Trusted-AI
diff --git a/‎.github/actions/yolo/Dockerfile‎
Lines changed: 33 additions & 0 deletions b/‎.github/actions/yolo/Dockerfile‎
Lines changed: 33 additions & 0 deletions
diff --git a/‎.github/actions/yolo/action.yml‎
Lines changed: 7 additions & 0 deletions b/‎.github/actions/yolo/action.yml‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎.github/actions/yolo/run.sh‎
Lines changed: 8 additions & 0 deletions b/‎.github/actions/yolo/run.sh‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎.github/workflows/ci-yolo.yml‎
Lines changed: 34 additions & 0 deletions b/‎.github/workflows/ci-yolo.yml‎
Lines changed: 34 additions & 0 deletions
diff --git a/‎art/attacks/poisoning/perturbations/audio_perturbations.py‎
Lines changed: 149 additions & 0 deletions b/‎art/attacks/poisoning/perturbations/audio_perturbations.py‎
Lines changed: 149 additions & 0 deletions
diff --git a/‎art/estimators/certification/__init__.py‎
Lines changed: 1 addition & 0 deletions b/‎art/estimators/certification/__init__.py‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎art/estimators/certification/derandomized_smoothing/__init__.py‎
Lines changed: 6 additions & 0 deletions b/‎art/estimators/certification/derandomized_smoothing/__init__.py‎
Lines changed: 6 additions & 0 deletions
@@ -0,0 +1,33 @@
+# Get base from a pytorch image
+FROM pytorch/pytorch:1.11.0-cuda11.3-cudnn8-runtime
+
+# Set to install things in non-interactive mode
+ENV DEBIAN_FRONTEND noninteractive
+
+# Install system wide software
+RUN apt-get update \
+     && apt-get install -y \
+        libgl1-mesa-glx \
+        libx11-xcb1 \
+        git \
+        gcc \
+        mono-mcs \
+        cmake \
+        libavcodec-extra \
+        ffmpeg \
+        curl \
+        wget \
+     && apt-get clean all \
+     && rm -r /var/lib/apt/lists/*
+
+RUN pip install six setuptools tqdm
+RUN pip install numpy==1.21.6 scipy==1.8.1 scikit-learn==1.1.1 numba==0.55.1
+RUN pip install torch==1.11.0
+RUN pip install tensorflow==2.9.1
+RUN pip install pytest-cov
+
+# Install necessary libraries for Yolo v3
+RUN pip install pytorchyolo==1.6.2
+
+RUN cd /tmp/ && git clone https://github.com/eriklindernoren/PyTorch-YOLOv3.git
+RUN cd PyTorch-YOLOv3/weights && ./download_weights.sh
@@ -0,0 +1,7 @@
+name: 'Test YOLO'
+description: 'Run tests for YOLO'
+runs:
+  using: 'composite'
+  steps:
+    - run: $GITHUB_ACTION_PATH/run.sh
+      shell: bash
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+exit_code=0
+
+pytest --cov-report=xml --cov=art --cov-append -q -vv tests/estimators/object_detection/test_pytorch_yolo.py --framework=pytorch --durations=0
+if [[ $? -ne 0 ]]; then exit_code=1; echo "Failed estimators/speech_recognition/test_pytorch_yolo tests"; fi
+
+exit ${exit_code}
@@ -0,0 +1,34 @@
+name: CI PyTorchYolo
+on:
+  # Run on manual trigger
+  workflow_dispatch:
+
+  # Run on pull requests
+  pull_request:
+    paths-ignore:
+      - '*.md'
+
+  # Run when pushing to main or dev branches
+  push:
+    branches:
+      - main
+      - dev*
+
+  # Run scheduled CI flow daily
+  schedule:
+    - cron: '0 8 * * 0'
+
+jobs:
+  test_deepspeech_v3_torch_1_10:
+    name: PyTorchYolo
+    runs-on: ubuntu-latest
+    container: adversarialrobustnesstoolbox/art_testing_envs:yolo
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@v3
+      - name: Run Test Action
+        uses: ./.github/actions/yolo
+      - name: Upload coverage to Codecov
+        uses: codecov/codecov-action@v3
+        with:
+          fail_ci_if_error: true
@@ -0,0 +1,149 @@
+# MIT License
+#
+# Copyright (C) The Adversarial Robustness Toolbox (ART) Authors 2022
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
+# documentation files (the "Software"), to deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit
+# persons to whom the Software is furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all copies or substantial portions of the
+# Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
+# WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+"""
+Adversarial perturbations designed to work for images.
+"""
+import numpy as np
+import librosa
+
+
+def insert_tone_trigger(
+    x: np.ndarray,
+    sampling_rate: int = 16000,
+    frequency: int = 440,
+    duration: float = 0.1,
+    random: bool = False,
+    shift: int = 0,
+    scale: float = 0.1,
+) -> np.ndarray:
+    """
+    Adds a 'tone' with a given frequency to audio example. Works for a single example or a batch of examples.
