Review updates

Signed-off-by: Beat Buesser <[email protected]>

Author: Beat Buesser

art/attacks/evasion/pixel_threshold.py

@@ -19,11 +19,8 @@
 This module implements the Threshold Attack and Pixel Attack.
 The Pixel Attack is a generalisation of One Pixel Attack.
 
-| One Pixel Attack Paper link:
-    https://ieeexplore.ieee.org/abstract/document/8601309/citations#citations
-    (arXiv link: https://arxiv.org/pdf/1710.08864.pdf)
-| Pixel and Threshold Attack Paper link:
-    https://arxiv.org/abs/1906.06026
+| One Pixel Attack Paper link: https://arxiv.org/ans/1710.08864
+| Pixel and Threshold Attack Paper link: https://arxiv.org/abs/1906.06026
 """
 # pylint: disable=C0302
 from __future__ import absolute_import, division, print_function, unicode_literals
@@ -61,11 +58,9 @@
 class PixelThreshold(EvasionAttack):
     """
     These attacks were originally implemented by Vargas et al. (2019) & Su et al.(2019).
-    | One Pixel Attack Paper link:
-        https://ieeexplore.ieee.org/abstract/document/8601309/citations#citations
-        (arXiv link: https://arxiv.org/pdf/1710.08864.pdf)
-    | Pixel and Threshold Attack Paper link:
-        https://arxiv.org/abs/1906.06026
+
+    | One Pixel Attack Paper link: https://arxiv.org/abs/1710.08864
+    | Pixel and Threshold Attack Paper link: https://arxiv.org/abs/1906.06026
     """
 
     attack_params = EvasionAttack.attack_params + ["th", "es", "max_iter", "targeted", "verbose", "verbose_es"]
@@ -83,6 +78,7 @@ def __init__(
     ) -> None:
         """
         Create a :class:`.PixelThreshold` instance.
+
         :param classifier: A trained classifier.
         :param th: threshold value of the Pixel/ Threshold attack. th=None indicates finding a minimum threshold.
         :param es: Indicates whether the attack uses CMAES (0) or DE (1) as Evolutionary Strategy.
@@ -139,6 +135,7 @@ def rescale_input(self, x):
     def generate(self, x: np.ndarray, y: Optional[np.ndarray] = None, **kwargs) -> np.ndarray:
         """
         Generate adversarial samples and return them in an array.
+
         :param x: An array with the original inputs.
         :param y: Target values (class labels) one-hot-encoded of shape (nb_samples, nb_classes) or indices of shape
                   (nb_samples,). Only provide this parameter if you'd like to use true labels when crafting adversarial
@@ -164,7 +161,7 @@ def generate(self, x: np.ndarray, y: Optional[np.ndarray] = None, **kwargs) -> n
         if self.th is None:
             logger.info(
                 "Performing minimal perturbation Attack. \
-                This takes substainally long time to process. \
+                This could take long time to process. \
                 For sanity check, pass th=10 to the Attack instance."
             )
 
@@ -357,11 +354,9 @@ class PixelAttack(PixelThreshold):
     """
     This attack was originally implemented by Vargas et al. (2019). It is generalisation of One Pixel Attack originally
     implemented by Su et al. (2019).
-    | One Pixel Attack Paper link:
-        https://ieeexplore.ieee.org/abstract/document/8601309/citations#citations
-        (arXiv link: https://arxiv.org/pdf/1710.08864.pdf)
-    | Pixel Attack Paper link:
-        https://arxiv.org/abs/1906.06026
+
+    | One Pixel Attack Paper link: https://arxiv.org/abs/1710.08864
+    | Pixel Attack Paper link: https://arxiv.org/abs/1906.06026
     """
 
     def __init__(
@@ -375,6 +370,7 @@ def __init__(
     ) -> None:
         """
         Create a :class:`.PixelAttack` instance.
+
         :param classifier: A trained classifier.
         :param th: threshold value of the Pixel/ Threshold attack. th=None indicates finding a minimum threshold.
         :param es: Indicates whether the attack uses CMAES (0) or DE (1) as Evolutionary Strategy.
@@ -440,8 +436,8 @@ def _get_bounds(self, img: np.ndarray, limit) -> Tuple[List[list], list]:
 class ThresholdAttack(PixelThreshold):
     """
     This attack was originally implemented by Vargas et al. (2019).
-    | Paper link:
-        https://arxiv.org/abs/1906.06026
+
+    | Paper link: https://arxiv.org/abs/1906.06026
     """
 
     def __init__(
@@ -455,6 +451,7 @@ def __init__(
     ) -> None:
         """
         Create a :class:`.PixelThreshold` instance.
+
         :param classifier: A trained classifier.
         :param th: threshold value of the Pixel/ Threshold attack. th=None indicates finding a minimum threshold.
         :param es: Indicates whether the attack uses CMAES (0) or DE (1) as Evolutionary Strategy.
@@ -499,7 +496,9 @@ class CMAEarlyStoppingException(Exception):
 To speed up predictions, the entire parameters array is passed to `self.func`,
 where a neural network model can batch its computations and execute in parallel
 Search for `CHANGES` to find all code changes.
+
 Dan Kondratyuk 2018
+
 Original code adapted from
 https://github.com/scipy/scipy/blob/70e61dee181de23fdd8d893eaa9491100e2218d7/scipy/optimize/_differentialevolution.py
 ----------

