## Adversarial Robustness Toolbox

ART supports all popular machine learning frameworks (TensorFlow, Keras, PyTorch, MXNet, scikit-learn, XGBoost, LightGBM, CatBoost, GPy, etc.), all data types (images, tables, audio, video, etc.) and machine learning tasks (classification, object detection, generation, certification, etc.). TThe next shows the workflow of ART for red and blue teams, the only thing to add is metrics as group of certification and verification.

https://github.com/Trusted-AI/adversarial-robustness-toolbox

![title](https://github.com/Trusted-AI/adversarial-robustness-toolbox/blob/main/docs/images/white_hat_blue_red.png?raw=true)

As steps of the framework we can cite the next ones:
1. Evaluate the scenario where you are: black box or white box.
2. Think the type of attack you are going to implement.
3. Load the model using the wrap of ART, for example PyTorchClassifier, KerasClassifier.
~~~python
from art.estimators.classification import KerasClassifier
model = ...  # Load your trained model
classifier = KerasClassifier(model=model)
~~~
3. Choose an Attack Type, this is based on a previous study of the state of the art and the things that the red ai team wanted to do, there are some attacks that works well but generates some noise.
+ Evasion Attacks (Modify inputs to fool the model)
+ Poisoning Attacks (compromise training data)
+ Inference Attacks (steal or extract model information)


| **Goal**                           | **Suggested Attack** |
|--------------------------------|-----------------|
| Quick robustness test          | FGSM            |
| Stronger, iterative attack     | PGD             |
| High-confidence misclassification | C&W         |
| Minimum perturbation           | DeepFool        |

If you are dealing with black-box scenarios, look into **ZOO**, **HopSkipJump**, or **Boundary Attack**.


## Foolbox

Founded at https://foolbox.jonasrauber.de/

Foolbox: Fast adversarial attacks to benchmark the robustness of machine learning models in PyTorch, TensorFlow, and JAX
+ State-of-the-art attacks: Foolbox provides a large collection of state-of-the-art gradient-based and decision-based adversarial attacks.
+ 
It is based on -> EagerPy: Writing Code That Works Natively with PyTorch, TensorFlow, JAX, and NumPy

In [2]:
#!pip install foolbox

In [3]:
import foolbox as fb

In [5]:
help(fb.attacks)

Help on package foolbox.attacks in foolbox:

NAME
    foolbox.attacks

PACKAGE CONTENTS
    additive_noise
    base
    basic_iterative_method
    binarization
    blended_noise
    blur
    boundary_attack
    brendel_bethge
    carlini_wagner
    contrast
    contrast_min
    dataset_attack
    ddn
    deepfool
    ead
    fast_gradient_method
    fast_minimum_norm
    gen_attack
    gen_attack_utils
    gradient_descent_base
    hop_skip_jump
    inversion
    mi_fgsm
    newtonfool
    pointwise
    projected_gradient_descent
    saltandpepper
    sparse_l1_descent_attack
    spatial_attack
    spatial_attack_transformations
    virtual_adversarial_attack

FILE
    c:\users\usuario\anaconda3\envs\redai\lib\site-packages\foolbox\attacks\__init__.py




As we can see ART as a framework has a diverse of tools than Foolbox, nevertheless there are some utilities that we can use in a project.

## SecML
Python library for the security evaluation of Machine Learning 

https://secml.readthedocs.io/en/stable/index.html

In [1]:
pip install secml

Collecting secml
  Downloading secml-0.13.post1-py2.py3-none-any.whl.metadata (12 kB)
Collecting matplotlib~=3.0.0 (from secml)
  Downloading matplotlib-3.0.3.tar.gz (36.6 MB)
     ---------------------------------------- 0.0/36.6 MB ? eta -:--:--
     --------------------------------------- 0.0/36.6 MB 640.0 kB/s eta 0:00:58
     ---------------------------------------- 0.1/36.6 MB 1.0 MB/s eta 0:00:36
     ---------------------------------------- 0.5/36.6 MB 3.5 MB/s eta 0:00:11
     - -------------------------------------- 1.0/36.6 MB 6.6 MB/s eta 0:00:06
     - -------------------------------------- 1.1/36.6 MB 4.9 MB/s eta 0:00:08
     -- ------------------------------------- 2.1/36.6 MB 8.3 MB/s eta 0:00:05
     --- ------------------------------------ 3.1/36.6 MB 10.0 MB/s eta 0:00:04
     --- ------------------------------------ 3.1/36.6 MB 10.0 MB/s eta 0:00:04
     --- ------------------------------------ 3.1/36.6 MB 10.0 MB/s eta 0:00:04
     --- ----------------------------

  error: subprocess-exited-with-error
  
  python setup.py egg_info did not run successfully.
  exit code: 1
  
  [59 lines of output]
  !!
  
          ********************************************************************************
          Please remove any references to `setuptools.command.test` in all supported versions of the affected package.
  
          This deprecation is overdue, please update your project and remove deprecated
          calls to avoid build errors in the future.
          ********************************************************************************
  
  !!
    from setuptools.command.test import test as TestCommand
  Edit setup.cfg to change the build options
  
  BUILDING MATPLOTLIB
              matplotlib: yes [3.0.3]
                  python: yes [3.11.9 | packaged by conda-forge | (main, Apr
                          19 2024, 18:27:10) [MSC v.1938 64 bit (AMD64)]]
                platform: yes [win32]
  
  REQUIRED DEPENDENCIES AND EXTENSIONS
     

## CleverHans 

A Python library to benchmark machine learning systems' vulnerability to adversarial examples. https://github.com/cleverhans-lab/cleverhans

+ The primary data class is the secml.array.CArray, multi-dimensional (currently limited to 2 dimensions) array structure which embeds both dense and sparse data accepting as input numpy.ndarray and scipy.sparse.csr_matrix (more sparse formats will be supported soon). This structure is the standard input and output of all other classes in the library.

## PyRIT

https://youtu.be/M_H8ulTMAe4

## Inspect AI

 A framework for large language model evaluations 
https://github.com/UKGovernmentBEIS/inspect_ai

## Other references

+ https://owaspai.org/docs/ai_security_references/

## Labs 

+ https://prompting.ai.immersivelabs.com/