• Stars
    star
    2,733
  • Rank 16,663 (Top 0.4 %)
  • Language
    Python
  • License
    MIT License
  • Created over 7 years ago
  • Updated 8 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A Python toolbox to create adversarial examples that fool neural networks in PyTorch, TensorFlow, and JAX
https://readthedocs.org/projects/foolbox/badge/?version=latest

Foolbox: Fast adversarial attacks to benchmark the robustness of machine learning models in PyTorch, TensorFlow, and JAX

Foolbox is a Python library that lets you easily run adversarial attacks against machine learning models like deep neural networks. It is built on top of EagerPy and works natively with models in PyTorch, TensorFlow, and JAX.

πŸ”₯ Design

Foolbox 3 has been rewritten from scratch using EagerPy instead of NumPy to achieve native performance on models developed in PyTorch, TensorFlow and JAX, all with one code base without code duplication.

  • Native Performance: Foolbox 3 is built on top of EagerPy and runs natively in PyTorch, TensorFlow, and JAX and comes with real batch support.
  • State-of-the-art attacks: Foolbox provides a large collection of state-of-the-art gradient-based and decision-based adversarial attacks.
  • Type Checking: Catch bugs before running your code thanks to extensive type annotations in Foolbox.

πŸ“– Documentation

  • Guide: The best place to get started with Foolbox is the official guide.
  • Tutorial: If you are looking for a tutorial, check out this Jupyter notebook colab .
  • Documentation: The API documentation can be found on ReadTheDocs.

πŸš€ Quickstart

pip install foolbox

Foolbox is tested with Python 3.8 and newer - however, it will most likely also work with version 3.6 - 3.8. To use it with PyTorch, TensorFlow, or JAX, the respective framework needs to be installed separately. These frameworks are not declared as dependencies because not everyone wants to use and thus install all of them and because some of these packages have different builds for different architectures and CUDA versions. Besides that, all essential dependencies are automatically installed.

You can see the versions we currently use for testing in the Compatibility section below, but newer versions are in general expected to work.

πŸŽ‰ Example

import foolbox as fb

model = ...
fmodel = fb.PyTorchModel(model, bounds=(0, 1))

attack = fb.attacks.LinfPGD()
epsilons = [0.0, 0.001, 0.01, 0.03, 0.1, 0.3, 0.5, 1.0]
_, advs, success = attack(fmodel, images, labels, epsilons=epsilons)

More examples can be found in the examples folder, e.g. a full ResNet-18 example.

πŸ“„ Citation

If you use Foolbox for your work, please cite our JOSS paper on Foolbox Native (i.e., Foolbox 3.0) and our ICML workshop paper on Foolbox using the following BibTeX entries:

@article{rauber2017foolboxnative,
  doi = {10.21105/joss.02607},
  url = {https://doi.org/10.21105/joss.02607},
  year = {2020},
  publisher = {The Open Journal},
  volume = {5},
  number = {53},
  pages = {2607},
  author = {Jonas Rauber and Roland Zimmermann and Matthias Bethge and Wieland Brendel},
  title = {Foolbox Native: Fast adversarial attacks to benchmark the robustness of machine learning models in PyTorch, TensorFlow, and JAX},
  journal = {Journal of Open Source Software}
}
@inproceedings{rauber2017foolbox,
  title={Foolbox: A Python toolbox to benchmark the robustness of machine learning models},
  author={Rauber, Jonas and Brendel, Wieland and Bethge, Matthias},
  booktitle={Reliable Machine Learning in the Wild Workshop, 34th International Conference on Machine Learning},
  year={2017},
  url={http://arxiv.org/abs/1707.04131},
}

πŸ‘ Contributions

We welcome contributions of all kind, please have a look at our development guidelines. In particular, you are invited to contribute new adversarial attacks. If you would like to help, you can also have a look at the issues that are marked with contributions welcome.

πŸ’‘ Questions?

If you have a question or need help, feel free to open an issue on GitHub. Once GitHub Discussions becomes publicly available, we will switch to that.

πŸ’¨ Performance

Foolbox 3.0 is much faster than Foolbox 1 and 2. A basic performance comparison can be found in the performance folder.

