deepdefend 0.1.0__tar.gz

deepdefend-0.1.0/LICENSE

@@ -0,0 +1,7 @@
+MIT License (Modified)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to make derivative works based on the Software, provided that any substantial changes to the Software are clearly distinguished from the original work and are distributed under a different name.
+
+The original copyright notice and disclaimer must be retained in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS," WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES, OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT, OR OTHERWISE, ARISING FROM, OUT OF, OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

deepdefend-0.1.0/PKG-INFO

@@ -0,0 +1,22 @@
+Metadata-Version: 2.1
+Name: deepdefend
+Version: 0.1.0
+Summary: An open-source Python library for adversarial attacks and defenses in deep learning models.
+Home-page: https://github.com/infinitode/deepdefend
+Author: Infinitode Pty Ltd
+Author-email: infinitode.ltd@gmail.com
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.6
+Classifier: Programming Language :: Python :: 3.7
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Requires-Python: >=3.6
+Description-Content-Type: text/markdown
+License-File: LICENSE
+
+An open-source Python library for adversarial attacks and defenses in deep learning models, enhancing the security and robustness of AI systems.

deepdefend-0.1.0/deepdefend/__init__.py

@@ -0,0 +1,3 @@
+import deepdefend
+from .attacks import fgsm, pgd, bim
+from .defenses import adversarial_training, feature_squeezing

deepdefend-0.1.0/deepdefend/attacks.py

@@ -0,0 +1,103 @@
+"""
+Functions to run adversarial attacks on deep learning models.
+
+Available functions:
+- `fgsm(model, x, y, epsilon=0.01)`: Fast Gradient Sign Method (FGSM) attack.
+- `pgd(model, x, y, epsilon=0.01, alpha=0.01, num_steps=10)`: Projected Gradient Descent (PGD) attack.
+- `bim(model, x, y, epsilon=0.01, alpha=0.01, num_steps=10)`: Basic Iterative Method (BIM) attack.
+
+"""
+
+import numpy as np
+import tensorflow as tf
+
+def fgsm(model, x, y, epsilon=0.01):
+    """
+    Fast Gradient Sign Method (FGSM) attack.
+    
+    Parameters:
+        model (tensorflow.keras.Model): The target model to attack.
+        x (numpy.ndarray): The input example to attack.
+        y (numpy.ndarray): The true labels of the input example.
+        epsilon (float): The magnitude of the perturbation (default: 0.01).
+
+    Returns:
+        adversarial_example (numpy.ndarray): The perturbed input example.
+    """
+    # Determine the loss function based on the number of classes
+    if y.shape[-1] == 1 or len(y.shape) == 1:
+        loss_object = tf.keras.losses.BinaryCrossentropy()
+    else:
+        loss_object = tf.keras.losses.CategoricalCrossentropy()
+
+    with tf.GradientTape() as tape:
+        tape.watch(x)
+        prediction = model(x)
+        loss = loss_object(y, prediction)
+        
+    gradient = tape.gradient(loss, x)
+
+    # Generate adversarial example
+    perturbation = epsilon * tf.sign(gradient)
+    adversarial_example = x + perturbation
+    return adversarial_example.numpy()
+
+def pgd(model, x, y, epsilon=0.01, alpha=0.01, num_steps=10):
+    """
+    Projected Gradient Descent (PGD) attack.
+    
+    Parameters:
+        model (tensorflow.keras.Model): The target model to attack.
+        x (numpy.ndarray): The input example to attack.
+        y (numpy.ndarray): The true labels of the input example.
+        epsilon (float): The maximum magnitude of the perturbation (default: 0.01).
+        alpha (float): The step size for each iteration (default: 0.01).
+        num_steps (int): The number of PGD iterations (default: 10).
+
+    Returns:
+        adversarial_example (numpy.ndarray): The perturbed input example.
+    """
+    adversarial_example = tf.identity(x)
+
+    for _ in range(num_steps):
+        with tf.GradientTape() as tape:
+            tape.watch(adversarial_example)
+            prediction = model(adversarial_example)
+            loss = tf.keras.losses.CategoricalCrossentropy()(y, prediction)
+
+        gradient = tape.gradient(loss, adversarial_example)
+        perturbation = alpha * tf.sign(gradient)
+        adversarial_example = tf.clip_by_value(adversarial_example + perturbation, 0, 1)
+        adversarial_example = tf.clip_by_value(adversarial_example, x - epsilon, x + epsilon)
+
+    return adversarial_example.numpy()
+
+def bim(model, x, y, epsilon=0.01, alpha=0.01, num_steps=10):
+    """
+    Basic Iterative Method (BIM) attack.
+    
+    Parameters:
+        model (tensorflow.keras.Model): The target model to attack.
+        x (numpy.ndarray): The input example to attack.
+        y (numpy.ndarray): The true labels of the input example.
+        epsilon (float): The maximum magnitude of the perturbation (default: 0.01).
+        alpha (float): The step size for each iteration (default: 0.01).
+        num_steps (int): The number of BIM iterations (default: 10).
+
+    Returns:
+        adversarial_example (numpy.ndarray): The perturbed input example.
+    """
+    adversarial_example = tf.identity(x)
+
+    for _ in range(num_steps):
+        with tf.GradientTape() as tape:
+            tape.watch(adversarial_example)
+            prediction = model(adversarial_example)
+            loss = tf.keras.losses.CategoricalCrossentropy()(y, prediction)
+
+        gradient = tape.gradient(loss, adversarial_example)
+        perturbation = alpha * tf.sign(gradient)
+        adversarial_example = tf.clip_by_value(adversarial_example + perturbation, 0, 1)
+        adversarial_example = tf.clip_by_value(adversarial_example, x - epsilon, x + epsilon)
+
+    return adversarial_example.numpy()

