Merge branch 'dev_1.15.1' into update_trades

beat-buesser · web-flow · commit 6f96a439aa7f · 2023-08-16T14:33:11.000+02:00
diff --git a/.github/workflows/dockerhub.yml b/.github/workflows/dockerhub.yml
@@ -35,7 +35,7 @@ jobs:
         with:
           images: adversarialrobustnesstoolbox/releases
           tags: |
-            type=raw,value={{branch}}-1.14.1-{{sha}}
+            type=raw,value={{branch}}-1.15.0-{{sha}}
             type=semver,pattern={{version}}
 
       - name: Build and push Docker image
diff --git a/README-cn.md b/README-cn.md
@@ -1,4 +1,4 @@
-# Adversarial Robustness Toolbox (ART) v1.14
+# Adversarial Robustness Toolbox (ART) v1.15
 <p align="center">
   <img src="docs/images/art_lfai.png?raw=true" width="467" title="ART logo">
 </p>
diff --git a/README.md b/README.md
@@ -1,4 +1,4 @@
-# Adversarial Robustness Toolbox (ART) v1.14
+# Adversarial Robustness Toolbox (ART) v1.15
 <p align="center">
   <img src="docs/images/art_lfai.png?raw=true" width="467" title="ART logo">
 </p>
diff --git a/art/__init__.py b/art/__init__.py
@@ -12,7 +12,7 @@
 from art import preprocessing
 
 # Semantic Version
-__version__ = "1.14.1"
+__version__ = "1.15.0"
 
 # pylint: disable=C0103
 
diff --git a/art/attacks/evasion/auto_conjugate_gradient.py b/art/attacks/evasion/auto_conjugate_gradient.py
@@ -463,7 +463,9 @@ def generate(self, x: np.ndarray, y: Optional[np.ndarray] = None, **kwargs) -> n
 
                 # self.eta = np.full((self.batch_size, 1, 1, 1), 2 * self.eps_step).astype(ART_NUMPY_DTYPE)
                 _batch_size = x_k.shape[0]
-                eta = np.full((_batch_size, 1, 1, 1), self.eps_step).astype(ART_NUMPY_DTYPE)
+                eta = np.full((_batch_size,) + (1,) * len(self.estimator.input_shape), self.eps_step).astype(
+                    ART_NUMPY_DTYPE
+                )
                 self.count_condition_1 = np.zeros(shape=(_batch_size,))
                 gradk_1 = np.zeros_like(x_k)
                 cgradk_1 = np.zeros_like(x_k)
@@ -650,4 +652,4 @@ def get_beta(gradk, gradk_1, cgradk_1):
     betak = -(_gradk * delta_gradk).sum(axis=1) / (
         (_cgradk_1 * delta_gradk).sum(axis=1) + np.finfo(ART_NUMPY_DTYPE).eps
     )
-    return betak.reshape((_batch_size, 1, 1, 1))
+    return betak.reshape((_batch_size,) + (1,) * (len(gradk.shape) - 1))
diff --git a/art/attacks/evasion/auto_projected_gradient_descent.py b/art/attacks/evasion/auto_projected_gradient_descent.py
@@ -458,7 +458,9 @@ def generate(self, x: np.ndarray, y: Optional[np.ndarray] = None, **kwargs) -> n
 
                 # modification for image-wise stepsize update
                 _batch_size = x_k.shape[0]
-                eta = np.full((_batch_size, 1, 1, 1), self.eps_step).astype(ART_NUMPY_DTYPE)
+                eta = np.full((_batch_size,) + (1,) * len(self.estimator.input_shape), self.eps_step).astype(
+                    ART_NUMPY_DTYPE
+                )
                 self.count_condition_1 = np.zeros(shape=(_batch_size,))
 
                 for k_iter in trange(self.max_iter, desc="AutoPGD - iteration", leave=False, disable=not self.verbose):
diff --git a/art/attacks/poisoning/perturbations/image_perturbations.py b/art/attacks/poisoning/perturbations/image_perturbations.py
@@ -21,7 +21,6 @@
 from typing import Optional, Tuple
 
 import numpy as np
-from PIL import Image
 
 
 def add_single_bd(x: np.ndarray, distance: int = 2, pixel_value: int = 1) -> np.ndarray:
@@ -112,6 +111,8 @@ def insert_image(
     :param blend: The blending factor
     :return: Backdoored image.
     """
+    from PIL import Image
+
     n_dim = len(x.shape)
     if n_dim == 4:
         return np.array(
diff --git a/art/defences/detector/poison/clustering_analyzer.py b/art/defences/detector/poison/clustering_analyzer.py
@@ -68,10 +68,9 @@ def analyze_by_size(self, separated_clusters: List[np.ndarray]) -> Tuple[np.ndar
         all_assigned_clean = []
         nb_classes = len(separated_clusters)
         nb_clusters = len(np.unique(separated_clusters[0]))
-        summary_poison_clusters: np.ndarray = np.zeros((nb_classes, nb_clusters))
+        summary_poison_clusters: np.ndarray = np.zeros((nb_classes, nb_clusters), dtype=object)
 