+
+    :param x: N x L matrix or length L array, where N is number of examples, L is the length in number of samples.
+              X is in range [-1,1].
+    :param sampling_rate: Positive integer denoting the sampling rate for x.
+    :param frequency: Frequency of the tone to be added.
+    :param duration: Duration of the tone to be added.
+    :param random: Flag indicating whether the trigger should be randomly placed.
+    :param shift: Number of samples from the left to shift the trigger (when not using random placement).
+    :param scale: Scaling factor for mixing the trigger.
+    :return: Backdoored audio.
+    """
+    n_dim = len(x.shape)
+    if n_dim > 2:
+        raise ValueError("Invalid array shape " + str(x.shape))
+
+    if n_dim == 2:
+        return np.array(
+            [
+                insert_tone_trigger(single_audio, sampling_rate, frequency, duration, random, shift, scale)
+                for single_audio in x
+            ]
+        )
+
+    original_dtype = x.dtype
+    audio = np.copy(x)
+    length = audio.shape[0]
+
+    tone_trigger = librosa.tone(frequency, sr=sampling_rate, duration=duration)
+
+    bd_length = tone_trigger.shape[0]
+    if bd_length > length:
+        print("audio shape:", audio.shape)
+        print("trigger shape:", tone_trigger.shape)
+        raise ValueError("Backdoor audio does not fit inside the original audio.")
+
+    if random:
+        shift = np.random.randint(length - bd_length)
+
+    if shift + bd_length > length:
+        raise ValueError("Shift + Backdoor length is greater than audio's length.")
+
+    trigger_shifted = np.zeros_like(audio)
+    trigger_shifted[shift : shift + bd_length] = np.copy(tone_trigger)
+
+    audio += scale * trigger_shifted
+
+    return audio.astype(original_dtype)
+
+
+def insert_audio_trigger(
+    x: np.ndarray,
+    sampling_rate: int = 16000,
+    backdoor_path: str = "../../../utils/data/backdoors/cough_trigger.wav",
+    duration: float = 1.0,
+    random: bool = False,
+    shift: int = 0,
+    scale: float = 0.1,
+) -> np.ndarray:
+    """
+    Adds an audio backdoor trigger to a set of audio examples. Works for a single example or a batch of examples.
+
+    :param x: N x L matrix or length L array, where N is number of examples, L is the length in number of samples.
+              X is in range [-1,1].
+    :param sampling_rate: Positive integer denoting the sampling rate for x.
+    :param backdoor_path: The path to the audio to insert as a trigger.
+    :param duration: Duration of the trigger in seconds. Default `None` if full trigger is to be used.
+    :param random: Flag indicating whether the trigger should be randomly placed.
+    :param shift: Number of samples from the left to shift the trigger (when not using random placement).
+    :param scale: Scaling factor for mixing the trigger.
+    :return: Backdoored audio.
+    """
+    n_dim = len(x.shape)
+    if n_dim > 2:
+        raise ValueError("Invalid array shape " + str(x.shape))
+
+    if n_dim == 2:
+        return np.array(
+            [
+                insert_audio_trigger(single_audio, sampling_rate, backdoor_path, duration, random, shift, scale)
+                for single_audio in x
+            ]
+        )
+
+    original_dtype = x.dtype
+    audio = np.copy(x)
+
+    length = audio.shape[0]
+
+    trigger, bd_sampling_rate = librosa.load(backdoor_path, mono=True, sr=None, duration=duration)
+
+    if sampling_rate != bd_sampling_rate:
+        print(
+            "Backdoor sampling rate does not match with the sampling rate provided. "
+            "Resampling the backdoor to match the sampling rate."
+        )
+        trigger, _ = librosa.load(backdoor_path, mono=True, sr=sampling_rate, duration=duration)
+
+    bd_length = trigger.shape[0]
+
+    if bd_length > length:
+        raise ValueError("Backdoor audio does not fit inside the original audio.")
+
+    if random:
+        shift = np.random.randint(length - bd_length)
+
+    if shift + bd_length > length:
+        raise ValueError("Shift + Backdoor length is greater than audio's length.")
+
+    trigger_shifted = np.zeros_like(audio)
+    trigger_shifted[shift : shift + bd_length] = np.copy(trigger)
+
+    audio += scale * trigger_shifted
+
+    return audio.astype(original_dtype)
@@ -3,6 +3,7 @@
 """
 import importlib
 from art.estimators.certification import randomized_smoothing
+from art.estimators.certification import derandomized_smoothing
 
 if importlib.util.find_spec("torch") is not None:
     from art.estimators.certification import deep_z
 
@@ -0,0 +1,6 @@
+"""
+DeRandomized smoothing estimators.
+"""
+from art.estimators.certification.derandomized_smoothing.derandomized_smoothing import DeRandomizedSmoothingMixin
+from art.estimators.certification.derandomized_smoothing.pytorch import PyTorchDeRandomizedSmoothing
+from art.estimators.certification.derandomized_smoothing.tensorflow import TensorFlowV2DeRandomizedSmoothing