## Adversarial Robustness Toolbox

ART supports all popular machine learning frameworks (TensorFlow, Keras, PyTorch, MXNet, scikit-learn, XGBoost, LightGBM, CatBoost, GPy, etc.), all data types (images, tables, audio, video, etc.) and machine learning tasks (classification, object detection, generation, certification, etc.). TThe next shows the workflow of ART for red and blue teams, the only thing to add is metrics as group of certification and verification.

![title](https://github.com/Trusted-AI/adversarial-robustness-toolbox/blob/main/docs/images/white_hat_blue_red.png?raw=true)

As steps of the framework we can cite the next ones:
1. Evaluate the scenario where you are: black box or white box.
2. Think the type of attack you are going to implement.
3. Load the model using the wrap of ART, for example PyTorchClassifier, KerasClassifier.
~~~python
from art.estimators.classification import KerasClassifier
model = ...  # Load your trained model
classifier = KerasClassifier(model=model)
~~~
3. Choose an Attack Type, this is based on a previous study of the state of the art and the things that the red ai team wanted to do, there are some attacks that works well but generates some noise.
+ Evasion Attacks (Modify inputs to fool the model)
+ Poisoning Attacks (compromise training data)
+ Inference Attacks (steal or extract model information)


| **Goal**                           | **Suggested Attack** |
|--------------------------------|-----------------|
| Quick robustness test          | FGSM            |
| Stronger, iterative attack     | PGD             |
| High-confidence misclassification | C&W         |
| Minimum perturbation           | DeepFool        |

If you are dealing with black-box scenarios, look into **ZOO**, **HopSkipJump**, or **Boundary Attack**.


## Foolbox

Founded at https://foolbox.jonasrauber.de/

Foolbox: Fast adversarial attacks to benchmark the robustness of machine learning models in PyTorch, TensorFlow, and JAX
+ State-of-the-art attacks: Foolbox provides a large collection of state-of-the-art gradient-based and decision-based adversarial attacks.
+ 
It is based on -> EagerPy: Writing Code That Works Natively with PyTorch, TensorFlow, JAX, and NumPy

In [2]:
#!pip install foolbox

In [3]:
import foolbox as fb

In [5]:
help(fb.attacks)

Help on package foolbox.attacks in foolbox:

NAME
    foolbox.attacks

PACKAGE CONTENTS
    additive_noise
    base
    basic_iterative_method
    binarization
    blended_noise
    blur
    boundary_attack
    brendel_bethge
    carlini_wagner
    contrast
    contrast_min
    dataset_attack
    ddn
    deepfool
    ead
    fast_gradient_method
    fast_minimum_norm
    gen_attack
    gen_attack_utils
    gradient_descent_base
    hop_skip_jump
    inversion
    mi_fgsm
    newtonfool
    pointwise
    projected_gradient_descent
    saltandpepper
    sparse_l1_descent_attack
    spatial_attack
    spatial_attack_transformations
    virtual_adversarial_attack

FILE
    c:\users\usuario\anaconda3\envs\redai\lib\site-packages\foolbox\attacks\__init__.py




As we can see ART as a framework has a diverse of tools than Foolbox, nevertheless there are some utilities that we can use in a project.