Foolbox: A Python toolbox to benchmark the robustness of machine learning models

TL;DR

Foolbox is a comprehensive Python toolkit that generates adversarial examples and benchmarks the robustness of machine learning models across various frameworks and attack methods.

Contribution

It introduces a unified platform with reference implementations of attack algorithms and hyperparameter tuning for robustness evaluation.

Findings

Provides a standardized way to measure minimal adversarial perturbations.

Supports multiple deep learning frameworks and attack criteria.

Enables comparison of model robustness against various adversarial attacks.

Abstract

Even todays most advanced machine learning models are easily fooled by almost imperceptible perturbations of their inputs. Foolbox is a new Python package to generate such adversarial perturbations and to quantify and compare the robustness of machine learning models. It is build around the idea that the most comparable robustness measure is the minimum perturbation needed to craft an adversarial example. To this end, Foolbox provides reference implementations of most published adversarial attack methods alongside some new ones, all of which perform internal hyperparameter tuning to find the minimum adversarial perturbation. Additionally, Foolbox interfaces with most popular deep learning frameworks such as PyTorch, Keras, TensorFlow, Theano and MXNet and allows different adversarial criteria such as targeted misclassification and top-k misclassification as well as different distance measures. The code is licensed under the MIT license and is openly available at https://github.com/bethgelab/foolbox . The most up-to-date documentation can be found at http://foolbox.readthedocs.io .