# robustness.attack_steps module¶

For most use cases, this can just be considered an internal class and ignored.

This module contains the abstract class AttackerStep as well as a few subclasses.

AttackerStep is a generic way to implement optimizers specifically for use with robustness.attacker.AttackerModel. In general, except for when you want to create a custom optimization method, you probably do not need to import or edit this module and can just think of it as internal.

class robustness.attack_steps.AttackerStep(orig_input, eps, step_size, use_grad=True)

Bases: object

Generic class for attacker steps, under perturbation constraints specified by an “origin input” and a perturbation magnitude. Must implement project, step, and random_perturb

Initialize the attacker step with a given perturbation magnitude.

Parameters: eps (float) – the perturbation magnitude orig_input (ch.tensor) – the original input
project(x)

Given an input x, project it back into the feasible set

Parameters: x (ch.tensor) – the input to project back into the feasible set. A ch.tensor that is the input projected back into the feasible set, that is,
$\min_{x' \in S} \|x' - x\|_2$
step(x, g)

Given a gradient, make the appropriate step according to the perturbation constraint (e.g. dual norm maximization for $$\ell_p$$ norms).

Parameters: g (ch.tensor) – the raw gradient The new input, a ch.tensor for the next step.
random_perturb(x)

Given a starting input, take a random step within the feasible set

to_image(x)

Given an input (which may be in an alternative parameterization), convert it to a valid image (this is implemented as the identity function by default as most of the time we use the pixel parameterization, but for alternative parameterizations this functino must be overriden).

class robustness.attack_steps.LinfStep(orig_input, eps, step_size, use_grad=True)

Attack step for $$\ell_\infty$$ threat model. Given $$x_0$$ and $$\epsilon$$, the constraint set is given by:

$S = \{x | \|x - x_0\|_\infty \leq \epsilon\}$

Initialize the attacker step with a given perturbation magnitude.

Parameters: eps (float) – the perturbation magnitude orig_input (ch.tensor) – the original input
project(x)
step(x, g)
random_perturb(x)
class robustness.attack_steps.L2Step(orig_input, eps, step_size, use_grad=True)

Attack step for $$\ell_\infty$$ threat model. Given $$x_0$$ and $$\epsilon$$, the constraint set is given by:

$S = \{x | \|x - x_0\|_2 \leq \epsilon\}$

Initialize the attacker step with a given perturbation magnitude.

Parameters: eps (float) – the perturbation magnitude orig_input (ch.tensor) – the original input
project(x)
step(x, g)
random_perturb(x)
class robustness.attack_steps.UnconstrainedStep(orig_input, eps, step_size, use_grad=True)

Unconstrained threat model, $$S = [0, 1]^n$$.

Initialize the attacker step with a given perturbation magnitude.

Parameters: eps (float) – the perturbation magnitude orig_input (ch.tensor) – the original input
project(x)
step(x, g)
random_perturb(x)
class robustness.attack_steps.FourierStep(orig_input, eps, step_size, use_grad=True)

Step under the Fourier (decorrelated) parameterization of an image.

Initialize the attacker step with a given perturbation magnitude.

Parameters: eps (float) – the perturbation magnitude orig_input (ch.tensor) – the original input
project(x)
step(x, g)
random_perturb(x)
to_image(x)
class robustness.attack_steps.RandomStep(*args, **kwargs)

Step for Randomized Smoothing.

project(x)
step(x, g)
random_perturb(x)