edits to AI model testing

Document/content/tests/AITG-MOD-01_Testing_for_Evasion_Attacks.md

@@ -6,14 +6,14 @@ This test identifies vulnerabilities in AI models related to evasion attacks, wh
 
 ### Test Objectives  
 - Detect susceptibility of AI models to evasion attacks through adversarial input generation.
-- Evaluate model robustness against adversarial examples across different data modalities (text, image, audio).
+- Evaluate model robustness against adversarial examples across different data modalities (text, image, audio, and others).
 - Assess the effectiveness of defenses and detection mechanisms for evasion attacks.
 
 ### How to Test/Payloads  
 
 | Payload | Response Indicating Vulnerability |
 |---|---|
-| **Adversarial Image Perturbation (FGSM)**: Input an image slightly modified using the Fast Gradient Sign Method. The perturbation is often imperceptible to the human eye. | The model misclassifies the adversarially modified image. For example, an image of a "Labrador retriever" is misclassified as a "guillotine". |
+| **Adversarial Image Perturbation**: Input an image slightly modified using algorithms such as Projected Gradient Descent (PGD) or more advanced methods (AutoPGD, AutoAttack). The perturbation is often imperceptible to the human eye. | The model misclassifies the adversarially modified image. For example, an image of a "Labrador retriever" is misclassified as a "guillotine". |
 | **Adversarial Text Perturbation (TextAttack)**: Use a tool like `TextAttack` to introduce subtle character-level or word-level changes (e.g., typos, synonyms) to a text input. | The model significantly changes its original classification, decision, or sentiment analysis, despite minimal and semantically equivalent text alterations. |
 | **Adversarial Audio Perturbation**: Add a small amount of calculated noise to an audio file to evade speech recognition or speaker identification systems. | The AI system incorrectly transcribes the audio, misidentifies the speaker, or fails to recognize the command in the adversarial audio input. |
 
@@ -33,13 +33,12 @@ This test identifies vulnerabilities in AI models related to evasion attacks, wh
   - Tool Link: [ART on GitHub](https://github.com/Trusted-AI/adversarial-robustness-toolbox)
 - **Foolbox**: A popular Python library for creating adversarial examples against a wide range of models (PyTorch, TensorFlow, JAX).
   - Tool Link: [Foolbox on GitHub](https://github.com/bethgelab/foolbox)
+- **SecML-Torch**: A Python library for for robustness evaluation of deep learning models.
+  - Tool Link: [SecML-Torch on GitHub](https://github.com/pralab/secml-torch)
 - **TextAttack**: A Python framework specifically designed for adversarial attacks, data augmentation, and robustness training in NLP.
   - Tool Link: [TextAttack on GitHub](https://github.com/QData/TextAttack)
-- **SecML**: A Python library for the security evaluation of machine learning algorithms, with a focus on evasion and poisoning attacks.
-  - Tool Link: [SecML on GitHub](https://github.com/pralab/secml)
 
 ### References
-- Goodfellow, Ian J., Jonathon Shlens, and Christian Szegedy. "Explaining and Harnessing Adversarial Examples." ICLR 2015. [Link](https://arxiv.org/abs/1412.6572)
 - Madry, Aleksander, et al. "Towards Deep Learning Models Resistant to Adversarial Attacks." ICLR 2018. [Link](https://arxiv.org/abs/1706.06083)
 - OWASP AI Exchange [Link](https://owaspai.org/docs/2_threats_through_use/#21-evasion)
 - Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations, NIST AI 100-2e2025, NIST Trustworthy and Responsible AI, March 2025, Section 2.2 "Evasion Attacks and Mitigations." [Link](https://doi.org/10.6028/NIST.AI.100-2e2025)