FGSM (White-Box Attack)
This page documents the Fast Gradient Sign Method (FGSM), a White-box Adversarial Attack that requires access to model gradients.
FGSM Implementation
AdversarialAttacks.FGSM — Type
FGSM(; epsilon=0.1)Subtype of WhiteBoxAttack. A struct that can be used to create a White-box Adversarial Attack using the Fast Gradient Sign Method. Based on Goodfellow, I. J., Shlens, J., & Szegedy, C. (2014). Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572.
Arguments
epsilon: Step size used to scale the sign of the gradient. Defaults to0.1.
AdversarialAttacks.attack — Method
attack(atk::FGSM, model, sample; loss, detailed_result)Perform a Fast Gradient Sign Method (FGSM) White-box Adversarial Attack on the given model using the provided sample.
Arguments
atk::FGSM: An instance of theFGSM.model::FluxModel: The machine learning (deep learning) model to be attacked.sample: Input sample as a named tuple withdataandlabel.loss: Loss function with signatureloss(model, x, y). Defaults todefault_loss, i.e. cross-entropy.detailed_result::Bool=false: Return format control.false(default): Returns adversarial example only (Array).true: Returns NamedTuple with metrics (xadv, success, queriesused, final_label).
Returns
- If
detailed_result=false:- Adversarial example (same type and shape as
sample.data).
- Adversarial example (same type and shape as
- If
detailed_result=true:- NamedTuple with fields:
x_adv: Adversarial example.queries_used::Int: Number of gradient evaluations (for FGSM == 1).
- NamedTuple with fields:
Quick Example
using AdversarialAttacks
atk = FGSM(epsilon = 0.01f0)
println("Attack: ", name(atk))
println("Type check: ", atk isa WhiteBoxAttack)
println("Epsilon: ", atk.epsilon)Attack: FGSM{Float32}
Type check: true
Epsilon: 0.01