Cleverhans

Cleverhans is an adversarial machine learning library and toolkit designed to generate adversarial examples, incorporate them into training loops, and benchmark the resilience of machine learning models. It provides a gradient-based attack framework for constructing both white-box and black-box attacks to identify model misclassifications.

The project includes capabilities for model robustness benchmarking, allowing users to evaluate and verify how models resist evasion attacks and malicious input perturbations. It also facilitates adversarial training to increase a model's resistance to perturbations by integrating malicious examples directly into the training process.

The library covers a broad surface of security and testing functions, including gradient-based perturbation, loss-function optimization, and black-box strategies such as substitute-model imitation. These tools are supported by a framework-agnostic backend and command line utilities for applying adversarial functionality to saved models.

Features

Adversarial Robustness Libraries - Provides a comprehensive library for generating adversarial examples and hardening ML models across multiple frameworks.

Substitute Model Imitations - Estimates gradients for black-box targets by training a local substitute model to mimic the target's behavior.

Gradient-Based Attack Frameworks - Implements a framework for constructing white-box and black-box attacks using gradients to identify misclassifications.

Gradient-Based Perturbations - Generates adversarial inputs by calculating loss function gradients with respect to input data to find vulnerabilities.

Adversarial Example Generations - Creates malicious inputs using gradient-based techniques to test the robustness of machine learning models.

Adversarial Robustness Testing - Provides tools to measure and verify the resilience of machine learning models against adversarial attacks across multiple frameworks.

Adversarial Robustness Training - Incorporates adversarial examples into the training process to improve a model's resistance to malicious perturbations.

Adversarial Attacks - Implements black-box adversarial attacks by using substitute imitators to identify model misclassifications.

Black-Box Attack Executions - Implements black-box attack strategies using substitute imitators to identify model misclassifications without internal access.

Adversarial Loss Optimizations - Implements loss-function optimization to identify adversarial examples by maximizing model prediction errors.

Backend-Agnostic Deep Learning - Provides a framework-agnostic backend to standardize attack and defense implementations across different machine learning libraries.

Model Benchmarking Frameworks - Evaluates how machine learning models resist evasion attacks and malicious input perturbations through benchmarking.

Perturbation Constraint Mappings - Constrains the magnitude of adversarial perturbations using L-infinity and L2 norms to maintain input plausibility.

Defense Benchmarking Pipelines - Uses standardized scripts to reproduce and compare the effectiveness of various defensive techniques across different backends.

Defensive Technique Benchmarking - Benchmarks model robustness by using standardized scripts to reproduce defensive techniques across different backends.

AI Security - Library for crafting adversarial examples against image models.

cleverhans-labcleverhans

Features

Star history