Change Classifier API to framework agnostic

Author: Irina Nicolae

.travis.yml

@@ -1,24 +1,23 @@
 sudo: required
 dist: trusty
 language: python
+env:
 matrix:
   include:
       - python: 2.7
-        env:
-          - KERAS_BACKEND=tensorflow
-          - TENSORFLOW_V=1.4.1
+        env: KERAS_BACKEND=tensorflow TENSORFLOW_V=1.5.1
       - python: 2.7
-        env:
-          - KERAS_BACKEND=tensorflow
-          - TENSORFLOW_V=1.1.0
+        env: KERAS_BACKEND=tensorflow TENSORFLOW_V=1.6.0
+      - python: 2.7
+        env: KERAS_BACKEND=tensorflow TENSORFLOW_V=1.7.0
+      - python: 3.5
+        env: KERAS_BACKEND=tensorflow TENSORFLOW_V=1.5.1
       - python: 3.5
-        env:
-          - KERAS_BACKEND=tensorflow
-          - TENSORFLOW_V=1.1.0
+        env: KERAS_BACKEND=tensorflow TENSORFLOW_V=1.6.0
       - python: 3.5
-        env:
-          - KERAS_BACKEND=tensorflow
-          - TENSORFLOW_V=1.4.1
+        env: KERAS_BACKEND=tensorflow TENSORFLOW_V=1.7.0
+  exclude:
+      - env:
 
 before_install:
   - if [[ "$TRAVIS_PYTHON_VERSION" == "2.7" ]]; then
@@ -37,15 +36,7 @@ install:
   - conda create -q -n test-environment python=$TRAVIS_PYTHON_VERSION numpy scipy matplotlib pandas h5py
   - source activate test-environment
   # Install TensorFlow
-  - if [[ "$TRAVIS_PYTHON_VERSION" == "2.7" && "$TENSORFLOW_V" == "1.4.1" ]]; then
-      pip install https://storage.googleapis.com/tensorflow/linux/cpu/tensorflow-1.4.1-cp27-none-linux_x86_64.whl;
-    elif [[ "$TRAVIS_PYTHON_VERSION" == "2.7" && "$TENSORFLOW_V" == "1.1.0" ]]; then
-      pip install https://storage.googleapis.com/tensorflow/linux/cpu/tensorflow-1.1.0-cp27-none-linux_x86_64.whl;
-    elif [[ "$TRAVIS_PYTHON_VERSION" == "3.5" && "$TENSORFLOW_V" == "1.4.1" ]]; then
-      pip install https://storage.googleapis.com/tensorflow/linux/cpu/tensorflow-1.4.1-cp35-cp35m-linux_x86_64.whl;
-    elif [[ "$TRAVIS_PYTHON_VERSION" == "3.5" && "$TENSORFLOW_V" == "1.1.0" ]]; then
-      pip install https://storage.googleapis.com/tensorflow/linux/cpu/tensorflow-1.1.0-cp35-cp35m-linux_x86_64.whl;
-    fi
+  - if [[ "$TENSORFLOW_V" != "" ]]; then pip install tensorflow==${TENSORFLOW_V}; fi
   - pip install keras
   - conda install libgcc
   - export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/home/travis/miniconda/envs/test-environment/lib

README.md

@@ -55,22 +55,10 @@ stl10_path=./data/stl-10
 
 If the datasets are not present at the indicated path, loading them will also download the data.
 
-## Running scripts
+## Running Nemesis
 
-The library contains three main scripts for:
-* training a classifier using (`train.py`)
-* crafting adversarial examples on a trained model through (`generate_adversarial.py`)
-* testing model accuracy on different test sets using (`test_accuracies.py`)
+Some examples of how to use Nemesis when writing your own code can be found in the `examples` folder. See `examples/README.md` for more information about what each example does. To run an example, use the following command:
 