         for i, clusters in enumerate(separated_clusters):
-
             # assume that smallest cluster is poisonous and all others are clean
             sizes = np.bincount(clusters)
             total_dp_in_class = np.sum(sizes)
@@ -98,8 +97,8 @@ def analyze_by_size(self, separated_clusters: List[np.ndarray]) -> Tuple[np.ndar
 
             report["Class_" + str(i)] = report_class
 
-        report["suspicious_clusters"] = report["suspicious_clusters"] + np.sum(summary_poison_clusters).item()
-        return np.asarray(all_assigned_clean), summary_poison_clusters, report
+        report["suspicious_clusters"] = report["suspicious_clusters"] + np.sum(summary_poison_clusters)
+        return np.asarray(all_assigned_clean, dtype=object), summary_poison_clusters, report
 
     def analyze_by_distance(
         self,
@@ -187,7 +186,7 @@ def analyze_by_distance(
             assigned_clean = self.assign_class(clusters, clean_clusters, np.array(poison_clusters))
             all_assigned_clean.append(assigned_clean)
 
-        all_assigned_clean_array = np.asarray(all_assigned_clean)
+        all_assigned_clean_array = np.asarray(all_assigned_clean, dtype=object)
         return all_assigned_clean_array, summary_poison_clusters, report
 
     def analyze_by_relative_size(
diff --git a/art/defences/preprocessor/spatial_smoothing.py b/art/defences/preprocessor/spatial_smoothing.py
@@ -30,7 +30,7 @@
 from typing import Optional, Tuple
 
 import numpy as np
-from scipy.ndimage.filters import median_filter
+from scipy.ndimage import median_filter
 
 from art.utils import CLIP_VALUES_TYPE
 from art.defences.preprocessor.preprocessor import Preprocessor
diff --git a/art/estimators/object_detection/pytorch_object_detector.py b/art/estimators/object_detection/pytorch_object_detector.py
@@ -219,7 +219,10 @@ def _preprocess_and_convert_inputs(
 
             # Set gradients
             if not no_grad:
-                x_tensor.requires_grad = True
+                if x_tensor.is_leaf:
+                    x_tensor.requires_grad = True
+                else:
+                    x_tensor.retain_grad()
 
             # Apply framework-specific preprocessing
             x_preprocessed, y_preprocessed = self._apply_preprocessing(x=x_tensor, y=y_tensor, fit=fit, no_grad=no_grad)
diff --git a/art/visualization.py b/art/visualization.py
@@ -25,7 +25,6 @@
 from typing import List, Optional, TYPE_CHECKING
 
 import numpy as np
-from PIL import Image
 
 from art import config
 
@@ -97,6 +96,8 @@ def save_image(image_array: np.ndarray, f_name: str) -> None:
     :param image_array: Image to be saved.
     :param f_name: File name containing extension e.g., my_img.jpg, my_img.png, my_images/my_img.png.
     """
+    from PIL import Image
+
     file_name = os.path.join(config.ART_DATA_PATH, f_name)
     folder = os.path.split(file_name)[0]
     if not os.path.exists(folder):
diff --git a/docs/conf.py b/docs/conf.py
@@ -25,9 +25,9 @@
 author = "Maria-Irina Nicolae"
 
 # The short X.Y version
-version = "1.14"
+version = "1.15"
 # The full version, including alpha/beta/rc tags
-release = "1.14.1"
+release = "1.15.0"
 
 
 # -- General configuration ---------------------------------------------------
diff --git a/examples/adversarial_training_FBF.py b/examples/adversarial_training_FBF.py
@@ -11,7 +11,7 @@
 import torchvision.transforms as transforms
 from torch.utils.data import Dataset, DataLoader
 
-from art.classifiers import PyTorchClassifier
+from art.estimators.classification import PyTorchClassifier
 from art.data_generators import PyTorchDataGenerator
 from art.defences.trainer import AdversarialTrainerFBFPyTorch
 from art.utils import load_cifar10
diff --git a/examples/adversarial_training_data_augmentation.py b/examples/adversarial_training_data_augmentation.py
@@ -1,6 +1,10 @@
 """
 This is an example of how to use ART and Keras to perform adversarial training using data generators for CIFAR10
 """
+import tensorflow as tf
+
+tf.compat.v1.disable_eager_execution()
+
 import keras
 import numpy as np
 from keras.layers import Conv2D, Dense, Flatten, MaxPooling2D, Input, BatchNormalization
diff --git a/examples/get_started_lightgbm.py b/examples/get_started_lightgbm.py
@@ -27,7 +27,7 @@
 
