Configuration¶

This page describes how to configure the robustness module that probes how the model behaves under input perturbations.

Inside the robustness key, you can configure one or more named assessors. See Examples for the config shape.

See Supported libraries for the backend behaviour behind _target_, algorithm, and visualiser compatibility.

Options¶

Name	Allowed	Default	Description
`_target_`	`"TorchattacksAssessor", "FoolboxAssessor", "ImageCorruptionsAssessor"`	`null`	Hydra target for the assessor class.
`algorithm`	See Supported libraries	`null`	Name of the underlying attack algorithm to use. The exact class is resolved by the selected assessor backend.
`constructor`	`dict`	`{}`	Keyword arguments forwarded when constructing the assessor / underlying library object. Torchattacks consumes the perturbation budget (`eps`, `alpha`, `steps`, ...) here, since the adapter does `attack_class(model, **constructor)` once.
`call`	`dict`	`{}`	Keyword arguments forwarded verbatim to the underlying library at call time. Foolbox consumes the perturbation budget (`eps`, `epsilons`) here, since foolbox attacks read it at `attack(...)` time. Any nested dict with a `source` key is treated as a runtime data source.
`raitap`	`dict`	`{}`	RAITAP-owned runtime options such as batching, progress display, and sample-name metadata. These keys are not forwarded to the underlying library.
`raitap.batch_size`	`int`	`None`	Batch size for generating adversarial examples. If unset, the assessor processes the full input batch in a single call to the attack library. Set this for memory-bound attacks (Square, CW, ...) on large batches.
`raitap.show_progress`	`bool`	`True`	Whether to show a progress bar across attack batches.
`raitap.progress_desc`	`str`	`null`	Description used by the progress bar.
`raitap.sample_names`	`list[str]`	`null`	Optional per-sample names for downstream visualisers. Injected at runtime from the data pipeline. Runtime sample names take precedence over `raitap.sample_names` from config. The list length must equal the number of input samples `N`; a mismatch raises `raitap.utils.errors.SampleNamesLengthError` at factory entry. Omit `sample_names` to fall back to auto-derived sample ids from the data loader.
`raitap.show_sample_names`	`bool`	`False`	Default toggle for showing sample names in visualiser titles. Set the assessor-level default here under `raitap:`. If a specific visualiser needs different behaviour, override it with `visualisers[].call.show_sample_names`.
`raitap.input_metadata`	`dict`	`null`	Input modality + layout hints. Used by image visualisers to refuse non-image results and by the budget norm to size per-sample distance. Auto-inferred from `data.source` for the default loaders. This per-assessor metadata is scoped to visualiser/budget semantics; backend input reshape is controlled by `data.input_metadata.shape` instead — see Configuration.
`raitap.ci_method`	`"wilson", "clopper_pearson"`	`"wilson"`	Binomial CI method used by statistical-sampling assessors (`ImageCorruptionsAssessor`). Ignored by empirical-attack and formal-verification assessors.
`raitap.ci_level`	`float`	`0.95`	Confidence level for the binomial CI. Ignored by empirical-attack and formal-verification assessors.
`visualisers`	`list[dict]`	`[ImagePairVisualiser]`	Visualiser definitions. Each entry must include at least `_target_`. Each visualiser can also define its own `constructor` and `call` blocks. Visualisers declare which `AssessmentKind` (`empirical_attack` / `formal_verification` / `statistical_sampling`) they support; the factory rejects mismatches at parse time.

Examples¶

YAML

robustness:
  pgd:
    _target_: "TorchattacksAssessor"
    algorithm: "PGD"
    constructor:
      eps: 0.03
      alpha: 0.0078
      steps: 10
    visualisers:
      - _target_: "ImagePairVisualiser"
  linf_pgd:
    _target_: "FoolboxAssessor"
    algorithm: "LinfPGD"
    constructor:
      rel_stepsize: 0.025
      steps: 40
    call:
      eps: 0.03
    visualisers:
      - _target_: "ImagePairVisualiser"
      - _target_: "PerturbationHeatmapVisualiser"
  avg:
    _target_: "ImageCorruptionsAssessor"
    algorithm: "gaussian_noise"   # one of the 15 ImageNet-C corruptions
    constructor:
      severity: 3                 # 1..5
    raitap:
      ci_method: "wilson"         # or clopper_pearson
      ci_level: 0.95
    visualisers:
      - _target_: "CorruptionAccuracyVisualiser"

Python

from raitap.robustness import corruption_accuracy, foolbox, image_pair, imagecorruptions, perturbation_heatmap, torchattacks

robustness = {
    "pgd": torchattacks(
        algorithm="PGD",
        constructor={"eps": 0.03, "alpha": 0.0078, "steps": 10},
        visualisers=[image_pair()],
    ),
    "linf_pgd": foolbox(
        algorithm="LinfPGD",
        constructor={"rel_stepsize": 0.025, "steps": 40},
        call={"eps": 0.03},
        visualisers=[image_pair(), perturbation_heatmap()],
    ),
    "avg": imagecorruptions(
        algorithm="gaussian_noise",
        constructor={"severity": 3},
        raitap={"ci_method": "wilson", "ci_level": 0.95},
        visualisers=[corruption_accuracy()],
    ),
}

CLI

uv run raitap +robustness=torchattacks robustness.torchattacks.algorithm=PGD robustness.torchattacks.constructor.eps=0.05

pip

raitap +robustness=torchattacks robustness.torchattacks.algorithm=PGD robustness.torchattacks.constructor.eps=0.05