Merge branch 'main' into dependabot/pip/scikit-learn-gte-0.22.2-and-lt-1.4.0

Author: beat-buesser

.github/workflows/dockerhub.yml

@@ -35,7 +35,7 @@ jobs:
         with:
           images: adversarialrobustnesstoolbox/releases
           tags: |
-            type=raw,value={{branch}}-1.16.0-{{sha}}
+            type=raw,value={{branch}}-1.17.0-{{sha}}
             type=semver,pattern={{version}}
 
       - name: Build and push Docker image

README-cn.md

@@ -1,4 +1,4 @@
-# Adversarial Robustness Toolbox (ART) v1.16
+# Adversarial Robustness Toolbox (ART) v1.17
 <p align="center">
   <img src="docs/images/art_lfai.png?raw=true" width="467" title="ART logo">
 </p>

README.md

@@ -1,4 +1,4 @@
-# Adversarial Robustness Toolbox (ART) v1.16
+# Adversarial Robustness Toolbox (ART) v1.17
 <p align="center">
   <img src="docs/images/art_lfai.png?raw=true" width="467" title="ART logo">
 </p>

art/__init__.py

@@ -12,7 +12,7 @@
 from art import preprocessing
 
 # Semantic Version
-__version__ = "1.16.0"
+__version__ = "1.17.0"
 
 # pylint: disable=C0103
 

art/attacks/evasion/__init__.py

@@ -18,6 +18,7 @@
     from art.attacks.evasion.brendel_bethge import BrendelBethgeAttack
 
 from art.attacks.evasion.boundary import BoundaryAttack
+from art.attacks.evasion.composite_adversarial_attack import CompositeAdversarialAttackPyTorch
 from art.attacks.evasion.carlini import CarliniL2Method, CarliniLInfMethod, CarliniL0Method
 from art.attacks.evasion.decision_tree_attack import DecisionTreeAttack
 from art.attacks.evasion.deepfool import DeepFool

art/attacks/evasion/composite_adversarial_attack.py

@@ -155,7 +155,7 @@ def _random_extraction(self, x: np.ndarray, thieved_classifier: "CLASSIFIER_TYPE
             y=fake_labels,
             batch_size=self.batch_size_fit,
             nb_epochs=self.nb_epochs,
-            verbose=0,
+            verbose=False,
         )
 
         return thieved_classifier
@@ -243,7 +243,7 @@ def _adaptive_extraction(
                 y=fake_label,
                 batch_size=self.batch_size_fit,
                 nb_epochs=1,
-                verbose=0,
+                verbose=False,
             )
 
             # Test new labels

art/attacks/extraction/knockoff_nets.py

@@ -360,7 +360,7 @@ def _create_model(
             for layer in model_pt.model.children():
                 if hasattr(layer, "reset_parameters"):
                     layer.reset_parameters()  # type: ignore
-            model_pt.fit(x_train, y_train, batch_size=batch_size, nb_epochs=epochs, verbose=1)
+            model_pt.fit(x_train, y_train, batch_size=batch_size, nb_epochs=epochs, verbose=True)
             predictions = model_pt.predict(x_test)
             accuracy = np.sum(np.argmax(predictions, axis=1) == np.argmax(y_test, axis=1)) / len(y_test)
             logger.info("Accuracy of retrained model : %s", accuracy * 100.0)
@@ -370,7 +370,7 @@ def _create_model(
 
             self.substitute_classifier.model.trainable = True
             model_tf = self.substitute_classifier.clone_for_refitting()
-            model_tf.fit(x_train, y_train, batch_size=batch_size, nb_epochs=epochs, verbose=0)
+            model_tf.fit(x_train, y_train, batch_size=batch_size, nb_epochs=epochs, verbose=False)
             predictions = model_tf.predict(x_test)
             accuracy = np.sum(np.argmax(predictions, axis=1) == np.argmax(y_test, axis=1)) / len(y_test)
             logger.info("Accuracy of retrained model : %s", accuracy * 100.0)

art/attacks/inference/membership_inference/black_box.py

@@ -695,7 +695,9 @@ def _get_activations(self, x_train: Optional[np.ndarray] = None) -> np.ndarray:
 
         # wrong way to get activations activations = self.classifier.predict(self.x_train)
         if isinstance(activations, np.ndarray):
-            nodes_last_layer = np.shape(activations)[1]
+            # flatten activations across batch
+            activations = np.reshape(activations, (activations.shape[0], -1))
+            nodes_last_layer = activations.shape[1]
         else:
             raise ValueError("activations is None or tensor.")