Merge pull request #1757 from Trusted-AI/dev_1.11.0

Update to ART 1.11.0

Author: beat-buesser

.github/actions/yolo/Dockerfile

@@ -0,0 +1,33 @@
+# Get base from a pytorch image
+FROM pytorch/pytorch:1.11.0-cuda11.3-cudnn8-runtime
+
+# Set to install things in non-interactive mode
+ENV DEBIAN_FRONTEND noninteractive
+
+# Install system wide software
+RUN apt-get update \
+     && apt-get install -y \
+        libgl1-mesa-glx \
+        libx11-xcb1 \
+        git \
+        gcc \
+        mono-mcs \
+        cmake \
+        libavcodec-extra \
+        ffmpeg \
+        curl \
+        wget \
+     && apt-get clean all \
+     && rm -r /var/lib/apt/lists/*
+
+RUN pip install six setuptools tqdm
+RUN pip install numpy==1.21.6 scipy==1.8.1 scikit-learn==1.1.1 numba==0.55.1
+RUN pip install torch==1.11.0
+RUN pip install tensorflow==2.9.1
+RUN pip install pytest-cov
+
+# Install necessary libraries for Yolo v3
+RUN pip install pytorchyolo==1.6.2
+
+RUN cd /tmp/ && git clone https://github.com/eriklindernoren/PyTorch-YOLOv3.git
+RUN cd PyTorch-YOLOv3/weights && ./download_weights.sh

.github/actions/yolo/action.yml

@@ -0,0 +1,7 @@
+name: 'Test YOLO'
+description: 'Run tests for YOLO'
+runs:
+  using: 'composite'
+  steps:
+    - run: $GITHUB_ACTION_PATH/run.sh
+      shell: bash

.github/actions/yolo/run.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+exit_code=0
+
+pytest --cov-report=xml --cov=art --cov-append -q -vv tests/estimators/object_detection/test_pytorch_yolo.py --framework=pytorch --durations=0
+if [[ $? -ne 0 ]]; then exit_code=1; echo "Failed estimators/speech_recognition/test_pytorch_yolo tests"; fi
+
+exit ${exit_code}

.github/workflows/ci-yolo.yml

@@ -0,0 +1,34 @@
+name: CI PyTorchYolo
+on:
+  # Run on manual trigger
+  workflow_dispatch:
+
+  # Run on pull requests
+  pull_request:
+    paths-ignore:
+      - '*.md'
+
+  # Run when pushing to main or dev branches
+  push:
+    branches:
+      - main
+      - dev*
+
+  # Run scheduled CI flow daily
+  schedule:
+    - cron: '0 8 * * 0'
+
+jobs:
+  test_deepspeech_v3_torch_1_10:
+    name: PyTorchYolo
+    runs-on: ubuntu-latest
+    container: adversarialrobustnesstoolbox/art_testing_envs:yolo
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@v3
+      - name: Run Test Action
+        uses: ./.github/actions/yolo
+      - name: Upload coverage to Codecov
+        uses: codecov/codecov-action@v3
+        with:
+          fail_ci_if_error: true

AUTHORS

@@ -16,3 +16,4 @@
 - IMT Atlantique
 - Johns Hopkins University
 - Troj.AI
+- VMware Inc.

art/attacks/evasion/__init__.py

@@ -30,6 +30,7 @@
 from art.attacks.evasion.iterative_method import BasicIterativeMethod
 from art.attacks.evasion.laser_attack.laser_attack import LaserAttack
 from art.attacks.evasion.lowprofool import LowProFool
+from art.attacks.evasion.momentum_iterative_method import MomentumIterativeMethod
 from art.attacks.evasion.newtonfool import NewtonFool
 from art.attacks.evasion.pe_malware_attack import MalwareGDTensorFlow
 from art.attacks.evasion.pixel_threshold import PixelAttack
@@ -56,3 +57,4 @@
 from art.attacks.evasion.virtual_adversarial import VirtualAdversarialMethod
 from art.attacks.evasion.wasserstein import Wasserstein
 from art.attacks.evasion.zoo import ZooAttack
+from art.attacks.evasion.sign_opt import SignOPTAttack

art/attacks/evasion/adversarial_patch/adversarial_patch.py

@@ -56,6 +56,7 @@ class AdversarialPatch(EvasionAttack):
         "learning_rate",
         "max_iter",
         "batch_size",
+        "targeted",
         "verbose",
     ]
 