art/estimators/classification/pytorch.py

@@ -66,7 +66,6 @@ class PyTorchClassifier(ClassGradientsMixin, ClassifierMixin, PyTorchEstimator):
             "use_amp",
             "opt_level",
             "loss_scale",
-            "tensor_board",
         ]
     )
 

requirements.txt

@@ -34,16 +34,14 @@ lightgbm==3.2.1
 xgboost==1.4.2
 kornia~=0.5.4
 tensorboardX==2.1
+lief==0.11.4
 
 # Lingvo ASR dependencies
 # supported versions: (lingvo==0.6.4 with tensorflow-gpu==2.1.0)
 # note: due to conflicts with other TF1/2 version supported by ART, the dependencies are not installed by default
 #tensorflow-gpu==2.1.0
 #lingvo==0.6.4
 
-# PE malware attacks
-lief==0.11.4
-
 # other
 pytest~=6.2.4
 pytest-flake8~=1.0.7

tests/classifiersFrameworks/test_pytorch.py

@@ -24,11 +24,11 @@
 import torch.optim as optim
 import sklearn.datasets
 
-import art.estimators.classification
 from art.estimators.classification.pytorch import PyTorchClassifier
 from art.defences.preprocessor.spatial_smoothing import SpatialSmoothing
 from art.defences.preprocessor.spatial_smoothing_pytorch import SpatialSmoothingPyTorch
-from art.attacks.evasion import FastGradientMethod
+from art.attacks.evasion.fast_gradient import FastGradientMethod
+from art.attacks.evasion.projected_gradient_descent.projected_gradient_descent import ProjectedGradientDescent
 
 from tests.attacks.utils import backend_test_defended_images
 from tests.utils import ARTTestException
@@ -229,9 +229,9 @@ def test_fgsm_defences(art_warning, fix_get_mnist_subset, image_dl_estimator, de
 
 
 @pytest.mark.only_with_platform("pytorch")
-def test_pytorch_binary_PGD(art_warning, get_mnist_dataset):
+def test_pytorch_binary_pgd(art_warning, get_mnist_dataset):
     """
-    This test instantiates a binary classification Pytorch model, then attacks it using PGD
+    This test instantiates a binary classification PyTorch model, then attacks it using PGD
 
     """
 
@@ -260,7 +260,7 @@ def forward(self, x):
         loss_func = nn.BCELoss()
         model.to(device)
         opt = optim.Adam(model.parameters(), lr=0.001)
-        classifier = art.estimators.classification.PyTorchClassifier(
+        classifier = PyTorchClassifier(
             model=model,
             loss=loss_func,
             optimizer=opt,
@@ -270,7 +270,7 @@ def forward(self, x):
         classifier.fit(train_x, train_y, batch_size=64, nb_epochs=3)
         test_x_batch = test_x[0:16]
         preds = classifier.predict(test_x_batch)
-        attacker = art.attacks.evasion.ProjectedGradientDescent(classifier, eps=0.5)
+        attacker = ProjectedGradientDescent(classifier, eps=0.5)
         generated = attacker.generate(test_x_batch)
         adv_predicted = classifier.predict(generated)
         assert (adv_predicted != preds).all()

tests/classifiersFrameworks/test_tensorflow.py

@@ -24,9 +24,8 @@
 import sklearn.datasets
 import sklearn.model_selection
 
-import art
-import art.estimators.classification
 from art.estimators.classification.tensorflow import TensorFlowV2Classifier
+from art.estimators.classification.keras import KerasClassifier
 from art.defences.preprocessor.spatial_smoothing import SpatialSmoothing
 from art.defences.preprocessor.spatial_smoothing_tensorflow import SpatialSmoothingTensorFlowV2
 from art.attacks.evasion import FastGradientMethod, ProjectedGradientDescent
@@ -224,7 +223,7 @@ def test_fgsm_defences(art_warning, fix_get_mnist_subset, image_dl_estimator):
 
 
 @pytest.mark.only_with_platform("tensorflow2")
-def test_binary_keras_instantiation_and_attack_PGD(art_warning):
+def test_binary_keras_instantiation_and_attack_pgd(art_warning):
     tf.compat.v1.disable_eager_execution()
     try:
         x, y = sklearn.datasets.make_classification(
@@ -241,7 +240,7 @@ def test_binary_keras_instantiation_and_attack_PGD(art_warning):
         )
         model.summary()
         model.compile(optimizer=tf.optimizers.Adam(), loss="binary_crossentropy", metrics=["accuracy"])
-        classifier = art.estimators.classification.KerasClassifier(model=model)
+        classifier = KerasClassifier(model=model)
         classifier.fit(train_x, train_y, nb_epochs=5)
         pred = classifier.predict(test_x)
         attack = ProjectedGradientDescent(estimator=classifier, eps=0.5)