deepdefend-0.1.0/deepdefend/defenses.py

@@ -0,0 +1,71 @@
+"""
+Functions to apply adversarial defense mechanisms to deep learning models.
+
+Available functions:
+- `adversarial_training(model, x, y, epsilon=0.01)`: Adversarial Training defense.
+- `feature_squeezing(model, bit_depth=4)`: Feature Squeezing defense.
+
+"""
+
+import numpy as np
+import tensorflow as tf
+from deepdefend import attacks
+
+def adversarial_training(model, x, y, epsilon=0.01):
+    """
+    Adversarial Training defense.
+
+    Adversarial training is a method where the model is trained on both the original
+    and adversarial examples, aiming to make the model more robust to adversarial attacks.
+
+    Parameters:
+        model (tensorflow.keras.Model): The model to defend.
+        x (numpy.ndarray): The input training examples.
+        y (numpy.ndarray): The true labels of the training examples.
+        epsilon (float): The magnitude of the perturbation (default: 0.01).
+
+    Returns:
+        defended_model (tensorflow.keras.Model): The adversarially trained model.
+    """
+    defended_model = tf.keras.models.clone_model(model)
+    defended_model.set_weights(model.get_weights())
+
+    adversarial_examples = []
+    for i in range(len(x)):
+        adversarial_example = attacks.fgsm(model, x[i:i+1], y[i:i+1], epsilon)
+        adversarial_examples.append(adversarial_example)
+        
+    x_adversarial = np.concatenate(adversarial_examples, axis=0)
+    y_adversarial = np.copy(y)
+    x_train = np.concatenate([x, x_adversarial], axis=0)
+    y_train = np.concatenate([y, y_adversarial], axis=0)
+    
+    defended_model.compile(optimizer='adam', loss='categorical_crossentropy', metrics=['accuracy'])
+    defended_model.fit(x_train, y_train, epochs=10, batch_size=32)
+    
+    return defended_model
+
+def feature_squeezing(model, bit_depth=4):
+    """
+    Feature Squeezing defense.
+
+    Feature squeezing reduces the number of bits used to represent the input features,
+    which can remove certain adversarial perturbations.
+
+    Parameters:
+        model (tensorflow.keras.Model): The model to defend.
+        bit_depth (int): The number of bits per feature (default: 4).
+
+    Returns:
+        defended_model (tensorflow.keras.Model): The model with feature squeezing defense.
+    """
+    defended_model = tf.keras.models.clone_model(model)
+    defended_model.set_weights(model.get_weights())
+
+    for layer in defended_model.layers:
+        if isinstance(layer, tf.keras.layers.Conv2D) or isinstance(layer, tf.keras.layers.Dense):
+            layer_weights = layer.get_weights()
+            squeezed_weights = [np.clip(np.round(w * (2**bit_depth) / np.max(np.abs(w))), -2**(bit_depth - 1), 2**(bit_depth - 1) - 1) / (2**(bit_depth) / np.max(np.abs(w))) for w in layer_weights]
+            layer.set_weights(squeezed_weights)
+    
+    return defended_model

