Catalogue of Tools & Metrics for Trustworthy AI

These tools and metrics are designed to help AI actors develop and use trustworthy AI systems and applications that respect human rights and are fair, transparent, explainable, robust, secure and safe.

Overview Tools Metrics About the catalogue

Adversarial Library

Github

This library contains various resources related to adversarial attacks implemented in PyTorch. It is aimed at researchers looking for implementations of state-of-the-art attacks.

The code was written to maximize efficiency (e.g. by preferring low-level functions from PyTorch) while retaining simplicity (e.g. by avoiding abstractions). As a consequence, most of the library, and especially the attacks, is implemented using pure functions (whenever possible).

While focused on attacks, this library also provides several utilities related to adversarial attacks: distances (SSIM, CIEDE2000, LPIPS), visdom callback, projections, losses, and helper functions. Most notably the function run_attack from utils/attack_utils.py performs an attack on a model given the inputs and labels, with fixed batch size, and reports complexity-related metrics (run-time and forward/backward propagations).

Dependencies

The goal of this library is to be up-to-date with newer versions of PyTorch so the dependencies are expected to be updated regularly (possibly resulting in breaking changes).

pytorch>=1.8.0
torchvision>=0.9.0
tqdm>=4.48.0
visdom>=0.1.8

Installation

You can either install using:

pip install git+https://github.com/jeromerony/adversarial-library

Or you can clone the repo and run:

python setup.py install

Alternatively, you can install (after cloning) the library in editable mode:

pip install -e .

Example

For an example on how to use this library, you can look at this repo: https://github.com/jeromerony/augmented_lagrangian_adversarial_attacks

Attacks

Currently the following attacks are implemented in the adv_lib.attacks module:

Name	Knowledge	Type	Distance(s)	ArXiv Link
Carlini and Wagner (C&W)	White-box	Minimal	L₂, L_â��	1608.04644
Projected Gradient Descent (PGD)	White-box	Budget	L_â��	1706.06083
Structured Adversarial Attack (StrAttack)	White-box	Minimal	L₂ + group-sparsity	1808.01664
Decoupled Direction and Norm (DDN)	White-box	Minimal	L₂	1811.09600
Trust Region (TR)	White-box	Minimal	L₂, L_â��	1812.06371
Fast Adaptive Boundary (FAB)	White-box	Minimal	L₁, L₂, L_â��	1907.02044
Perceptual Color distance Alternating Loss (PerC-AL)	White-box	Minimal	CIEDE2000	1911.02466
Auto-PGD (APGD)	White-box	Budget	L₁, L₂, L_â��	2003.01690 2103.01208
Augmented Lagrangian Method for Adversarial (ALMA)	White-box	Minimal	L₁, L₂, SSIM, CIEDE2000, LPIPS, …	2011.11857
Voting Folded Gaussian Attack (VFGA)	White-box	Minimal	L₀	2011.12423
Fast Minimum-Norm (FMN)	White-box	Minimal	L₀, L₁, L₂, L_â��	2102.12827
Primal-Dual Gradient Descent (PDGD) Primal-Dual Proximal Gradient Descent (PDPGD)	White-box	Minimal	L₂ L₀, L₁, L₂, L_â��	2106.01538

Bold means that this repository contains the official implementation.

Type refers to the goal of the attack:

Minimal attacks aim to find the smallest adversarial perturbation w.r.t. a given distance;
Budget attacks aim to find an adversarial perturbation within a distance budget (and often to maximize a loss as well).

Distances

The following distances are available in the utils adv_lib.distances module:

Lp-norms
SSIM https://ece.uwaterloo.ca/~z70wang/research/ssim/
MS-SSIM https://ece.uwaterloo.ca/~z70wang/publications/msssim.html
CIEDE2000 color difference http://www2.ece.rochester.edu/~gsharma/ciede2000/ciede2000noteCRNA.pdf
LPIPS https://arxiv.org/abs/1801.03924

Contributions

Suggestions and contributions are welcome 🙂

Citation

If this library has been useful for your research, you can cite it using the ‘Cite this repository’ button in the ‘About’ section.

About the tool

You can click on the links to see the associated tools

Tool type(s):

Toolkit/software

Objective(s):

Robustness
Digital Security

Purpose(s):

Event/anomaly detection
Goal-driven optimisation

Country/Territory of origin:

Canada

Type of approach:

Technical

Maturity:

Implemented in multiple projects
In development

Usage rights:

Open source/Permissive

License:

BSD 3-Clause 'New' or 'Revised' License

Programming languages:

Python

Github stars:

Github forks:

Modify this tool

Use Cases

There is no use cases for this tool yet.

Would you like to submit a use case for this tool?

If you have used this tool, we would love to know more about your experience.

Add use case

Partnership on AI

Disclaimer: The tools and metrics featured herein are solely those of the originating authors and are not vetted or endorsed by the OECD or its member countries. The Organisation cannot be held responsible for possible issues resulting from the posting of links to third parties' tools and metrics on this catalogue. More on the methodology can be found at https://oecd.ai/catalogue/faq.