## Load Data

In [1]:
from sklearn.datasets import load_iris, load_breast_cancer
from sklearn.model_selection import train_test_split

X, y = load_breast_cancer(return_X_y=True)
X_train, X_test, y_train, y_test = train_test_split(
    X,
    y,
    test_size=0.20,
    shuffle=True,
    random_state=42
    )

## Create a Model

In [2]:
from sklearn.linear_model import LogisticRegression
from sklearn.ensemble import RandomForestClassifier
from sklearn.metrics import accuracy_score

model = LogisticRegression(random_state = 42)
model.fit(X_train, y_train)

# Accuracy
y_pred = model.predict(X_test)
print(f"Acc: {accuracy_score(y_test, y_pred)}")

Acc: 0.9649122807017544


STOP: TOTAL NO. of ITERATIONS REACHED LIMIT.

Increase the number of iterations (max_iter) or scale the data as shown in:
    https://scikit-learn.org/stable/modules/preprocessing.html
Please also refer to the documentation for alternative solver options:
    https://scikit-learn.org/stable/modules/linear_model.html#logistic-regression
  n_iter_i = _check_optimize_result(


In [3]:
from utils.AdversarialAttacks import ZooAttackEvaluation

# Robust Accuracy
r_acc, X_adv = ZooAttackEvaluation(model, X_test, y_test)

print(f"Robust Acc: {r_acc}")


ZOO:   0%|          | 0/114 [00:00<?, ?it/s]

Robust Acc: 0.9649122807017544


In [8]:
from utils.AdversarialAttacks import BoundaryAttackEvaluation

# Robust Accuracy
r_acc, X_adv_1 = BoundaryAttackEvaluation(model, X_test, y_test)

print(f"Robust Acc: {r_acc}")

Robust Acc: 0.03508771929824561


In [9]:
from utils.AdversarialAttacks import HopSkipJumpEvaluation

# Robust Accuracy
r_acc, X_adv_2 = HopSkipJumpEvaluation(model, X_test, y_test)

print(f"Robust Acc: {r_acc}")

Robust Acc: 0.03508771929824561


In [10]:
X_adv_1[0:10, 0:3]

array([[ 12.053918 ,  18.482227 ,  80.905556 ],
       [ 26.47474  ,  19.17492  , 126.11881  ],
       [ 16.870272 ,  20.686909 , 102.26484  ],
       [ 10.620154 ,  17.750679 ,  81.07679  ],
       [  9.4829645,  13.879585 ,  74.54754  ],
       [ 27.80104  ,  35.892876 , 143.65387  ],
       [ 27.25323  ,  26.835264 , 147.18356  ],
       [ 19.238655 ,  16.265625 , 115.88625  ],
       [ 12.001562 ,  14.436337 ,  85.9527   ],
       [ 12.544832 ,  16.951607 ,  89.210724 ]], dtype=float32)

In [11]:
X_adv_2[0:10, 0:3]

array([[ 11.939247,  18.413734,  81.00543 ],
       [ 26.805305,  24.084547, 125.09019 ],
       [ 17.389492,  20.31309 , 102.030396],
       [ 10.686453,  17.07129 ,  81.20926 ],
       [  9.639054,  13.738495,  74.300385],
       [ 28.990158,  32.164864, 141.42863 ],
       [ 32.757183,  26.595266, 149.0513  ],
       [ 19.600826,  15.789885, 115.29277 ],
       [ 11.743137,  15.210288,  86.132195],
       [ 12.659917,  16.220814,  88.71957 ]], dtype=float32)

## Generate black box HopSkipJump attack


In [7]:
import numpy as np
from art.attacks.evasion import HopSkipJump

# Generate HopSkipJump attack against black box classifier
attack = HopSkipJump(classifier=clf, verbose=False)
iter_step = 10
x_adv = None

for i in range(2):
    x_adv = attack.generate(x=X_test, x_adv_init=x_adv)
    attack.max_iter = iter_step
    print(f"Iter: {i}")

Iter: 0
Iter: 1


In [19]:

from sklearn.metrics import accuracy_score

y_pred = clf.predict(X_test)
y_pred_adv = clf.predict(x_adv)

y_pred = np.argmax(y_pred, axis = 1)
y_pred_adv = np.argmax(y_pred_adv, axis = 1)

print(f"Acc: {accuracy_score(y_test, y_pred)}")
print(f"Robust Acc: {accuracy_score(y_test, y_pred_adv)}")

