Adversaries

groot.adversary

DecisionTreeAdversary

Adversary that can attack and score decision trees against adversarial examples.

__init__(self, decision_tree, kind, attack_model=None, is_numeric=None, n_categories=None, one_adversarial_class=False) special

Parameters:

Name	Type	Description	Default
decision_tree	groot.model.GrootTree or sklearn.tree.DecisionTreeClassifier or groot.treant.RobustDecisionTree	The decision tree to attack following our decision tree implementation.	required
kind	{"ours", "groot", "sklearn", "treant"}	The kind of decision tree to attack, different kinds require different conditions for categorical variables.	required
attack_model	array-like of shape (n_features,)	Attacker capabilities for perturbing X, it is only required for when kind is 'sklearn', 'treant' or 'robust'. The attack model describes for every feature in which way it can be perturbed. By default, all features are considered not perturbable.	None
is_numeric	array-like of shape (n_features,)	Boolean mask for whether each feature is numerical or categorical.	None
n_categories	array-like of shape (n_features,)	Number of categories per feature, entries for numerical features are ignored.	None
one_adversarial_class	bool	Whether one class (malicious, 1) perturbs their samples or if both classes (benign and malicious, 0 and 1) do so.	False

adversarial_accuracy(self, X, y)

Computes the accuracy under an adversary with given attack model.

Parameters:

Name	Type	Description	Default
X	array-like of shape (n_samples, n_features)	Test samples.	required
y	array-like of shape (n_samples,)	True labels for X.	required

Returns:

Type	Description
float	Adversarial accuracy score.

adversarial_f1_score(self, X, y)

Computes the f1 score under an adversary with given attack model.

Parameters:

Name	Type	Description	Default
X	array-like of shape (n_samples, n_features)	Test samples.	required
y	array-like of shape (n_samples,)	True labels for X.	required

Returns:

Type	Description
float	Adversarial f1 score.

average_attack_distance(self, X, y, order=inf)

Computes the average perturbation distance when perturbing each sample

optimally. Here optimally means by the shortest possible distance such that the predicted class is different than the sample's label.

The order parameter is fed straight into numpy.linalg.norm. See the numpy documentation for explanations and examples.

Parameters:

Name	Type	Description	Default
X	array-like of shape (n_samples, n_features)	Test samples.	required
y	array-like of shape (n_samples,)	True labels for X.	required

Returns:

Type	Description
np.float	Mean perturbation distance.

Leaf

Representation of a decision leaf by its bounding box and value.

can_reach(self, point)

Checks whether this leaf is in reach of the given point by the attacker.

Parameters:

Name	Type	Description	Default
point	array-like of shape (n_features,)	Point's unperturbed values.	required

Returns:

Type	Description
bool	Whether or not the point is in reach of this leaf.

compute_intersection(self, other)

Computes the intersection (a new Leaf object) of this leaf with another leaf. The intersection leaf represents the overlapping region of the two leaves. The new Leaf's value is the average of the original values.

Parameters:

Name	Type	Description	Default
other	Leaf	Leaf to compute intersection with.	required

Returns:

Type	Description
Leaf	Leaf representing the intersection between this leaf and the other leaf.

get_bounding_box(self)

Get the bounding box of this leaf.

Returns:

Type	Description
ndarray of shape (n_features, 2)	Bounding box given by [low, high] for each feature.

minimal_distance(self, point, order)

Compute the minimum perturbation distance between this leaf and the given sample in the given L-p norm.

Parameters:

Name	Type	Description	Default
point	array-like of shape (n_features,)	Point's unperturbed values.	required
order	{0, 1, 2, np.inf}	L-p norm to compute distance in.	required

Returns:

Type	Description
bool	Whether or not the point is in reach of this leaf.