niteshade.attack.RandomAttacker

class niteshade.attack.RandomAttacker(aggressiveness, one_hot=False)

Bases: niteshade.attack.ChangeLabelAttacker

Randomly change the labels of points.

Given an input batch of data and corresponding labels, use aggressiveness to caculate how many points in the batch to poison. Then, given the set of labels for the batch of data, obtain a new set of unique labels of the data. Then, for the number of points to poison, pick a datapoint and change its label to a random label in the unique set of labels.

This is a strategy that flips labels, and is inspired by ideas in the following paper: “On Defending Against Label Flipping Attacks on Malware Detection Systems”, https://arxiv.org/abs/1908.04473.

Parameters

  • aggressiveness (float) – decides how many points to perturb

  • one_hot (bool) – tells if labels are one_hot encoded or not

__init__(aggressiveness, one_hot=False)

Methods

__init__(aggressiveness[, one_hot])

attack(X, y)

Attack the input batch of data.

num_pts_to_change(x)

Calculate the number of points to change labels for.
attack(X, y)

Attack the input batch of data.

Parameters

  • X (array) – data

  • y (array/list) – labels

Returns

data y (array/list) : random labels

Return type

X (array)