holisticai.robustness.attackers.HopSkipJump#
- class holisticai.robustness.attackers.HopSkipJump(name='HSJ', batch_size=64, targeted=False, norm=2, max_iter=50, max_eval=10000, init_eval=100, init_size=100, verbose=True, predictor=None, input_size=0, theta=0.0, curr_iter=0)[source]#
Implementation of the HopSkipJump attack from Jianbo et al. (2019). This is a powerful black-box attack that only requires final class prediction, and is an advanced version of the boundary attack.
Parameters
- namestr, optional
The name of the attack.
- batch_sizeint, optional
Batch size for the attack.
- targetedbool, optional
Indicates whether the attack is targeted or not. If True, the positive ground truth is used as the target.
- normint, float, str, optional
The norm of the attack. Possible values: “inf”, np.inf or 2.
- max_iterint, optional
The maximum number of iterations.
- max_evalint, optional
The maximum number of evaluations.
- init_evalint, optional
The number of initial evaluations.
- init_sizeint, optional
The number of initial samples.
- verbosebool, optional
Verbosity mode.
- predictorcallable, optional
The model’s prediction function. The default is None.
- input_sizeint, optional
The size of the input data.
- thetafloat, optional
The binary search threshold.
- curr_iterint, optional
The current iteration.
References
- generate(x_df: DataFrame, y: ndarray | None = None, mask: ndarray | None = None, x_adv_init=None) DataFrame[source]#
Generate adversarial samples and return them in an array.
Parameters
- x_dfpd.DataFrame
The input data.
- ynp.ndarray, optional
The target labels.
- masknp.ndarray, optional
The mask used to select the sensitive features.
- x_adv_initnp.ndarray, optional
Initial array to act as an initial adversarial example.
Returns
- pd.DataFrame
The adversarial examples.