Comments (14)
I started working on a classifier for sklearn.svm.SVC
. This is a short list of items that I'm implementing:
- gradients for linear kernel
- gradients for polynomial kernel
- gradients for radial basis function kernel
- gradients for sigmoid kernel
- account for
sklearn.svm.LinearSVC
- account for probability option
from adversarial-robustness-toolbox.
I can help with this one.
from adversarial-robustness-toolbox.
I'm interested to help
from adversarial-robustness-toolbox.
@beat-buesser @imolloy I think this is quite a big task, so I suggest you share responsibilities. One of you could perform the analysis discussed above. Based on that, you can split the implementation between you. Let me know what you think.
from adversarial-robustness-toolbox.
@ririnicolae Completely agree. We should start with a list of the models we're interested in, e.g., classifiers, regression, etc. Next, there's a question about whether or not the existing sklearn interfaces are going to be sufficient, or if we need to be model-specific. For example, using the fit
, predict
, predict_proba
, transform
, fit_transform
will be sufficient (implies blackbox attacks) or if we need to dig into any of the models themselves, e.g.,.coef_
and intercept_
for LinearRegression
and SVC
(along with dual_coef_
), and so on.
My initial target would be SVC and LogisticRegression.
from adversarial-robustness-toolbox.
@imolloy I think classification is a good place to start, and we should at least be able to cover SVC & LogisticRegression, as you suggested. One of the questions at this point is: will we be able to extract gradients from scikit-learn? These would be vital for white-box attacks (class_gradient
and loss_gradient
in the Classifier
API). But you're right, we can always limit the support to black-box attacks if we can't get gradients.
from adversarial-robustness-toolbox.
Looking at the main modules and classes, this list might get us started. I don't think we'll be able to write a generic gradient function in a whitebox setting, but we can default to a blackbox approximation using something similar to ZOO or NES. We can try to computing gradients for some of the simpler classes and see how it goes.
- sklearn.linear_model.{LinearRegression, LogisticRegression}
- sklearn.tree.{DecisionTreeClassifier}
- sklearn.svm.{SVC}
- sklearn.naive_bayes.{}
- sklearn.preprocessing.{}
- sklearn.ensemble.{RandomForestClassifier, AdaBoostClassifier, GradientBoostingClassifier}
- sklearn.discriminant_analysis.{LinearDiscriminantAnalysis, QuadraticDiscriminantAnalysis}
- sklearn.decomposition.{NMF, PCA}
- sklearn.neighbors .{}
from adversarial-robustness-toolbox.
Sounds good to me. I have created a new development branch development_sklearn
and will start to build there prototypes for sklearn.linear_model.LogisticRegression
to explore some of the challenges ahead.
from adversarial-robustness-toolbox.
I have pushed a prototype of a classifier for sklearn.linear_model.LogisticRegression
to branch development_sklearn
in 49a9429.
The new notebook sklearn_logistic_regression.ipynb
includes examples using the MNIST dataset and art.attacks.projected_gradient_descent.ProjectedGradientDescent
.
So far I can see a few TODOs remaining and I'll continue working on them:
- account for class_weights: implemented in bdc1b26
- vectorisation: implemented in 82b4bcb
- implement remaining art.classifier functions: implemented in 6ac03e0, e7e2245
- targeted attacks: implemented in 26f56b8
- add unit tests: implemented in 63c659b
Please let me know what you think.
from adversarial-robustness-toolbox.
I have created a new development branch development_sklearn_SVM
and started to implement support for Support Vector Machines.
from adversarial-robustness-toolbox.
The ART classifier for sklearn.svm.SVC
has now loss_gradients for linear
and rbf
kernels. Check out the PGD attack examples on Iris and MNIST datasets in sklearn_svm_svc.ipynb
from adversarial-robustness-toolbox.
I have created a new development branch development_decision_trees
for the exploration and development on decision tree classifiers from sklearn.tree.DecisionTreeClassifier
, sklearn.ensemble.{RandomForestClassifier, AdaBoostClassifier, GradientBoostingClassifier}
, XGBoost
, LightGBM
and CatBoost
and related attacks
and defenses
.
This is an interesting, very recent article on adversarial examples and robustness for decision trees: https://arxiv.org/abs/1902.10660
from adversarial-robustness-toolbox.
Progress with tree-based classifiers:
- sklearn.ensemble.AdaBoostClassifier
- sklearn.ensemble.BaggingClassifier
- sklearn.tree.DecisionTreeClassifier
- sklearn.tree.ExtraTreeClassifier
- sklearn.ensemble.ExtraTreesClassifier
- sklearn.ensemble.GradientBoostingClassifier
- sklearn.ensemble.RandomForestClassifier
- XGBoost
- LightGBM
- CatBoost
from adversarial-robustness-toolbox.
All new classifiers and example notebooks have been merged to branch development_sklearn
. There development will continue to implement unit tests and improve notebooks.
from adversarial-robustness-toolbox.
Related Issues (20)
- BUG web ART HOT 1
- [Citation] v1.0.0 or v1.2.0? HOT 1
- Using Pre Processors in Prediction (ART classifier) HOT 2
- Implement HuggingFace Language Modeling Estimators HOT 1
- Can't execute the generate function from AdversarialPatchPytorch HOT 1
- Apply existing patches without initialising attack object HOT 1
- Upgrade Pylint Version and Review Required Disable Statements
- Backdoor attack HuggingFace Model Automatic Speech Recognition via HuggingFaceClassifierPytorch ART HOT 5
- .
- Lยน `FGM` is wrong + extend to all p >= 1 HOT 5
- Implement HuggingFace Object Detection Estimators
- Not generating Adversarial examples HOT 1
- PyTorch classes that check torch.optim.lr_scheduler._LRScheduler HOT 1
- AdversarialTrainer parameter name missmatch HOT 2
- Incorrect Documentation regarding attacks.poisoning HOT 1
- Auto PGD not working with DLR loss for binary classification HOT 1
- ERROR collecting tests/attacks/evasion/test_brendel_and_bethge.py
- Measured Linf norm exceeds epsilon for ACG HOT 1
- Risky values in tests
- Gradient Explosion
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from adversarial-robustness-toolbox.