Data

Tools

Indexes

Applications

Experiments

Open Source Science

armory-library

Python library for Adversarial ML Evaluation

https://github.com/twosixlabs/armory-library

Science Score: 67.0%

This score indicates how likely this project is to be science-related based on various indicators:

  • CITATION.cff file
    Found CITATION.cff file
  • codemeta.json file
    Found codemeta.json file
  • .zenodo.json file
    Found .zenodo.json file
  • DOI references
    Found 1 DOI reference(s) in README
  • Academic publication links
    Links to: zenodo.org
  • Committers with academic emails
  • Institutional organization owner
  • JOSS paper metadata
  • Scientific vocabulary similarity
    Low similarity (13.2%) to scientific vocabulary

Keywords from Contributors

interactive distributed mesh interpretability sequences generic projection optim embedded hacking
Last synced: 6 months ago · JSON representation ·

Repository

Python library for Adversarial ML Evaluation

Basic Info
Statistics
  • Stars: 18
  • Watchers: 8
  • Forks: 5
  • Open Issues: 15
  • Releases: 0
Created over 2 years ago · Last pushed 8 months ago
Metadata Files
Readme Contributing License Citation

README.md

armory logo

CI PyPI Status Badge PyPI - Python Version License: MIT Docs Code style: black DOI

Overview

Armory is a comprehensive platform for evaluating the robustness of machine learning models against adversarial attacks. It is a pure Python library built on top of existing libraries such as PyTorch, Hugging Face, and IBM's Adversarial Robustness Toolbox (ART). The primary focus of Armory is to help machine learning engineers understand how models behave under various adversarial conditions and how defenses may mitigate these attacks.

History

Armory was developed as part of the Guaranteeing AI Robustness against Deception (GARD) program under the Defense Advanced Research Projects Agency (DARPA). The GARD program's mission was to establish theoretical foundations for machine learning system vulnerabilities, to characterize properties that will enhance system robustness, and to advance the creation of effective defenses.

What is Adversarial AI?

Adversarial AI refers to the manipulation of AI models through carefully crafted inputs designed to exploit vulnerabilities in machine learning algorithms. These inputs are often imperceptible to humans but can cause AI systems to make incorrect decisions, such as misclassifying images or generating incorrect text. For instance, an adversarial attack might slightly alter an image of a stop sign, leading a self-driving car to misinterpret it as a yield sign with potentially catastrophic consequences.

There are various types of adversarial attacks:

  • Evasion attacks: Introduce small perturbations to inputs during model inference to trick the model into making incorrect predictions.
  • Poisoning attacks: Manipulate training data to compromise the model during its learning phase.
  • Model extraction: Recreate a machine learning model by exploiting access to the model's outputs.
  • Model inversion: Reverse-engineer sensitive information about the data used to train a model.
  • Model membership: Determine whether a specific data point was used to train the model.

The GARD program was established to tackle these threats by developing defensive techniques that make AI systems more robust and resilient to adversarial manipulations. The program brought together industry experts, including Two Six Technologies, IBM and MITRE, along with researchers from academic institutions to explore the limits of adversarial attacks and develop cutting-edge defenses.

Broader Impact

While the GARD program focused on government and military use cases, the potential for adversarial attacks extends to numerous domains, including healthcare, autonomous vehicles, finance, and cybersecurity. Armory is an open-source tool available to the wider AI community, helping researchers and engineers evaluate the robustness of their models across industries. The goal of Armory is to ensure that AI systems used in applications from medical diagnosis to autonomous drones can remain secure and effective even under adversarial conditions.

How It Works

Armory provides a comprehensive platform to evaluate the robustness of AI models against adversarial attacks. It integrates several key features into user-defined pipelines that allow machine learning engineers to conduct robust model evaluations, implement novel attacks and defenses, and visualize results.

pipeline diagram

Data Ingestion and Model Loading

  • Armory supports various datasets, including those from Hugging Face and TorchVision (e.g., ImageNet, COCO). Users can load datasets for tasks such as image classification and object detection.

  • Armory works with a wide range of machine learning models from libraries like PyTorch and Hugging Face Transformers. These models are wrapped into Armory’s API for easy integration into the evaluation pipeline.

Adversarial Attack Integration

  • Armory currently specializes in evasion attacks. Other attack types like poisoning attacks (which compromise model training) and model inversion (which infers training data) are also planned for future releases.

  • Attacks are implemented using the Adversarial Robustness Toolbox (ART), which provides standard attacks like Projected Gradient Descent (PGD). Users can also implement custom attacks by following Armory’s API.

Defensive Techniques

  • Armory includes defenses that can be applied either before or after model predictions. These defenses aim to reduce the impact of adversarial attacks. For instance, the JPEG compression/decompression pre-processing defense filters out adversarial artifacts by removing high-frequency noise from images. Post-processor defenses may seek to rectify model outputs in the presence of adversarial inputs.

  • Users can configure both pre-processing defenses (applied before model inference) and post-processing defenses (applied after model predictions) within the evaluation pipeline.

