Merge branch 'dev_1.7.0' into master

Author: beat-buesser

.github/workflows/ci-deepspeech-v2.yml

@@ -29,4 +29,4 @@ jobs:
       - name: Run Test Action
         uses: ./.github/actions/deepspeech-v2
       - name: Upload coverage to Codecov
-        uses: codecov/[email protected].0
+        uses: codecov/[email protected].2

.github/workflows/ci-lingvo.yml

@@ -60,4 +60,4 @@ jobs:
       - name: Run ${{ matrix.name }} Tests
         run: ./run_tests.sh ${{ matrix.framework }}
       - name: Upload coverage to Codecov
-        uses: codecov/[email protected].0
+        uses: codecov/[email protected].2

.github/workflows/ci-mxnet.yml

@@ -86,4 +86,4 @@ jobs:
       - name: Run ${{ matrix.name }} Tests
         run: ./run_tests.sh ${{ matrix.framework }}
       - name: Upload coverage to Codecov
-        uses: codecov/[email protected].0
+        uses: codecov/[email protected].2

.github/workflows/ci-pytorch-fasterrcnn.yml

@@ -46,4 +46,4 @@ jobs:
       - name: Run Test Action
         run: pytest --cov-report=xml --cov=art --cov-append -q -vv tests/estimators/object_detection/test_pytorch_faster_rcnn.py --framework=pytorch --skip_travis=True --durations=0
       - name: Upload coverage to Codecov
-        uses: codecov/[email protected].0
+        uses: codecov/[email protected].2

.github/workflows/ci.yml

@@ -133,4 +133,4 @@ jobs:
       - name: Run Tests
         run: ./run_tests.sh ${{ matrix.framework }}
       - name: Upload coverage to Codecov
-        uses: codecov/[email protected].0
+        uses: codecov/[email protected].2

AUTHORS

@@ -5,11 +5,12 @@
 # - Person <email address>
 
 - International Business Machines Corporation (IBM)
-- Two Six Labs, LLC
+- Two Six Technologies
 - Kyushu University
 - Intel Corporation
 - University of Chicago
 - The MITRE Corporation
+- General Motors Company
 - AGH University of Science and Technology
 - Rensselaer Polytechnic Institute (RPI)
 - IMT Atlantique

Dockerfile

@@ -31,6 +31,8 @@ RUN pip3 install lightgbm==2.3.1
 RUN pip3 install xgboost==1.1.1
 RUN pip3 install kornia==0.3.1
 
+RUN pip3 install lief==0.11.4
+
 RUN pip3 install pytest==5.4.1 pytest-pep8==1.0.6 pytest-mock==3.2.0 codecov==2.1.8 requests==2.24.0
 
 RUN mkdir /project; mkdir /project/TMP

README-cn.md

@@ -26,12 +26,21 @@
 （图像，表格，音频，视频等）和机器学习任务（分类，物体检测，语音识别，
 生成模型，认证等）。
 
+## Adversarial Threats
+
 <p align="center">
   <img src="docs/images/adversarial_threats_attacker.png?raw=true" width="400" title="ART logo">
   <img src="docs/images/adversarial_threats_art.png?raw=true" width="400" title="ART logo">
 </p>
 <br />
 
+## ART for Red and Blue Teams (selection)
+
+<p align="center">
+  <img src="docs/images/white_hat_blue_red.png?raw=true" width="800" title="ART Red and Blue Teams">
+</p>
+<br />
+
 ## 学到更多
 
 | **[开始使用][get-started]**     | **[文献资料][documentation]**     | **[贡献][contributing]**           |

README.md

@@ -27,12 +27,21 @@ adversarial threats of Evasion, Poisoning, Extraction, and Inference. ART suppor
 (images, tables, audio, video, etc.) and machine learning tasks (classification, object detection, speech recognition,
 generation, certification, etc.).
 
