedocs.io/en/latest/

MIT License

4.76k stars 1.15k forks source link

Stateful Detection of Black-Box Adversarial Attacks #1373

Open twrdyyy opened 2 years ago

twrdyyy commented 2 years ago

Algorithm described here https://arxiv.org/pdf/1907.05587.pdf

Implementation As a part of engineering thesis I'm implementing this algorithm. In addition, I will provide example usages of new module including: jupyter notebook and kubeflow pipeline.

twrdyyy commented 2 years ago

@beat-buesser I will soon open pull request with new module

beat-buesser commented 2 years ago

Hi @twrdyyy Thank you very much for your interest in ART!

twrdyyy commented 2 years ago

@beat-buesser PR probably will be ready by the end of this week, it will include:

new black-box detection module
- BlackBoxDetector
- MemoryQueue class
- NearestNeighborsWrapper for sklearn lib
- Implementation of loss functions mentioned in paper (it is helpful for encoder training)
implementation of encoder for pytorch (it was missing so I've decided to implement it as well)
tests for black-box module
detection example for mnist in pytorch.

I am going to use ART and especially this module to implement simple pipeline. I can share with you link to repository as well to include this in examples. Pipeline will use Tensorflow and Beam with kubeflow as UI.

twrdyyy commented 2 years ago

@beat-buesser To which branch to create a pull request? To dev_1.9.0?

beat-buesser commented 2 years ago

Yes, dev_1.9.0 is the currently dev branch for the next release.

twrdyyy commented 2 years ago

@beat-buesser implementation is ready I will create the PR so that you can review changes and propose some improvement