Are there any plans to support attacks on TFLite models?

bethgelab / foolbox

A Python toolbox to create adversarial examples that fool neural networks in PyTorch, TensorFlow, and JAX

https://foolbox.jonasrauber.de

MIT License

2.73k stars 425 forks source link

Are there any plans to support attacks on TFLite models? #693

Closed fabriceyhc closed 2 years ago

fabriceyhc commented 2 years ago

TFLite is one of the most popular formats for Android and it would be nice to support attacks on them. I'm pretty sure it's not possible to extract gradients from TFLite models, but black-box attacks like BoundaryAttack should still work.

A potential reference is art's BlackBoxClassifier.

zimmerrol commented 2 years ago

Hi, there are no plans to support TFLite directly. However, I believe the most common use case for TFLite is to start with a normal TF model, convert it to a TFLite model and then use it on a mobile device. Thus, in most cases, one in addition to the TFLite model also has access to the normal TF model and, hence, can attack this model with foolbox.