Merge pull request #772 from Trusted-AI/development_maintenance_150

General maintenance updates

Author: beat-buesser

.github/workflows/ci.yml

@@ -49,10 +49,10 @@ jobs:
             tensorflow: 2.3.1
             tf_version: v2
             keras: 2.4.3
-          - name: TensorFlow 2.4.0rc2 (Keras 2.4.3 Python 3.8)
+          - name: TensorFlow 2.4.0rc3 (Keras 2.4.3 Python 3.8)
             framework: tensorflow
             python: 3.8
-            tensorflow: 2.4.0rc1
+            tensorflow: 2.4.0rc3
             tf_version: v2
             keras: 2.4.3
           - name: Keras 2.3.1 (TensorFlow 2.2.1 Python 3.7)
@@ -100,27 +100,30 @@ jobs:
         uses: actions/setup-python@v2
         with:
           python-version: ${{ matrix.python }}
+      - name: Install Dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get -y -q install ffmpeg libavcodec-extra
+          python -m pip install --upgrade pip setuptools wheel
+          pip3 install -q -r requirements.txt
+          pip list
       - name: Pre-install legacy
         if: ${{ matrix.framework == 'legacy' }}
         run: |
           pip install tensorflow==${{ matrix.tensorflow }}
           pip install keras==${{ matrix.keras }}
           pip install scikit-learn==${{ matrix.scikit-learn }}
+          pip list
       - name: Pre-install tensorflow
         if: ${{ matrix.framework == 'tensorflow' || matrix.framework == 'keras' || matrix.framework == 'kerastf' }}
         run: |
           pip install tensorflow==${{ matrix.tensorflow }}
           pip install keras==${{ matrix.keras }}
+          pip list
       - name: Pre-install scikit-learn
         if: ${{ matrix.framework == 'scikitlearn' }}
         run: |
           pip install scikit-learn==${{ matrix.scikit-learn }}
-      - name: Install Dependencies
-        run: |
-          sudo apt-get update
-          sudo apt-get -y -q install ffmpeg libavcodec-extra
-          python -m pip install --upgrade pip setuptools wheel
-          pip3 install -q -r requirements.txt
           pip list
       - name: Run ${{ matrix.name }} Tests
         run: ./run_tests.sh ${{ matrix.framework }}

CODE_OF_CONDUCT.md

@@ -1,5 +1,5 @@
-The Adversarial Robustness Toolbox is dedicated to providing a harassment-free experience for everyone, regardless of gender, gender identity and expression, sexual orientation, disability, physical appearance, body size, age, race, or religion. We do not tolerate harassment of participants in any form.
+The Adversarial Robustness Toolbox (ART) is dedicated to providing a harassment-free experience for everyone, regardless of gender, gender identity and expression, sexual orientation, disability, physical appearance, body size, age, race, or religion. We do not tolerate harassment of participants in any form.
 
-This code of conduct applies to all Adversarial Robustness Toolbox spaces, both online and off. Anyone who violates this code of conduct may be sanctioned or expelled from these spaces at the discretion of the IBM Research AI team.
+This code of conduct applies to all Adversarial Robustness Toolbox spaces, both online and off. Anyone who violates this code of conduct may be sanctioned or expelled from these spaces at the discretion of the Trusted-AI team.
 
 We may add additional rules over time, which will be made clearly available to participants. Participants are responsible for knowing and abiding by these rules.

Makefile

@@ -1,13 +1,13 @@
 PROJECT_HOME_DIR := ${CURDIR}
 
 build:
-    # Builds a Tensorflow 2 ART docker container
+    # Builds a TensorFlow 2 ART docker container
     # IMPORTANT ! If you have an existing python env folder make sure to first add it to the `.dockerIgnore` \
     to reduce the size of your the art docker image
 	docker build -t project-art-tf2 .
 
 build1:
-	# Builds a Tensorflow 1 ART docker container
+	# Builds a TensorFlow 1 ART docker container
     # IMPORTANT ! If you have an existing python env folder make sure to first add it to the `.dockerIgnore` \
     to reduce the size of your the art docker image
 	docker build -t project-art-tf1 .

