Merge pull request #637 from Trusted-AI/dev_1.4.1

Update to ART 1.4.1

Author: beat-buesser

art/attacks/evasion/imperceptible_asr/imperceptible_asr_pytorch.py

@@ -25,7 +25,7 @@
 from __future__ import absolute_import, division, print_function, unicode_literals
 
 import logging
-from typing import Optional, Tuple, TYPE_CHECKING
+from typing import Tuple, Optional, Union, TYPE_CHECKING
 
 import numpy as np
 import scipy
@@ -105,7 +105,7 @@ def __init__(
         batch_size: int = 32,
         use_amp: bool = False,
         opt_level: str = "O1",
-        loss_scale: int = 1,
+        loss_scale: Optional[Union[float, str]] = 1.0,
     ):
         """
         Create a :class:`.ImperceptibleASRPytorch` instance.
@@ -144,9 +144,11 @@ def __init__(
                         only triggered if there are GPUs available.
         :param opt_level: Specify a pure or mixed precision optimization level. Used when use_amp is True. Accepted
                           values are `O0`, `O1`, `O2`, and `O3`.
-        :param loss_scale: Loss scaling. Used when use_amp is True. Default is 1 due to warp-ctc not supporting
-                           scaling of gradients.
+        :param loss_scale: Loss scaling. Used when use_amp is True. Default is 1.0 due to warp-ctc not supporting
+                           scaling of gradients. If passed as a string, must be a string representing a number,
+                           e.g., “1.0”, or the string “dynamic”.
         """
+        import torch  # lgtm [py/repeated-import]
         from torch.autograd import Variable
 
         if (
@@ -237,6 +239,8 @@ def generate(self, x: np.ndarray, y: np.ndarray, **kwargs) -> np.ndarray:
                   class only supports targeted attack.
         :return: An array holding the adversarial examples.
         """
+        import torch  # lgtm [py/repeated-import]
+
         # Start to compute adversarial examples
         adv_x = x.copy()
 
@@ -276,6 +280,8 @@ def _generate_batch(self, x: np.ndarray, y: np.ndarray) -> np.ndarray:
                   class only supports targeted attack.
         :return: A batch of adversarial examples.
         """
+        import torch  # lgtm [py/repeated-import]
+
         # First stage of attack
         successful_adv_input_1st_stage, original_input = self._attack_1st_stage(x=x, y=y)
         successful_perturbation_1st_stage = successful_adv_input_1st_stage - torch.tensor(original_input).to(
@@ -325,6 +331,8 @@ class only supports targeted attack.
                     - A tensor holding the candidate adversarial examples.
                     - An array holding the original inputs.
         """
+        import torch  # lgtm [py/repeated-import]
+
         # Compute local shape
         local_batch_size = len(x)
         real_lengths = np.array([x_.shape[0] for x_ in x])
@@ -493,6 +501,8 @@ class only supports targeted attack.
         :param original_max_psd_batch: Original maximum psd.
         :return: An array holding the candidate adversarial examples.
         """
+        import torch  # lgtm [py/repeated-import]
+
         # Compute local shape
         local_batch_size = len(x)
         real_lengths = np.array([x_.shape[0] for x_ in x])
@@ -596,6 +606,8 @@ def _forward_2nd_stage(
         :param original_max_psd_batch: Original maximum psd.
         :return: The loss tensor of the second stage of the attack.
         """
+        import torch  # lgtm [py/repeated-import]
+
         # Compute loss for masking threshold
         losses = []
         relu = torch.nn.ReLU()
@@ -744,6 +756,7 @@ def _psd_transform(self, delta: "torch.Tensor", original_max_psd: "torch.Tensor"
         :param original_max_psd: The maximum psd of the original audio.
         :return: The psd matrix.
         """
+        import torch  # lgtm [py/repeated-import]
         import torchaudio
 
