Create copies of input data to protect it against models overwriting inputs

Signed-off-by: Beat Buesser <[email protected]>

Author: Beat Buesser

art/attacks/evasion/projected_gradient_descent/projected_gradient_descent_pytorch.py

@@ -238,9 +238,11 @@ def _generate_batch(
         :param eps_step: Attack step size (input variation) at each iteration.
         :return: Adversarial examples.
         """
+        import torch  # lgtm [py/repeated-import]
+
         inputs = x.to(self.estimator.device)
         targets = targets.to(self.estimator.device)
-        adv_x = inputs
+        adv_x = torch.clone(inputs)
 
         if mask is not None:
             mask = mask.to(self.estimator.device)

art/attacks/evasion/projected_gradient_descent/projected_gradient_descent_tensorflow_v2.py

@@ -234,7 +234,10 @@ def _generate_batch(
         :param eps_step: Attack step size (input variation) at each iteration.
         :return: Adversarial examples.
         """
-        adv_x = x
+        import tensorflow as tf  # lgtm [py/repeated-import]
+
+        adv_x = tf.identity(x)
+
         for i_max_iter in range(self.max_iter):
             adv_x = self._compute_tf(
                 adv_x, x, targets, mask, eps, eps_step, self.num_random_init > 0 and i_max_iter == 0,