Merge pull request #2117 from Trusted-AI/development_issue_2116

Fix bugs in AutoProjectedGradientDescent

Author: beat-buesser

art/attacks/evasion/auto_projected_gradient_descent.py

@@ -231,28 +231,33 @@ def __init__(self, reduction="mean"):
                             self.ce_loss = torch.nn.CrossEntropyLoss(reduction="none")
                             self.reduction = reduction
 
-                        def __call__(self, y_true: torch.Tensor, y_pred: torch.Tensor) -> torch.Tensor:
+                        def __call__(self, y_pred: torch.Tensor, y_true: torch.Tensor) -> torch.Tensor:
                             if self.reduction == "mean":
-                                return self.ce_loss(y_true, y_pred).mean()
+                                return self.ce_loss(y_pred, y_true).mean()
                             if self.reduction == "sum":
-                                return self.ce_loss(y_true, y_pred).sum()
+                                return self.ce_loss(y_pred, y_true).sum()
                             if self.reduction == "none":
-                                return self.ce_loss(y_true, y_pred)
+                                return self.ce_loss(y_pred, y_true)
                             raise NotImplementedError()
 
                         def forward(
                             self, input: torch.Tensor, target: torch.Tensor  # pylint: disable=W0622
                         ) -> torch.Tensor:
                             """
                             Forward method.
+
                             :param input: Predicted labels of shape (nb_samples, nb_classes).
                             :param target: Target labels of shape (nb_samples, nb_classes).
                             :return: Difference Logits Ratio Loss.
                             """
-                            return self.__call__(y_true=target, y_pred=input)
+                            return self.__call__(y_pred=input, y_true=target)
 
                     _loss_object_pt: torch.nn.modules.loss._Loss = CrossEntropyLossTorch(reduction="mean")
 
+                    reduce_labels = True
+                    int_labels = True
+                    probability_labels = True
+
                 elif loss_type == "difference_logits_ratio":
                     if is_probability(
                         estimator.predict(x=np.ones(shape=(1, *estimator.input_shape), dtype=ART_NUMPY_DTYPE))
@@ -316,13 +321,18 @@ def forward(
                         ) -> torch.Tensor:
                             """
                             Forward method.
+
                             :param input: Predicted labels of shape (nb_samples, nb_classes).
                             :param target: Target labels of shape (nb_samples, nb_classes).
                             :return: Difference Logits Ratio Loss.
                             """
                             return self.__call__(y_true=target, y_pred=input)
 
                     _loss_object_pt = DifferenceLogitsRatioPyTorch()
+
+                    reduce_labels = False
+                    int_labels = False
+                    probability_labels = False
                 else:
                     raise NotImplementedError()
 
@@ -340,6 +350,10 @@ def forward(
                     device_type=str(estimator._device),
                 )
 
+                estimator_apgd._reduce_labels = reduce_labels
+                estimator_apgd._int_labels = int_labels
+                estimator_apgd._probability_labels = probability_labels
+
             else:  # pragma: no cover
                 raise ValueError(f"The loss type {loss_type} is not supported for the provided estimator.")
 

tests/attacks/evasion/test_auto_attack.py

@@ -41,7 +41,7 @@ def fix_get_mnist_subset(get_mnist_dataset):
     yield x_train_mnist[:n_train], y_train_mnist[:n_train], x_test_mnist[:n_test], y_test_mnist[:n_test]
 
 
-@pytest.mark.skip_framework("tensorflow1", "tensorflow2v1", "keras", "pytorch", "non_dl_frameworks", "mxnet", "kerastf")
+@pytest.mark.skip_framework("tensorflow1", "tensorflow2v1", "keras", "non_dl_frameworks", "mxnet", "kerastf")
 def test_generate_default(art_warning, fix_get_mnist_subset, image_dl_estimator):
     try:
         classifier, _ = image_dl_estimator(from_logits=True)
@@ -66,7 +66,7 @@ def test_generate_default(art_warning, fix_get_mnist_subset, image_dl_estimator)
         art_warning(e)
 
 
-@pytest.mark.skip_framework("tensorflow1", "tensorflow2v1", "keras", "pytorch", "non_dl_frameworks", "mxnet", "kerastf")
+@pytest.mark.skip_framework("tensorflow1", "tensorflow2v1", "keras", "non_dl_frameworks", "mxnet", "kerastf")
 def test_generate_attacks_and_targeted(art_warning, fix_get_mnist_subset, image_dl_estimator):
     try:
         classifier, _ = image_dl_estimator(from_logits=True)

tests/attacks/evasion/test_shadow_attack.py

@@ -59,7 +59,7 @@ def test_generate(art_warning, fix_get_mnist_subset, image_dl_estimator_for_atta
 
         x_train_mnist_adv = attack.generate(x=x_train_mnist[0:1], y=y_train_mnist[0:1])
 
-        assert np.max(np.abs(x_train_mnist_adv - x_train_mnist[0:1])) == pytest.approx(0.31463563, abs=0.06)
+        assert np.max(np.abs(x_train_mnist_adv - x_train_mnist[0:1])) == pytest.approx(0.3803413510322571, abs=0.06)
     except ARTTestException as e:
         art_warning(e)