Pipeline Orchestration and Evaluation

  • The pipeline runs models through a series of stages: benign evaluation (evaluating the model on normal data), adversarial evaluation (evaluating the model on perturbed data), and defense evaluation (applying defenses and re-evaluating the model).

  • Metrics like accuracy, precision, recall, and mean average precision (mAP) are calculated for each stage, allowing users to compare the performance of models across different conditions.

Visualization and Exporting Results

  • Armory provides tools to visualize results, such as confusion matrices and saliency maps, which help interpret how adversarial attacks affect model performance. These visualizations make it easier to understand where the model fails and how effective the defenses are.

  • The platform also exports evaluation results (e.g., adversarial examples, metrics) in a format that can be easily analyzed or imported into other tools such as Jupyter notebooks for further exploration.

Installation & Configuration

bash pip install armory-library

This is all that is needed to get a working Armory installation. However, Armory-library is a library and does not contain any sample code. We provide examples in the armory-examples repository which is released concurrently with Armory-library.

Examples

The armory-examples repository includes Jupyter notebooks with examples of:

  • Setting up data pipelines
  • Running adversarial attacks
  • Implementing defenses
  • Visualizing results

To install the examples, run:

bash pip install armory-examples

The example source code, along with the Armory-library documentation and API Documentation is a good place to learn how to construct your own evaluations using Armory.

Quick Look

We have provided an sample notebook that uses Armory to evaluate a food101 classifier in the presence of a Project Gradient Descent (PGD) attack. The notebook can be run for free on Google Colab to get a preview of how Armory works.

Open In Colab

Documentation

The Armory-library documentation is published on GitHub or can be viewed directly in the docs directory of this repository. The development team for Armory-library can be reached at armory@twosixtech.com.

The historic GARD-Armory repository

Armory-library is the successor to the GARD-Armory research program run under DARPA. As that program has reached its conclusion, the GARD-Armory repository has been archived sometime in 2024 and there will be no further developmen.

Acknowledgment

This material is based upon work supported by the Defense Advanced Research Projects Agency (DARPA) under Contract No. HR001120C0114 and US Army (JATIC) Contract No. W519TC2392035. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the DARPA or JATIC.

Owner

  • Name: Two Six Technologies
  • Login: twosixlabs
  • Kind: organization
  • Email: info@twosixtech.com
  • Location: Arlington, VA

Two Six Technologies

Citation (CITATION.cff) 

# This CITATION.cff file was generated with cffinit.
# Visit https://bit.ly/cffinit to generate yours today!

cff-version: 1.2.0
title: armory-library
message: >-
  If you use this software, please cite it using the
  metadata from this file.
type: software
authors:
  - given-names: Matt
    family-names: Wartell
    email: armory@twosixtech.com
  - given-names: Kyle
    family-names: Treubig
    email: armory@twosixtech.com
  - given-names: Sterling
    family-names: Suggs
    email: armory@twosixtech.com
repository-code: 'https://github.com/twosixlabs/armory-library'
url: 'https://www.armory-library.org/'
abstract: >-
  Armory-library is a library for evaluating adversarial
  attack machine learning models. It is a pure Python
  installable which is intended to be used in a user created
  application. The armory-library API is intentionally small
  and simple to afford "today" speed of integration.
  Armory-library uses PyTorch, Lightning.AI, and IBM's
  Adversarial Robustness Toolbox (ART) to effect its
  evaluations; it logs all pararmeters and metrics to MLFlow
  either locally or to a remote server.


  Armory-library is part of the Armory project.
keywords:
  - adversarial machine learning
license: MIT
commit: 1ab0924b6eeca7720b26d66289686b37e81c9830
version: 23.10.4
date-released: '2023-10-25'
doi: 10.5281/zenodo.10041830

GitHub Events

Total
  • Issues event: 12
  • Watch event: 9
  • Delete event: 5
  • Issue comment event: 5
  • Push event: 49
  • Pull request review comment event: 2
  • Pull request review event: 7
  • Pull request event: 10
  • Fork event: 3
  • Create event: 9
Last Year
  • Issues event: 12
  • Watch event: 9
  • Delete event: 5
  • Issue comment event: 5
  • Push event: 49
  • Pull request review comment event: 2
  • Pull request review event: 7
  • Pull request event: 10
  • Fork event: 3
  • Create event: 9

