Foolbox Native: Fast adversarial attacks to benchmark the robustness of machine learning models in PyTorch, TensorFlow, and JAX

Published in Journal of Open Source Software, 2020

Jonas, R. Zimmermann, R. S., Bethge, M. and Brendel, W., Foolbox Native: Fast adversarial attacks to benchmark the robustness of machine learning models in PyTorch, TensorFlow, and JAX.

Machine learning has made enormous progress in recent years and is now being used in many real-world applications. Nevertheless, even state-of-the-art machine learning models can be fooled by small, maliciously crafted perturbations of their input data. Foolbox is a popular Python library to benchmark the robustness of machine learning models against these adversarial perturbations. It comes with a huge collection of state-of-the-art adversarial attacks to find adversarial perturbations and thanks to its framework-agnostic design it is ideally suited for comparing the robustness of many different models implemented in different frameworks. Foolbox 3 aka Foolbox Native has been rewritten from scratch to achieve native performance on models developed in PyTorch (Paszke et al., 2019), TensorFlow (Abadi et al., 2016), and JAX (Bradbury et al., 2018), all with one codebase without code duplication.

Source code    Full paper

@article{rauber2020foolbox,
 title={Foolbox native: Fast adversarial attacks
  to benchmark the robustness of machine learning
  models in pytorch, tensorflow, and jax},
 author={
  Rauber, Jonas and
  Zimmermann, Roland and
  Bethge, Matthias and
  Brendel, Wieland
 },
 journal={Journal of Open Source Software},
 volume={5},
 number={53},
 pages={2607},
 year={2020}
}