art/attacks/evasion/__init__.py

@@ -4,17 +4,26 @@
 from art.attacks.evasion.adversarial_patch.adversarial_patch import AdversarialPatch
 from art.attacks.evasion.adversarial_patch.adversarial_patch_numpy import AdversarialPatchNumpy
 from art.attacks.evasion.adversarial_patch.adversarial_patch_tensorflow import AdversarialPatchTensorFlowV2
+from art.attacks.evasion.auto_attack import AutoAttack
+from art.attacks.evasion.auto_projected_gradient_descent import AutoProjectedGradientDescent
+from art.attacks.evasion.brendel_bethge import BrendelBethgeAttack
 from art.attacks.evasion.boundary import BoundaryAttack
 from art.attacks.evasion.carlini import CarliniL2Method, CarliniLInfMethod
 from art.attacks.evasion.decision_tree_attack import DecisionTreeAttack
 from art.attacks.evasion.deepfool import DeepFool
+from art.attacks.evasion.dpatch import DPatch
+from art.attacks.evasion.dpatch_robust import RobustDPatch
 from art.attacks.evasion.elastic_net import ElasticNet
 from art.attacks.evasion.fast_gradient import FastGradientMethod
+from art.attacks.evasion.frame_saliency import FrameSaliencyAttack
+from art.attacks.evasion.feature_adversaries import FeatureAdversaries
 from art.attacks.evasion.hclu import HighConfidenceLowUncertainty
 from art.attacks.evasion.hop_skip_jump import HopSkipJump
 from art.attacks.evasion.imperceptible_asr.imperceptible_asr import ImperceptibleASR
+from art.attacks.evasion.imperceptible_asr.imperceptible_asr_pytorch import ImperceptibleASRPyTorch
 from art.attacks.evasion.iterative_method import BasicIterativeMethod
 from art.attacks.evasion.newtonfool import NewtonFool
+from art.attacks.evasion.pixel_threshold import PixelAttack
 from art.attacks.evasion.projected_gradient_descent.projected_gradient_descent import ProjectedGradientDescent
 from art.attacks.evasion.projected_gradient_descent.projected_gradient_descent_numpy import (
     ProjectedGradientDescentNumpy,
@@ -26,23 +35,14 @@
     ProjectedGradientDescentTensorFlowV2,
 )
 from art.attacks.evasion.saliency_map import SaliencyMapMethod
+from art.attacks.evasion.shadow_attack import ShadowAttack
+from art.attacks.evasion.shapeshifter import ShapeShifter
+from art.attacks.evasion.simba import SimBA
 from art.attacks.evasion.spatial_transformation import SpatialTransformation
+from art.attacks.evasion.square_attack import SquareAttack
+from art.attacks.evasion.pixel_threshold import ThresholdAttack
 from art.attacks.evasion.universal_perturbation import UniversalPerturbation
 from art.attacks.evasion.targeted_universal_perturbation import TargetedUniversalPerturbation
 from art.attacks.evasion.virtual_adversarial import VirtualAdversarialMethod
 from art.attacks.evasion.wasserstein import Wasserstein
 from art.attacks.evasion.zoo import ZooAttack
-from art.attacks.evasion.pixel_threshold import PixelAttack
-from art.attacks.evasion.pixel_threshold import ThresholdAttack
-from art.attacks.evasion.frame_saliency import FrameSaliencyAttack
-from art.attacks.evasion.feature_adversaries import FeatureAdversaries
-from art.attacks.evasion.dpatch import DPatch
-from art.attacks.evasion.shadow_attack import ShadowAttack
-from art.attacks.evasion.auto_attack import AutoAttack
-from art.attacks.evasion.auto_projected_gradient_descent import AutoProjectedGradientDescent
-from art.attacks.evasion.square_attack import SquareAttack
-from art.attacks.evasion.simba import SimBA
-from art.attacks.evasion.shapeshifter import ShapeShifter
-from art.attacks.evasion.imperceptible_asr.imperceptible_asr_pytorch import ImperceptibleASRPytorch
-from art.attacks.evasion.brendel_bethge import BrendelBethgeAttack
-from art.attacks.evasion.dpatch_robust import RobustDPatch

art/attacks/evasion/brendel_bethge.py

@@ -2104,17 +2104,10 @@ def generate(
         """
         Applies the Brendel & Bethge attack.
 