Committers

Last synced: 7 months ago

All Time
  • Total Commits: 2,985
  • Total Committers: 35
  • Avg Commits per committer: 85.286
  • Development Distribution Score (DDS): 0.78
Past Year
  • Commits: 73
  • Committers: 3
  • Avg Commits per committer: 24.333
  • Development Distribution Score (DDS): 0.493
Top Committers
Name Email Commits
Kyle Treubig k****g@t****m 657
David Slater d****r@t****m 458
Christopher Woodall w****r@g****m 282
Sterling Suggs s****s@t****m 269
lucas.cadalzo l****o@t****m 253
christopherwoodall c****l@t****m 177
matt wartell m****l@t****m 169
Sean Morgan s****n@o****m 139
ng390 n****a@t****m 78
Yusong y****n@m****g 77
Honaker c****r@t****m 65
Paul Park p****k@t****m 64
Etienne Deprit e****t@t****m 56
lcadalzo 3****o 49
Jonathan Prokos j****s@t****m 37
Rahul Narayanan r****n@t****m 32
Jay Soni j****i@p****w 22
Lori Buettner l****r@t****m 19
Adam Jacobson 3****6 16
kevinmerchant 6****t 14
Seth Henshaw s****w@t****m 9
jxcronay j****y@g****m 6
hkakitani 5****i 6
grobertson-ext 5****t 5
lcadalzo l****o@t****m 5
Tony Rice a****e@m****g 4
dependabot[bot] 4****] 3
jennifer csicsery-ronay 4****y 3
ng390 n****0 3
Taesung Lee t****e@i****m 2
and 5 more...
Committer Domains (Top 20 + Academic)
twosixtech.com: 12 twosixlabs.com: 3 ibm.com: 2 mitre.org: 2 px.ftw: 1

Issues and Pull Requests

Last synced: 7 months ago

All Time
  • Total issues: 117
  • Total pull requests: 70
  • Average time to close issues: 3 months
  • Average time to close pull requests: 11 days
  • Total issue authors: 5
  • Total pull request authors: 7
  • Average comments per issue: 0.44
  • Average comments per pull request: 0.17
  • Merged pull requests: 64
  • Bot issues: 0
  • Bot pull requests: 0
Past Year
  • Issues: 96
  • Pull requests: 47
  • Average time to close issues: 3 months
  • Average time to close pull requests: 14 days
  • Issue authors: 5
  • Pull request authors: 7
  • Average comments per issue: 0.41
  • Average comments per pull request: 0.19
  • Merged pull requests: 42
  • Bot issues: 0
  • Bot pull requests: 0
View more stats
Top Authors
Issue Authors
  • mwartell (40)
  • deprit (30)
  • treubig26 (21)
  • Honaker (4)
  • ashleyha (1)
Pull Request Authors
  • treubig26 (44)
  • mwartell (25)
  • deprit (14)
  • Honaker (9)
  • jay-soni-26 (6)
  • lori101 (2)
  • jxcronay (2)
Top Labels
Issue Labels
phoenix (22) enhancement (7) bug (6) documentation (6)
Pull Request Labels
phoenix (1)

Packages

  • Total packages: 1
  • Total downloads:
    • pypi 61 last-month
  • Total dependent packages: 1
  • Total dependent repositories: 0
  • Total versions: 12
  • Total maintainers: 1
pypi.org: armory-library

TwoSix Armory Adversarial Robustness Evaluation Library

  • Versions: 12
  • Dependent Packages: 1
  • Dependent Repositories: 0
  • Downloads: 61 Last month
Rankings
Dependent packages count: 7.6%
Average: 38.5%
Dependent repos count: 69.4%
Maintainers (1)
armory-twosix
Last synced: 6 months ago

Dependencies

.github/actions/evaluations_environment_setup/action.yml actions
  • actions/cache v3 composite
  • actions/setup-python v4 composite
.github/workflows/ci.yml actions
  • actions/checkout v3 composite
  • actions/setup-python v4 composite
  • actions/upload-artifact v3 composite
.github/workflows/release.yml actions
  • actions/checkout v3 composite
  • actions/setup-python v4 composite
examples/pyproject.toml pypi
pyproject.toml pypi
  • Pillow *
  • adversarial-robustness-toolbox == 1.15.1
  • boto3 *
  • botocore *
  • ffmpeg-python *
  • lightning *
  • loguru *
  • matplotlib *
  • mlflow *
  • numpy *
  • opencv-python == 4.5.5.62
  • opencv-python-headless == 4.5.5.62
  • pandas *
  • pydub *
  • requests *
  • scikit-learn < 1.2.0
  • scipy *
  • setuptools_scm *
  • tensorboardx *
  • tensorflow >= 2.11.0
  • tf-models-official *
  • tidecv *
  • torch >= 2.0.0
  • torchaudio >= 2.0.1
  • torchvision >= 0.15.1
  • transformers *
library/pyproject.toml pypi
  • Pillow *
  • adversarial-robustness-toolbox == 1.15.1
  • boto3 *
  • botocore *
  • ffmpeg-python *
  • lightning *
  • loguru *
  • matplotlib *
  • mlflow *
  • numpy *
  • opencv-python == 4.5.5.62
  • opencv-python-headless == 4.5.5.62
  • pandas *
  • pydub *
  • requests *
  • scikit-learn < 1.2.0
  • scipy *
  • tensorboardx *
  • tensorflow >= 2.11.0
  • tf-models-official *
  • tidecv *
  • torch >= 2.0.0
  • torchaudio >= 2.0.1
  • torchvision >= 0.15.1
  • transformers *
matrix/pyproject.toml pypi