Foolbox

• Values: { security }
• Categories: { model-specific }
• Stage: { post-processing }
• Repository: https://github.com/bethgelab/foolbox
• Tasks: { classification }
• Input data: { image }
• Licence: MIT
• Languages: { Python }
• Frameworks: { PyTorch TensorFlow JAX numpy }

Foolbox is a comprehensive adversarial library for attacking machine learning models, with a focus on neural networks in computer vision. At the moment of writing FoolBox contains 41 gradient-based and decision-based adversarial attacks, making it the second biggest adversial library after ART . A notable difference with ART is that Foolbox only contains attacks, but no defenses and evaluation metrics.

The library is very user-friendly, with a clear API and documentation. Foolbox has dedicated classes to wrap around PyTorch, TensorFlow and JAX models, e.g. fb.PyTorchModel(model, bounds=bounds, preprocessing=preprocessing) where model is a PyTorch model. The FoolBox model can then be passed into an attack of choice. This clear API makes it possible to easily experiment with many adversarial attacks.

Have a look at the well-written guide. For practical examples, have a look at the tutorial notebook as well as the example scripts listed on Github.

Implementation-wise Foolbox is built on EagerPy which allows Python code to run natively in the supported frameworks, e.g. in PyTorch. I take this to mean that Foolbox will not support libraries unless they are supported by EagerPy as well. Foolbox also comes with extensive type annotations, i.e. the library is up to speed with the latest Python 3 conventions.