An open-source Python library for adversarial attacks and defenses in deep learning models, enhancing the security and robustness of AI systems.
DeepDefend has not yet been fully tested. Please report any issues you may encounter when using DeepDefend.
You can install DeepDefend using pip:
pip install deepdefendDeepDefend supports the following Python versions:
- Python 3.6
- Python 3.7
- Python 3.8
- Python 3.9
- Python 3.10
- Python 3.11
Please ensure that you have one of these Python versions installed before using DeepDefend. DeepDefend may not work as expected on lower versions of Python than the supported.
- Adversarial Attacks: Generate adversarial examples to evaluate model vulnerabilities.
- Adversarial Defenses: Employ various methods to protect models against adversarial attacks.
import tensorflow as tf
from deepdefend.attacks import fgsm, pgd, bim
# Load a pre-trained TensorFlow model
model = ...
# Load example input and label data (replace this with your own data loading code)
x_example = ... # example input data
y_example = ... # true label
# Perform FGSM attack on the example data
adversarial_example_fgsm = fgsm(model, x_example, y_example, epsilon=0.01)
# Perform PGD attack on the example data
adversarial_example_pgd = pgd(model, x_example, y_example, epsilon=0.01, alpha=0.01, num_steps=10)
# Perfrom BIM attack on the example data
adversarial_example_bim = bim(model, x_example, y_example, epsilon=0.01, alpha=0.01, num_steps=10)import tensorflow as tf
from deepdefend.defenses import adversarial_training, feature_squeezing
# Load a pre-trained TensorFlow model
model = ...
# Load training data
x_train, y_train = ... # training data and labels
# Adversarial training to defend against attacks
defended_model = adversarial_training(model, x_train, y_train, epsilon=0.01)
# Feature squeezing defense
defended_model_squeezed = feature_squeezing(model, bit_depth=4)Contributions are welcome! If you encounter any issues, have suggestions, or want to contribute to DeepDefend, please open an issue or submit a pull request on GitHub.
DeepDefend is released under the terms of the MIT License (Modified). Please see the LICENSE file for the full text.
Modified License Clause
The modified license clause grants users the permission to make derivative works based on the DeepDefend software. However, it requires any substantial changes to the software to be clearly distinguished from the original work and distributed under a different name.
By enforcing this distinction, it aims to prevent direct publishing of the source code without changes while allowing users to create derivative works that incorporate the code but are not exactly the same.
Please read the full license terms in the LICENSE file for complete details.