🐍 Compatibility

We currently test with the following versions:

  • PyTorch 1.10.1
  • TensorFlow 2.6.3
  • JAX 0.2.517
  • NumPy 1.18.1

More Repositories

1

imagecorruptions

Python package to corrupt arbitrary images.
Python
409
star
2

siamese-mask-rcnn

Siamese Mask R-CNN model for one-shot instance segmentation
Jupyter Notebook
346
star
3

model-vs-human

Benchmark your model on out-of-distribution datasets with carefully collected human comparison data (NeurIPS 2021 Oral)
Python
333
star
4

robust-detection-benchmark

Code, data and benchmark from the paper "Benchmarking Robustness in Object Detection: Autonomous Driving when Winter is Coming" (NeurIPS 2019 ML4AD)
Jupyter Notebook
182
star
5

stylize-datasets

A script that applies the AdaIN style transfer method to arbitrary datasets
Python
155
star
6

robustness

Robustness and adaptation of ImageNet scale models. Pre-Release, stay tuned for updates.
Python
128
star
7

openimages2coco

Convert Open Images annotations into MS Coco format to make it a drop in replacement
Jupyter Notebook
112
star
8

slow_disentanglement

Towards Nonlinear Disentanglement in Natural Data with Temporal Sparse Coding
Jupyter Notebook
72
star
9

frequency_determines_performance

Code for the paper: "No Zero-Shot Without Exponential Data: Pretraining Concept Frequency Determines Multimodal Model Performance" [NeurIPS'24]
Jupyter Notebook
71
star
10

AnalysisBySynthesis

Adversarially Robust Neural Network on MNIST.
Python
64
star
11

game-of-noise

Trained model weights, training and evaluation code from the paper "A simple way to make neural networks robust against diverse image corruptions"
Python
62
star
12

decompose

Blind source separation based on the probabilistic tensor factorisation framework
Python
43
star
13

adversarial-vision-challenge

NIPS Adversarial Vision Challenge
Python
41
star
14

CiteME

CiteME is a benchmark designed to test the abilities of language models in finding papers that are cited in scientific texts.
Python
35
star
15

InDomainGeneralizationBenchmark

Python
33
star
16

robust-vision-benchmark

Robust Vision Benchmark
Python
22
star
17

docker

Information and scripts to run and develop the Bethge Lab Docker containers
Makefile
20
star
18

slurm-monitoring-public

Monitor your high performance infrastructure configured over slurm using TIG stack
Python
19
star
19

google_scholar_crawler

Crawl Google scholar publications and authors
Python
12
star
20

DataTypeIdentification

Code for the ICLR'24 paper: "Visual Data-Type Understanding does not emerge from Scaling Vision-Language Models"
11
star
21

magapi-wrapper

Wrapper around Microsoft Academic Knowledge API to retrieve MAG data
Python
10
star
22

testing_visualizations

Code for the paper " Exemplary Natural Images Explain CNN Activations Better than Feature Visualizations"
Python
10
star
23

docker-deeplearning

Development of new unified docker container (WIP)
Python
9
star
24

sort-and-search

Code for the paper: "Efficient Lifelong Model Evaluation in an Era of Rapid Progress" [NeurIPS'24]
Python
9
star
25

notorious_difficulty_of_comparing_human_and_machine_perception

Code for the three case studies: Closed Contour Detection, Synthetic Visual Reasoning Test, Recognition Gap
Jupyter Notebook
8
star
26

lifelong-benchmarks

Benchmarks introduced in the paper: "Lifelong Benchmarks: Efficient Model Evaluation in an Era of Rapid Progress"
8
star
27

tools

Shell
6
star
28

docker-jupyter-deeplearning

Docker Image with Jupyter for Deep Learning (Caffe, Theano, Lasagne, Keras)
6
star
29

docker-xserver

Docker Image with Xserver, OpenBLAS and correct user settings
Shell
2
star
30

gym-Atari-SpaceInvaders-V0

Python
1
star
31

bwki-weekly-tasks

BWKI Task of the week
Jupyter Notebook
1
star