         # These parameters are needed for the transformation

art/defences/detector/__init__.py

@@ -2,4 +2,4 @@
 Module implementing detector-based defences against adversarial attacks.
 """
 from art.defences.detector import evasion
-from art.defences.detector import poisoning
+from art.defences.detector import poison

art/defences/detector/poison/__init__.py

@@ -0,0 +1,10 @@
+"""
+Module implementing detector-based defences against poisoning attacks.
+"""
+from art.defences.detector.poison.poison_filtering_defence import PoisonFilteringDefence
+from art.defences.detector.poison.ground_truth_evaluator import GroundTruthEvaluator
+from art.defences.detector.poison.activation_defence import ActivationDefence
+from art.defences.detector.poison.clustering_analyzer import ClusteringAnalyzer
+from art.defences.detector.poison.provenance_defense import ProvenanceDefense
+from art.defences.detector.poison.roni import RONIDefense
+from art.defences.detector.poison.spectral_signature_defense import SpectralSignatureDefense

art/defences/detector/poisoning/activation_defence.py renamed to art/defences/detector/poison/activation_defence.py

@@ -38,9 +38,9 @@
 
 from art.config import ART_DATA_PATH
 from art.data_generators import DataGenerator
-from art.defences.detector.poisoning.clustering_analyzer import ClusteringAnalyzer
-from art.defences.detector.poisoning.ground_truth_evaluator import GroundTruthEvaluator
-from art.defences.detector.poisoning.poison_filtering_defence import PoisonFilteringDefence
+from art.defences.detector.poison.clustering_analyzer import ClusteringAnalyzer
+from art.defences.detector.poison.ground_truth_evaluator import GroundTruthEvaluator
+from art.defences.detector.poison.poison_filtering_defence import PoisonFilteringDefence
 from art.utils import segment_by_class
 from art.visualization import create_sprite, save_image, plot_3d
 

art/defences/detector/poisoning/clustering_analyzer.py renamed to art/defences/detector/poison/clustering_analyzer.py

@@ -29,8 +29,8 @@
 import numpy as np
 from sklearn.model_selection import train_test_split
 
-from art.defences.detector.poisoning.ground_truth_evaluator import GroundTruthEvaluator
-from art.defences.detector.poisoning.poison_filtering_defence import PoisonFilteringDefence
+from art.defences.detector.poison.ground_truth_evaluator import GroundTruthEvaluator
+from art.defences.detector.poison.poison_filtering_defence import PoisonFilteringDefence
 from art.utils import segment_by_class, performance_diff
 
 if TYPE_CHECKING:

art/defences/detector/poisoning/ground_truth_evaluator.py renamed to art/defences/detector/poison/ground_truth_evaluator.py

@@ -30,8 +30,8 @@
 import numpy as np
 from sklearn.model_selection import train_test_split
 
-from art.defences.detector.poisoning.ground_truth_evaluator import GroundTruthEvaluator
-from art.defences.detector.poisoning.poison_filtering_defence import PoisonFilteringDefence
+from art.defences.detector.poison.ground_truth_evaluator import GroundTruthEvaluator
+from art.defences.detector.poison.poison_filtering_defence import PoisonFilteringDefence
 from art.utils import performance_diff
 
 if TYPE_CHECKING:

art/defences/detector/poisoning/poison_filtering_defence.py renamed to art/defences/detector/poison/poison_filtering_defence.py

@@ -29,8 +29,8 @@
 
 import numpy as np
 
-from art.defences.detector.poisoning.ground_truth_evaluator import GroundTruthEvaluator
-from art.defences.detector.poisoning.poison_filtering_defence import PoisonFilteringDefence
+from art.defences.detector.poison.ground_truth_evaluator import GroundTruthEvaluator
+from art.defences.detector.poison.poison_filtering_defence import PoisonFilteringDefence
 
 if TYPE_CHECKING:
     from art.utils import CLASSIFIER_NEURALNETWORK_TYPE