Tutorials

We suggest getting started with the tutorials.

Quickstart

A basic demonstration on how to find adversarial examples for a pre-trained example network on the MNIST dataset.

Explains how to import your own network for verification.

Discusses the various parameters you can select for find_adversarial_example. We explain how to

Better specify targeted labels for the perturbed image (including multiple targeted labels)
Have more precise control over the activations in the output layer
Restrict the family of perturbations (for example to the blurring perturbations discussed in our paper)
Select whether you want to minimize the $L_1$, $L_2$ or $L_\infty$ norm of the perturbation.
Modify the amount of time dedicated to building the model (by selecting the tightening_algorithm, and/or passing in custom tightening_options).

For Gurobi, we show how to specify optimizer settings to:

Mute output
Terminate early if:
- A time limit is reached
- Lower bounds on robustness are proved (that is, we prove that no adversarial example can exist closer than some threshold)
- An adversarial example is found that is closer to the input than expected
- The gap between the upper and lower objective bounds falls below a selected threshold

Walks you through the output dictionary produced by a call to find_adversarial_example.

Explains how to get more granular log settings and to write log output to file.