Foolbox: A Python toolbox to benchmark the robustness of machine learning models
This work addresses the need for standardized benchmarking of model robustness in the machine learning community, though it is incremental as it consolidates existing methods into a unified toolbox.
The authors tackled the problem of machine learning models being vulnerable to adversarial perturbations by introducing Foolbox, a Python toolbox that provides reference implementations of attack methods and quantifies robustness through minimum perturbation metrics, resulting in an open-source package compatible with major deep learning frameworks.
Even todays most advanced machine learning models are easily fooled by almost imperceptible perturbations of their inputs. Foolbox is a new Python package to generate such adversarial perturbations and to quantify and compare the robustness of machine learning models. It is build around the idea that the most comparable robustness measure is the minimum perturbation needed to craft an adversarial example. To this end, Foolbox provides reference implementations of most published adversarial attack methods alongside some new ones, all of which perform internal hyperparameter tuning to find the minimum adversarial perturbation. Additionally, Foolbox interfaces with most popular deep learning frameworks such as PyTorch, Keras, TensorFlow, Theano and MXNet and allows different adversarial criteria such as targeted misclassification and top-k misclassification as well as different distance measures. The code is licensed under the MIT license and is openly available at https://github.com/bethgelab/foolbox . The most up-to-date documentation can be found at http://foolbox.readthedocs.io .