-Detailed instructions for each script are available by typing
-```bash
-python3 <script_name> -h
-```
-
-## Documentation
-Documentation is available [here](https://adversarial-robustness-toolbox.readthedocs.io/).
-
-Some examples of how to use the toolbox when writing your own code can be found in the `examples` folder. See `examples/README.md` for more information about what each example does. To run an example, use the following command:
 ```bash
 python3 examples/<example_name>.py
 ```

art/attacks/attack.py

@@ -20,37 +20,6 @@
 import abc
 import sys
 
-import numpy as np
-import tensorflow as tf
-
-
-def clip_perturbation(v, eps, p):
-    """
-    Clip the values in v if their L_p norm is larger than eps.
-    :param v: array of perturbations to clip
-    :param eps: maximum norm allowed
-    :param p: L_p norm to use for clipping. Only p = 2 and p = Inf supported for now
-    :return: clipped values of v
-    """
-    if p == 2:
-        v *= min(1., eps/np.linalg.norm(v, axis=(1, 2)))
-    elif p == np.inf:
-        v = np.sign(v) * np.minimum(abs(v), eps)
-    else:
-        raise NotImplementedError('Values of p different from 2 and Inf are currently not supported.')
-
-    return v
-
-
-def class_derivative(preds, x, num_labels=10):
-    """
-    Computes per class derivatives.
-    :param preds: the model's logits
-    :param x: the input placeholder
-    :param num_labels: the number of classes the model has
-    :return: (list) class derivatives
-    """
-    return [tf.gradients(preds[:, i], x) for i in range(num_labels)]
 
 # Ensure compatibility with Python 2 and 3 when using ABCMeta
 if sys.version_info >= (3, 4):
@@ -63,67 +32,28 @@ class Attack(ABC):
     """
     Abstract base class for all attack classes.
     """
-    attack_params = ['classifier', 'session']
+    attack_params = ['classifier']
 
-    def __init__(self, classifier, sess=None):
+    def __init__(self, classifier):
         """
         :param classifier: A trained model.
         :type classifier: :class:`Classifier`
-        :param sess: The session to run graphs in.
-        :type sess: `tf.Session`
         """
-
         self.classifier = classifier
-        self.model = classifier.model
-        self.sess = sess
-        self.inf_loop = False
-
-    def generate_graph(self, x, **kwargs):
-        """
-        Generate the attack's symbolic graph for adversarial examples. This method should be overridden in any child
-        class that implements an attack that is expressible symbolically. Otherwise, it will wrap the numerical
-        implementation as a symbolic operator.
 
-        :param x: The model's symbolic inputs.
-        :type x: `tf.Placeholder`
-        :param kwargs: optional parameters used by child classes.
-        :type kwargs: `dict`
-        :return: A symbolic representation of the adversarial examples.
-        :rtype: `tf.Tensor`
-        """
-        if not self.inf_loop:
-            self.inf_loop = True
-            self.set_params(**kwargs)
-            graph = tf.py_func(self.generate, [x], tf.float32)
-            self.inf_loop = False
-            return graph
-        else:
-            raise NotImplementedError("No symbolic or numeric implementation of attack.")
-
-    def generate(self, x_val, **kwargs):
+    def generate(self, x, **kwargs):
         """
-        Generate adversarial examples and return them as a Numpy array. This method should be overridden in any child
-        class that implements an attack that is not fully expressed symbolically.
+        Generate adversarial examples and return them as an array. This method should be overridden by all concrete
+        attack implementations.
 
-        :param x_val: An array with the original inputs to be attacked.
-        :type x_val: `np.ndarray`
+        :param x: An array with the original inputs to be attacked.
+        :type x: `np.ndarray`
         :param kwargs: Attack-specific parameters used by child classes.
         :type kwargs: `dict`
         :return: An array holding the adversarial examples.
         :rtype: `np.ndarray`
         """
-        if not self.inf_loop:
-            self.inf_loop = True
-            self.set_params(**kwargs)
-            input_shape = list(x_val.shape)
-            input_shape[0] = None
-            self._x = tf.placeholder(tf.float32, shape=input_shape)
-            self._x_adv = self.generate_graph(self._x)
-            self.inf_loop = False
-        else:
-            raise NotImplementedError("No symbolic or numeric implementation of attack.")
-
-        return self.sess.run(self._x_adv, feed_dict={self._x: x_val})
+        raise NotImplementedError
 
     def set_params(self, **kwargs):
         """