Image Classification

the below input parameters are for different attack types to start working with the apis view the docid 7pftv3d26cujsz6vmqloo file upload format data the processed data, ready to be passed to the model for prediction, should be saved in a folder https //aisdocs blob core windows net/reference/upload/image/imageclassification/mnist data zip label a csv file should be created with two columns "image" and "label " the first column should contain the image name, and the second column should contain the label the label should be in integer format check sample label file attached https //aisdocs blob core windows net/reference/upload/image/imageclassification/mnist label zip model the model should be saved in either h5 or tensorflow format with full architecture full architecture is needed when loading the model to the platofrm for assessment either in encrypted or unencrypted this can be ignored when model is hosted as an api https //aisdocs blob core windows net/reference/upload/image/imageclassification/mnist model zip note all files uploaded should be in zipped format the above files are sample data for the mnist use case prerequisite only 2 5 % of data is needed the data should be representative and balanced across all classes model extraction requires (450 900) samples or (50 100) samples per class model evasion requires (810 1620) samples or (90 180) samples per class for poisoning, check poisoning section to get sample data, label and models common parameters the below table parameters are common for all attact types such as extraction, evasion, and poisoning to see the additional parameter specific for each attact type, such as extraction and evasion, refer to the below sections 168,77,228,129 true center unhandled content type center unhandled content type center unhandled content type center unhandled content type center unhandled content type center unhandled content type center unhandled content type center unhandled content type center unhandled content type center unhandled content type center unhandled content type center unhandled content type center unhandled content type center unhandled content type center unhandled content type center unhandled content type center unhandled content type center unhandled content type center unhandled content type center unhandled content type center unhandled content type center unhandled content type center unhandled content type center unhandled content type center unhandled content type center unhandled content type center unhandled content type center unhandled content type extraction parameters 186,77,167,129 true unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type evasion parameters 0,66,306 true unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type drift reference data the reference images or the clean images should be saved in a folder https //aisdocs blob core windows net/reference/upload/image/imageclassification/datadrift/referencedata/reference data zip reference label a csv file should be created with two columns "image" and "label " the first column should contain the image name, and the second column should contain the label the label should be in integer format check sample label file attached https //aisdocs blob core windows net/reference/upload/image/imageclassification/datadrift/referencedata/reference label zip test data dataset under test that might contain drifted images https //aisdocs blob core windows net/reference/upload/image/imageclassification/datadrift/referencedata/test data zip test label a csv file containing corresponding labels to the universal data, two columns ‘image’ and ‘label’ the ‘image’ column contains the image name including the extension, and the second column should contain the label the label should be in integer format https //aisdocs blob core windows net/reference/upload/image/imageclassification/datadrift/referencedata/test label zip outlier date data in a zip format needs to be checked for the presence of outliers https //aisdocs blob core windows net/reference/upload/image/imageclassification/outlierdetection/referencedata/data zip poisoning data poisoning universal dataset data containing potential poisoning data that needs to be tested https //aisdocs blob core windows net/reference/upload/image/imageclassification/datapoisoning/referencedata/universal dataset zip universal label a csv file containing corresponding labels to the universal data, two columns ‘image’ and ‘label’ the ‘image’ column contains the imagename including the extension, and the second column should contain the label the label should be in integer format https //aisdocs blob core windows net/reference/upload/image/imageclassification/datapoisoning/referencedata/universal label zip data the processed data, ready to be passed to the model for prediction, should be saved in a folder https //aisdocs blob core windows net/reference/upload/image/imageclassification/datapoisoning/referencedata/data zip label a csv file should be created with two columns "image" and "label " the first column should contain the image name, and the second column should contain the label the label should be in integer format check sample label file attached https //aisdocs blob core windows net/reference/upload/image/imageclassification/datapoisoning/referencedata/label zip model the model should be saved in either h5 or tensorflow format with full architecture full architecture is needed when loading the model to the platform for assessment https //aisdocs blob core windows net/reference/upload/image/imageclassification/datapoisoning/referencedata/model zip experimentation with values to improve the accuracy, you can experiment with the following values for your attack input parameters in our example we have used an mnist dataset in our model and the below table reflects the parameters suitable for it for more information, please refer to the https //github com/bosch aisecurity aishield/reference implementations/tree/main/product taskpair wise/image classification/extraction 120,0,108 true unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type to access all sample artifacts, please visit docid\ ijneocxostabvvrsq11fa for specific artifact details, refer vulnerability report docid\ hl0ut2mwlcbkt8f97fr w sample attacks docid 4g1mjm5lqjfm8t5wbvwpr defense report docid\ vtzlttpja2vsf2j0stlsq defense model docid\ xsbxmzxw4vv14 8nmbf8m note for image classification, supported attack types are extraction, evasion and poisoning, drift and outlier