-        Parameters
-        ----------
-        inputs : Tensor that matches model type
-            The original clean inputs.
-        criterion : Callable
-            A callable that returns true if the given logits of perturbed
-            inputs should be considered adversarial w.r.t. to the given labels
-            and unperturbed inputs.
-        starting_point : Tensor of same type and shape as inputs
-            Adversarial inputs to use as a starting points, in particular
-            for targeted attacks.
+        :param x: The original clean inputs.
+        :param y: The labels for inputs `x`.
+        :param starting_points: Adversarial inputs to use as a starting points, in particular for targeted attacks.
+        :param early_stop: Early-stopping criteria.
         """
         originals = x.copy()
 

art/attacks/evasion/dpatch.py

@@ -225,7 +225,7 @@ def generate(
         return self._patch
 
     @staticmethod
-    @deprecated_keyword_arg("channel_index", end_version="1.5.0", replaced_by="channels_first")
+    @deprecated_keyword_arg("channel_index", end_version="1.6.0", replaced_by="channels_first")
     def _augment_images_with_patch(
         x: np.ndarray,
         patch: np.ndarray,
@@ -249,7 +249,7 @@ def _augment_images_with_patch(
                      center location of the patch during sampling.
         :type mask: `np.ndarray`
         """
-        # Remove in 1.5.0
+        # Remove in 1.6.0
         if channel_index == 3:
             channels_first = False
         elif channel_index == 1:

art/attacks/evasion/dpatch_robust.py

@@ -170,10 +170,7 @@ def generate(self, x: np.ndarray, y: Optional[np.ndarray] = None, **kwargs) -> n
                         x[i_batch_start:i_batch_end], self._patch, channels_first=self.estimator.channels_first
                     )
 
-                    gradients = self.estimator.loss_gradient(
-                        x=patched_images,
-                        y=patch_target,
-                    )
+                    gradients = self.estimator.loss_gradient(x=patched_images, y=patch_target,)
 
                     gradients = self._untransform_gradients(
                         gradients, transforms, channels_first=self.estimator.channels_first
@@ -191,9 +188,7 @@ def generate(self, x: np.ndarray, y: Optional[np.ndarray] = None, **kwargs) -> n
 
             if self.estimator.clip_values is not None:
                 self._patch = np.clip(
-                    self._patch,
-                    a_min=self.estimator.clip_values[0],
-                    a_max=self.estimator.clip_values[1],
+                    self._patch, a_min=self.estimator.clip_values[0], a_max=self.estimator.clip_values[1],
                 )
 
         return self._patch
@@ -209,7 +204,7 @@ def _augment_images_with_patch(
         :param channels_first: Set channels first or last.
         """
 
-        transformations = dict()
+        transformations: Dict[str, Union[float, int]] = dict()
         x_copy = x.copy()
         patch_copy = patch.copy()
         x_patch = x.copy()
@@ -267,10 +262,7 @@ def _augment_images_with_patch(
         return x_patch, patch_target, transformations
 
     def _untransform_gradients(
-        self,
-        gradients: np.ndarray,
-        transforms: Dict[str, Union[int, float]],
-        channels_first: bool,
+        self, gradients: np.ndarray, transforms: Dict[str, Union[int, float]], channels_first: bool,
     ) -> np.ndarray:
         """
         Revert transformation on gradients.
@@ -291,8 +283,8 @@ def _untransform_gradients(
         gradients = np.rot90(gradients, rot90, (1, 2))
 
         # Account for cropping when considering the upper left point of the patch:
-        x_1 = self.patch_location[0] - transforms["crop_x"]
-        y_1 = self.patch_location[1] - transforms["crop_y"]
+        x_1 = self.patch_location[0] - int(transforms["crop_x"])
+        y_1 = self.patch_location[1] - int(transforms["crop_y"])
         x_2 = x_1 + self.patch_shape[0]
         y_2 = y_1 + self.patch_shape[1]
         gradients = gradients[:, x_1:x_2, y_1:y_2, :]

art/attacks/evasion/feature_adversaries.py

@@ -83,8 +83,6 @@ def generate(self, x: np.ndarray, y: Optional[np.ndarray] = None, **kwargs) -> n
                        `scipy.optimize.show_options(solver='minimize', method='L-BFGS-B')`:
                        Minimize a scalar function of one or more variables using the L-BFGS-B algorithm.
 
-                       Options
-                       -------
                        disp : None or int
                            If `disp is None` (the default), then the supplied version of `iprint`
                            is used. If `disp is not None`, then it overrides the supplied version
@@ -120,8 +118,6 @@ def generate(self, x: np.ndarray, y: Optional[np.ndarray] = None, **kwargs) -> n
                        maxls : int, optional
                            Maximum number of line search steps (per iteration). Default is 20.
 