deepdefend-0.1.0/deepdefend.egg-info/PKG-INFO

@@ -0,0 +1,22 @@
+Metadata-Version: 2.1
+Name: deepdefend
+Version: 0.1.0
+Summary: An open-source Python library for adversarial attacks and defenses in deep learning models.
+Home-page: https://github.com/infinitode/deepdefend
+Author: Infinitode Pty Ltd
+Author-email: infinitode.ltd@gmail.com
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.6
+Classifier: Programming Language :: Python :: 3.7
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Requires-Python: >=3.6
+Description-Content-Type: text/markdown
+License-File: LICENSE
+
+An open-source Python library for adversarial attacks and defenses in deep learning models, enhancing the security and robustness of AI systems.

deepdefend-0.1.0/deepdefend.egg-info/SOURCES.txt

@@ -0,0 +1,10 @@
+LICENSE
+setup.py
+deepdefend/__init__.py
+deepdefend/attacks.py
+deepdefend/defenses.py
+deepdefend.egg-info/PKG-INFO
+deepdefend.egg-info/SOURCES.txt
+deepdefend.egg-info/dependency_links.txt
+deepdefend.egg-info/requires.txt
+deepdefend.egg-info/top_level.txt

deepdefend-0.1.0/deepdefend.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

deepdefend-0.1.0/deepdefend.egg-info/requires.txt

@@ -0,0 +1,2 @@
+numpy
+tensorflow

deepdefend-0.1.0/deepdefend.egg-info/top_level.txt

@@ -0,0 +1 @@
+deepdefend

deepdefend-0.1.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

deepdefend-0.1.0/setup.py

@@ -0,0 +1,30 @@
+from setuptools import setup, find_packages
+
+setup(
+    name='deepdefend',
+    version='0.1.0',
+    author='Infinitode Pty Ltd',
+    author_email='infinitode.ltd@gmail.com',
+    description='An open-source Python library for adversarial attacks and defenses in deep learning models.',
+    long_description='An open-source Python library for adversarial attacks and defenses in deep learning models, enhancing the security and robustness of AI systems.',
+    long_description_content_type='text/markdown',
+    url='https://github.com/infinitode/deepdefend',
+    packages=find_packages(),
+    install_requires=[
+        'numpy',
+        'tensorflow',
+    ],
+    classifiers=[
+        'Development Status :: 3 - Alpha',
+        'Intended Audience :: Developers',
+        'License :: OSI Approved :: MIT License',
+        'Programming Language :: Python :: 3',
+        'Programming Language :: Python :: 3.6',
+        'Programming Language :: Python :: 3.7',
+        'Programming Language :: Python :: 3.8',
+        'Programming Language :: Python :: 3.9',
+        'Programming Language :: Python :: 3.10',
+        'Programming Language :: Python :: 3.11',
+    ],
+    python_requires='>=3.6',
+)