Trusted-AI
diff --git a/‎README.md‎
Lines changed: 0 additions & 11 deletions b/‎README.md‎
Lines changed: 0 additions & 11 deletions
diff --git a/‎art/attacks/attack.py‎
Lines changed: 8 additions & 78 deletions b/‎art/attacks/attack.py‎
Lines changed: 8 additions & 78 deletions
@@ -54,19 +54,8 @@ stl10_path=./data/stl-10
 
 If the datasets are not present at the indicated path, loading them will also download the data.
 
-
 ## Running Nemesis
 
-The library contains three main scripts for:
-* training a classifier using (`train.py`)
-* crafting adversarial examples on a trained model through (`generate_adversarial.py`)
-* testing model accuracy on different test sets using (`test_accuracies.py`)
-
-Detailed instructions for each script are available by typing
-```bash
-python3 <script_name> -h
-```
-
 Some examples of how to use Nemesis when writing your own code can be found in the `examples` folder. See `examples/README.md` for more information about what each example does. To run an example, use the following command:
 ```bash
 python3 examples/<example_name>.py
 
@@ -3,37 +3,6 @@
 import abc
 import sys
 
-import numpy as np
-import tensorflow as tf
-
-
-def clip_perturbation(v, eps, p):
-    """
-    Clip the values in v if their L_p norm is larger than eps.
-    :param v: array of perturbations to clip
-    :param eps: maximum norm allowed
-    :param p: L_p norm to use for clipping. Only p = 2 and p = Inf supported for now
-    :return: clipped values of v
-    """
-    if p == 2:
-        v *= min(1., eps/np.linalg.norm(v, axis=(1, 2)))
-    elif p == np.inf:
-        v = np.sign(v) * np.minimum(abs(v), eps)
-    else:
-        raise NotImplementedError('Values of p different from 2 and Inf are currently not supported.')
-
-    return v
-
-
-def class_derivative(preds, x, num_labels=10):
-    """
-    Computes per class derivatives.
-    :param preds: the model's logits
-    :param x: the input placeholder
-    :param num_labels: the number of classes the model has
-    :return: (list) class derivatives
-    """
-    return [tf.gradients(preds[:, i], x) for i in range(num_labels)]
 
 # Ensure compatibility with Python 2 and 3 when using ABCMeta
 if sys.version_info >= (3, 4):
@@ -46,67 +15,28 @@ class Attack(ABC):
     """
     Abstract base class for all attack classes.
     """
-    attack_params = ['classifier', 'session']
+    attack_params = ['classifier']
 
-    def __init__(self, classifier, sess=None):
+    def __init__(self, classifier):
         """
         :param classifier: A trained model.
         :type classifier: :class:`Classifier`
-        :param sess: The session to run graphs in.
-        :type sess: `tf.Session`
         """
-
         self.classifier = classifier
-        self.model = classifier.model
-        self.sess = sess
-        self.inf_loop = False
-
-    def generate_graph(self, x, **kwargs):
-        """
-        Generate the attack's symbolic graph for adversarial examples. This method should be overridden in any child
-        class that implements an attack that is expressible symbolically. Otherwise, it will wrap the numerical
-        implementation as a symbolic operator.
 
-        :param x: The model's symbolic inputs.
-        :type x: `tf.Placeholder`
-        :param kwargs: optional parameters used by child classes.
-        :type kwargs: `dict`
-        :return: A symbolic representation of the adversarial examples.
-        :rtype: `tf.Tensor`
-        """
-        if not self.inf_loop:
-            self.inf_loop = True
-            self.set_params(**kwargs)
-            graph = tf.py_func(self.generate, [x], tf.float32)
-            self.inf_loop = False
-            return graph
-        else:
-            raise NotImplementedError("No symbolic or numeric implementation of attack.")
-
-    def generate(self, x_val, **kwargs):
+    def generate(self, x, **kwargs):
         """
-        Generate adversarial examples and return them as a Numpy array. This method should be overridden in any child
-        class that implements an attack that is not fully expressed symbolically.
+        Generate adversarial examples and return them as an array. This method should be overridden by all concrete
+        attack implementations.
 
-        :param x_val: An array with the original inputs to be attacked.
-        :type x_val: `np.ndarray`
+        :param x: An array with the original inputs to be attacked.
+        :type x: `np.ndarray`
         :param kwargs: Attack-specific parameters used by child classes.
         :type kwargs: `dict`
         :return: An array holding the adversarial examples.
         :rtype: `np.ndarray`
         """
-        if not self.inf_loop:
-            self.inf_loop = True
-            self.set_params(**kwargs)
-            input_shape = list(x_val.shape)
-            input_shape[0] = None
-            self._x = tf.placeholder(tf.float32, shape=input_shape)
-            self._x_adv = self.generate_graph(self._x)
-            self.inf_loop = False
-        else:
-            raise NotImplementedError("No symbolic or numeric implementation of attack.")
-
-        return self.sess.run(self._x_adv, feed_dict={self._x: x_val})
+        raise NotImplementedError
 
     def set_params(self, **kwargs):
         """