 # Step 2: Create the model
 
-params = {"objective": "multiclass", "metric": "multi_logloss", "num_class": 10}
+params = {"objective": "multiclass", "metric": "multi_logloss", "num_class": 10, "force_col_wise": True}
 train_set = lgb.Dataset(x_train, label=np.argmax(y_train, axis=1))
 test_set = lgb.Dataset(x_test, label=np.argmax(y_test, axis=1))
 model = lgb.train(params=params, train_set=train_set, num_boost_round=100, valid_sets=[test_set])
diff --git a/examples/get_started_xgboost.py b/examples/get_started_xgboost.py
@@ -27,7 +27,7 @@
 
 # Step 2: Create the model
 
-params = {"objective": "multi:softprob", "metric": "accuracy", "num_class": 10}
+params = {"objective": "multi:softprob", "eval_metric": ["mlogloss", "merror"], "num_class": 10}
 dtrain = xgb.DMatrix(x_train, label=np.argmax(y_train, axis=1))
 dtest = xgb.DMatrix(x_test, label=np.argmax(y_test, axis=1))
 evals = [(dtest, "test"), (dtrain, "train")]
diff --git a/examples/mnist_cnn_fgsm.py b/examples/mnist_cnn_fgsm.py
@@ -2,6 +2,10 @@
 """Trains a convolutional neural network on the MNIST dataset, then attacks it with the FGSM attack."""
 from __future__ import absolute_import, division, print_function, unicode_literals
 
+import tensorflow as tf
+
+tf.compat.v1.disable_eager_execution()
+
 from keras.models import Sequential
 from keras.layers import Dense, Flatten, Conv2D, MaxPooling2D, Dropout
 import numpy as np
@@ -35,12 +39,16 @@
 acc = np.sum(preds == np.argmax(y_test, axis=1)) / y_test.shape[0]
 print("\nTest accuracy: %.2f%%" % (acc * 100))
 
-# Craft adversarial samples with FGSM
-epsilon = 0.1  # Maximum perturbation
-adv_crafter = FastGradientMethod(classifier, eps=epsilon)
-x_test_adv = adv_crafter.generate(x=x_test)
+# Define epsilon values
+epsilon_values = [0.01, 0.1, 0.15, 0.2, 0.25, 0.3]
 
-# Evaluate the classifier on the adversarial examples
-preds = np.argmax(classifier.predict(x_test_adv), axis=1)
-acc = np.sum(preds == np.argmax(y_test, axis=1)) / y_test.shape[0]
-print("\nTest accuracy on adversarial sample: %.2f%%" % (acc * 100))
+# Iterate over epsilon values
+for epsilon in epsilon_values:
+    # Craft adversarial samples with FGSM
+    adv_crafter = FastGradientMethod(classifier, eps=epsilon)
+    x_test_adv = adv_crafter.generate(x=x_test, y=y_test)
+
+    # Evaluate the classifier on the adversarial examples
+    preds = np.argmax(classifier.predict(x_test_adv), axis=1)
+    acc = np.sum(preds == np.argmax(y_test, axis=1)) / y_test.shape[0]
+    print("Test accuracy on adversarial sample (epsilon = %.2f): %.2f%%" % (epsilon, acc * 100))
diff --git a/examples/mnist_poison_detection.py b/examples/mnist_poison_detection.py
@@ -5,7 +5,9 @@
 
 import pprint
 import json
+import tensorflow as tf
 
+tf.compat.v1.disable_eager_execution()
 from keras.models import Sequential
 from keras.layers import Dense, Flatten, Conv2D, MaxPooling2D, Dropout
 import numpy as np
diff --git a/examples/mnist_transferability.py b/examples/mnist_transferability.py
@@ -12,6 +12,8 @@
 import numpy as np
 import tensorflow as tf
 
+tf.compat.v1.disable_eager_execution()
+
 from art.attacks.evasion import DeepFool
 from art.estimators.classification import KerasClassifier, TensorFlowClassifier
 from art.utils import load_mnist
@@ -60,7 +62,7 @@ def cnn_mnist_k(input_shape):
 
 
 # Get session
-session = tf.Session()
+session = tf.compat.v1.Session()
 k.set_session(session)
 
 # Read MNIST dataset
diff --git a/notebooks/expectation_over_transformation_classification_rotation.ipynb b/notebooks/expectation_over_transformation_classification_rotation.ipynb

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-# Adversarial Robustness Toolbox (ART) v1.14`
	`1`	`+# Adversarial Robustness Toolbox (ART) v1.15`
`2`	`2`	`<p align="center">`
`3`	`3`	`<img src="docs/images/art_lfai.png?raw=true" width="467" title="ART logo">`
`4`	`4`	`</p>`