Acc: 1.0
Robust Acc: 0.0


In [18]:
y_pred

array([[0.  , 1.  , 0.  ],
       [1.  , 0.  , 0.  ],
       [0.  , 0.  , 1.  ],
       [0.  , 1.  , 0.  ],
       [0.  , 0.96, 0.04],
       [1.  , 0.  , 0.  ],
       [0.  , 1.  , 0.  ],
       [0.  , 0.02, 0.98],
       [0.  , 1.  , 0.  ],
       [0.  , 1.  , 0.  ],
       [0.  , 0.  , 1.  ],
       [1.  , 0.  , 0.  ],
       [0.96, 0.04, 0.  ],
       [1.  , 0.  , 0.  ],
       [1.  , 0.  , 0.  ],
       [0.  , 1.  , 0.  ],
       [0.  , 0.  , 1.  ],
       [0.  , 1.  , 0.  ],
       [0.  , 0.99, 0.01],
       [0.  , 0.  , 1.  ],
       [1.  , 0.  , 0.  ],
       [0.  , 0.03, 0.97],
       [1.  , 0.  , 0.  ],
       [0.  , 0.  , 1.  ],
       [0.  , 0.  , 1.  ],
       [0.  , 0.01, 0.99],
       [0.  , 0.02, 0.98],
       [0.  , 0.  , 1.  ],
       [1.  , 0.  , 0.  ],
       [1.  , 0.  , 0.  ]])

In [38]:
print(x_adv[0])
print(np.argmax(clf.predict(x_adv)[0]))

[4.7751245 3.0149167 2.754017  1.138757 ]
1


In [39]:
x_adv = attack.generate(x=np.array([target_instance]), x_adv_init=x_adv)

In [40]:
print(target_instance)
print(np.argmax(clf.predict(target_instance.reshape(1, -1))))

[4.9 3.  1.4 0.2]
0


## Training scikit-learn RandomForestClassifier and attacking with ART Zeroth Order Optimization attack


### Random Forest

In [6]:
from sklearn.ensemble import RandomForestClassifier
from art.attacks.evasion import ZooAttack
from art.estimators.classification import SklearnClassifier

# Create and fit RandomForestClassifier
model = RandomForestClassifier()
model.fit(X_train, y_train)

# Create ART classifier for scikit-learn RandomForestClassifier
model = SklearnClassifier(model=model)

# Create ART Zeroth Order Optimization attack
zoo = ZooAttack(classifier=model, binary_search_steps=10, nb_parallel=1)

# Generate adversarial samples with ART Zeroth Order Optimization attack
x_train_adv = zoo.generate(X_test)



ZOO:   0%|          | 0/30 [00:00<?, ?it/s]

In [6]:
from sklearn.metrics import accuracy_score

y_pred = model.predict(X_test)
y_pred_adv = model.predict(x_train_adv)

print(f"Acc: {accuracy_score(y_test, y_pred)}, Robust Acc: {accuracy_score(y_test, y_pred_adv)}")

Acc: 1.0, Robust Acc: 1.0


### Logistic Regression

In [43]:
# Create and fit RandomForestClassifier
model = LogisticRegression(random_state = 0)
model.fit(X_train, y_train)

# Create ART classifier for scikit-learn RandomForestClassifier
art_classifier = SklearnClassifier(model=model)

# Create ART Zeroth Order Optimization attack
zoo = ZooAttack(classifier=art_classifier, binary_search_steps=10, nb_parallel=1)

# Generate adversarial samples with ART Zeroth Order Optimization attack
x_train_adv = zoo.generate(X_test)

STOP: TOTAL NO. of ITERATIONS REACHED LIMIT.

Increase the number of iterations (max_iter) or scale the data as shown in:
    https://scikit-learn.org/stable/modules/preprocessing.html
Please also refer to the documentation for alternative solver options:
    https://scikit-learn.org/stable/modules/linear_model.html#logistic-regression
  n_iter_i = _check_optimize_result(


ZOO:   0%|          | 0/30 [00:00<?, ?it/s]

In [44]:
y_pred = model.predict(X_test)
y_pred_adv = model.predict(x_train_adv)

print(f"Acc: {accuracy_score(y_test, y_pred)}, Robust Acc: {accuracy_score(y_test, y_pred_adv)}")

Acc: 1.0, Robust Acc: 0.9


### KNN

In [50]:
from sklearn.neighbors import KNeighborsClassifier

# Create and fit RandomForestClassifier
model = KNeighborsClassifier()
model.fit(X_train, y_train)

# Create ART classifier for scikit-learn RandomForestClassifier
art_classifier = SklearnClassifier(model=model)

# Create ART Zeroth Order Optimization attack
zoo = ZooAttack(classifier=art_classifier, binary_search_steps=20, nb_parallel=1)

# zoo = ZooAttack(classifier=art_classifier, confidence=0.0, targeted=False, learning_rate=1e-1, max_iter=100,
#                 binary_search_steps=20, initial_const=1e-3, abort_early=True, use_resize=False, 
#                 use_importance=False, nb_parallel=1, batch_size=1, variable_h=0.25)

# Generate adversarial samples with ART Zeroth Order Optimization attack
x_train_adv = zoo.generate(X_test)

ZOO:   0%|          | 0/30 [00:00<?, ?it/s]

In [51]:
y_pred = model.predict(X_test)
y_pred_adv = model.predict(x_train_adv)

print(f"Acc: {accuracy_score(y_test, y_pred)}, Robust Acc: {accuracy_score(y_test, y_pred_adv)}")

Acc: 1.0, Robust Acc: 1.0


In [53]:
model.score(X_test, y_test), model.score(x_train_adv, y_test)

(1.0, 1.0)

In [None]:
x_train_adv

In [None]:
X_test