+## Adversarial Threats
+
 <p align="center">
   <img src="docs/images/adversarial_threats_attacker.png?raw=true" width="400" title="ART logo">
   <img src="docs/images/adversarial_threats_art.png?raw=true" width="400" title="ART logo">
 </p>
 <br />
 
+## ART for Red and Blue Teams (selection)
+
+<p align="center">
+  <img src="docs/images/white_hat_blue_red.png?raw=true" width="800" title="ART Red and Blue Teams">
+</p>
+<br />
+
 ## Learn more
 
 | **[Get Started][get-started]**     | **[Documentation][documentation]**     | **[Contributing][contributing]**           |

art/attacks/attack.py

@@ -93,9 +93,18 @@ class Attack(abc.ABC, metaclass=InputFilter):
     attack_params: List[str] = list()
     _estimator_requirements: Optional[Union[Tuple[Any, ...], Tuple[()]]] = None
 
-    def __init__(self, estimator):
+    def __init__(
+        self,
+        estimator,
+        tensor_board: Union[str, bool] = False,
+    ):
         """
         :param estimator: An estimator.
+        :param tensor_board: Activate summary writer for TensorBoard: Default is `False` and deactivated summary writer.
+                             If `True` save runs/CURRENT_DATETIME_HOSTNAME in current directory. Provide `path` in type
+                             `str` to save in path/CURRENT_DATETIME_HOSTNAME.
+                             Use hierarchical folder structure to compare between runs easily. e.g. pass in ‘runs/exp1’,
+                             ‘runs/exp2’, etc. for each new experiment to compare across them.
         """
         super().__init__()
 
@@ -106,6 +115,19 @@ def __init__(self, estimator):
             raise EstimatorError(self.__class__, self.estimator_requirements, estimator)
 
         self._estimator = estimator
+        self.tensor_board = tensor_board
+
+        if tensor_board:
+            from tensorboardX import SummaryWriter
+
+            if isinstance(tensor_board, str):
+                self.summary_writer = SummaryWriter(tensor_board)
+            else:
+                self.summary_writer = SummaryWriter()
+        else:
+            self.summary_writer = None
+
+        Attack._check_params(self)
 
     @property
     def estimator(self):
@@ -129,7 +151,9 @@ def set_params(self, **kwargs) -> None:
         self._check_params()
 
     def _check_params(self) -> None:
-        pass
+
+        if not isinstance(self.tensor_board, (bool, str)):
+            raise ValueError("The argument `tensor_board` has to be either of type bool or str.")
 
 
 class EvasionAttack(Attack):
@@ -305,12 +329,12 @@ def __init__(self, estimator):
     @abc.abstractmethod
     def infer(self, x: np.ndarray, y: Optional[np.ndarray] = None, **kwargs) -> np.ndarray:
         """
-        Infer sensitive properties (attributes, membership training records) from the targeted estimator. This method
+        Infer sensitive attributes from the targeted estimator. This method
         should be overridden by all concrete inference attack implementations.
 
         :param x: An array with reference inputs to be used in the attack.
         :param y: Labels for `x`. This parameter is only used by some of the attacks.
-        :return: An array holding the inferred properties.
+        :return: An array holding the inferred attribute values.
         """
         raise NotImplementedError
 
@@ -334,12 +358,41 @@ def __init__(self, estimator, attack_feature: Union[int, slice] = 0):
     @abc.abstractmethod
     def infer(self, x: np.ndarray, y: Optional[np.ndarray] = None, **kwargs) -> np.ndarray:
         """
-        Infer sensitive properties (attributes, membership training records) from the targeted estimator. This method
+        Infer sensitive attributes from the targeted estimator. This method
+        should be overridden by all concrete inference attack implementations.
+
+        :param x: An array with reference inputs to be used in the attack.
+        :param y: Labels for `x`. This parameter is only used by some of the attacks.
+        :return: An array holding the inferred attribute values.
+        """
+        raise NotImplementedError
+
+
+class MembershipInferenceAttack(InferenceAttack):
+    """
+    Abstract base class for membership inference attack classes.
+    """
+
+    def __init__(self, estimator: Union["CLASSIFIER_TYPE"]):
+        """
+        :param estimator: A trained estimator targeted for inference attack.
+        :type estimator: :class:`.art.estimators.estimator.BaseEstimator`
+        :param attack_feature: The index of the feature to be attacked.
+        """
+        super().__init__(estimator)
+
+    @abc.abstractmethod
+    def infer(self, x: np.ndarray, y: Optional[np.ndarray] = None, **kwargs) -> np.ndarray:
+        """
+        Infer membership status of samples from the target estimator. This method
         should be overridden by all concrete inference attack implementations.
 
         :param x: An array with reference inputs to be used in the attack.
         :param y: Labels for `x`. This parameter is only used by some of the attacks.
-        :return: An array holding the inferred properties.
+        :param probabilities: a boolean indicating whether to return the predicted probabilities per class, or just
+                              the predicted class.
+        :return: An array holding the inferred membership status (1 indicates member of training set,
+                 0 indicates non-member) or class probabilities.
         """
         raise NotImplementedError