-                       Notes
-                       -----
                        The option `ftol` is exposed via the `scipy.optimize.minimize` interface,
                        but calling `scipy.optimize.fmin_l_bfgs_b` directly exposes `factr`. The
                        relationship between the two is ``ftol = factr * numpy.finfo(float).eps``.

art/attacks/evasion/imperceptible_asr/imperceptible_asr.py

@@ -388,7 +388,7 @@ def _loss_gradient_masking_threshold_torch(
 
         See also `ImperceptibleASR._loss_gradient_masking_threshold_tf`.
         """
-        import torch
+        import torch  # lgtm [py/import-and-import-from]
 
         # define tensors
         perturbation_torch = torch.from_numpy(perturbation).to(self.estimator._device)
@@ -453,7 +453,7 @@ def _approximate_power_spectral_density_torch(
 
         See also `ImperceptibleASR._approximate_power_spectral_density_tf`.
         """
-        import torch
+        import torch  # lgtm [py/import-and-import-from]
 
         # compute short-time Fourier transform (STFT)
         stft_matrix = torch.stft(
@@ -540,10 +540,10 @@ def __init__(self, window_size: int = 2048, hop_size: int = 512, sample_rate: in
 
     def calculate_threshold_and_psd_maximum(self, audio: np.ndarray) -> Tuple[np.ndarray, np.ndarray]:
         """
-        Compute the global masking threshold for an audio input and also return its maxium power spectral density.
+        Compute the global masking threshold for an audio input and also return its maximum power spectral density.
 
         This method is the main method to call in order to obtain global masking thresholds for an audio input. It also
-        returns the maxium power spectral density (PSD) for each frame. Given an audio input, the following steps are
+        returns the maximum power spectral density (PSD) for each frame. Given an audio input, the following steps are
         performed:
 
         1. STFT analysis and sound pressure level normalization
@@ -630,7 +630,8 @@ def power_spectral_density(self, audio: np.ndarray) -> Tuple[np.ndarray, np.ndar
         Compute the power spectral density matrix for an audio input.
 
         :param audio: Audio sample of shape `(length,)`.
-        :return: PSD matrix of shape `(window_size // 2 + 1, frame_length)` and maxium vector of shape `(frame_length)`.
+        :return: PSD matrix of shape `(window_size // 2 + 1, frame_length)` and maximum vector of shape
+        `(frame_length)`.
         """
         # compute short-time Fourier transform (STFT)
         stft_params = {

art/attacks/evasion/imperceptible_asr/imperceptible_asr_pytorch.py

@@ -18,7 +18,7 @@
 """
 This module implements the imperceptible, robust, and targeted attack to generate adversarial examples for automatic
 speech recognition models. This attack will be implemented specifically for DeepSpeech model and is framework dependent,
-specifically for Pytorch.
+specifically for PyTorch.
 
 | Paper link: https://arxiv.org/abs/1903.10346
 """
@@ -44,11 +44,11 @@
 logger = logging.getLogger(__name__)
 
 
-class ImperceptibleASRPytorch(EvasionAttack):
+class ImperceptibleASRPyTorch(EvasionAttack):
     """
     This class implements the imperceptible, robust, and targeted attack to generate adversarial examples for automatic
     speech recognition models. This attack will be implemented specifically for DeepSpeech model and is framework
-    dependent, specifically for Pytorch.
+    dependent, specifically for PyTorch.
 
     | Paper link: https://arxiv.org/abs/1903.10346
     """
@@ -108,7 +108,7 @@ def __init__(
         opt_level: str = "O1",
     ):
         """
-        Create a :class:`.ImperceptibleASRPytorch` instance.
+        Create a :class:`.ImperceptibleASRPyTorch` instance.
 
         :param estimator: A trained estimator.
         :param initial_eps: Initial maximum perturbation that the attacker can introduce.
@@ -236,7 +236,7 @@ class only supports targeted attack.
 
         if y is None:
             raise ValueError(
-                "`ImperceptibleASRPytorch` is a targeted attack and requires the definition of target"
+                "`ImperceptibleASRPyTorch` is a targeted attack and requires the definition of target"
                 "labels `y`. Currently `y` is set to `None`."
             )