@@ -71,6 +72,7 @@ def __init__(
         max_iter: int = 500,
         batch_size: int = 16,
         patch_shape: Optional[Tuple[int, int, int]] = None,
+        targeted: bool = True,
         verbose: bool = True,
     ):
         """
@@ -89,6 +91,7 @@ def __init__(
         :param patch_shape: The shape of the adversarial patch as a tuple of shape (width, height, nb_channels).
                             Currently only supported for `TensorFlowV2Classifier`. For classifiers of other frameworks
                             the `patch_shape` is set to the shape of the input samples.
+        :param targeted: Indicates whether the attack is targeted (True) or untargeted (False).
         :param verbose: Show progress bars.
         """
         super().__init__(estimator=classifier)
@@ -106,6 +109,7 @@ def __init__(
                 max_iter=max_iter,
                 batch_size=batch_size,
                 patch_shape=patch_shape,
+                targeted=targeted,
                 verbose=verbose,
             )
         elif isinstance(self.estimator, PyTorchClassifier):
@@ -121,6 +125,7 @@ def __init__(
                     batch_size=batch_size,
                     patch_shape=patch_shape,
                     patch_type="circle",
+                    targeted=targeted,
                     verbose=verbose,
                 )
             else:
@@ -134,6 +139,7 @@ def __init__(
                 learning_rate=learning_rate,
                 max_iter=max_iter,
                 batch_size=batch_size,
+                targeted=targeted,
                 verbose=verbose,
             )
         self._check_params()
@@ -241,5 +247,8 @@ def _check_params(self) -> None:
         if not self._attack.batch_size > 0:
             raise ValueError("The batch size must be greater than 0.")
 
+        if not isinstance(self._attack.targeted, bool):
+            raise ValueError("The argument `targeted` has to be of type bool.")
+
         if not isinstance(self._attack.verbose, bool):
             raise ValueError("The argument `verbose` has to be of type bool.")

art/attacks/evasion/adversarial_patch/adversarial_patch_numpy.py

@@ -74,6 +74,7 @@ def __init__(
         max_iter: int = 500,
         clip_patch: Union[list, tuple, None] = None,
         batch_size: int = 16,
+        targeted: bool = True,
         verbose: bool = True,
     ) -> None:
         """
@@ -92,6 +93,8 @@ def __init__(
         :param clip_patch: The minimum and maximum values for each channel in the form
                [(float, float), (float, float), (float, float)].
         :param batch_size: The size of the training batch.
+        :param targeted: Indicates whether the attack is targeted (True) or untargeted (False). Currently only targeted
+               attacks are supported.
         :param verbose: Show progress bars.
         """
         super().__init__(estimator=classifier)
@@ -104,6 +107,7 @@ def __init__(
         self.max_iter = max_iter
         self.batch_size = batch_size
         self.clip_patch = clip_patch
+        self.targeted = targeted
         self.verbose = verbose
         self._check_params()
 
@@ -299,6 +303,12 @@ def _check_params(self) -> None:
         if self.batch_size <= 0:
             raise ValueError("The batch size must be greater than 0.")
 
+        if not isinstance(self.targeted, bool) and not self.targeted:
+            raise ValueError(
+                "The argument `targeted` has to be of type bool. Currently AdversarialPatchNumpy only supports targeted"
+                "attacks."
+            )
+
         if not isinstance(self.verbose, bool):
             raise ValueError("The argument `verbose` has to be of type bool.")
 

art/attacks/evasion/auto_attack.py

@@ -159,7 +159,7 @@ def generate(self, x: np.ndarray, y: Optional[np.ndarray] = None, **kwargs) -> n
         """
         x_adv = x.astype(ART_NUMPY_DTYPE)
         if y is not None:
-            y = check_and_transform_label_format(y, self.estimator.nb_classes)
+            y = check_and_transform_label_format(y, nb_classes=self.estimator.nb_classes)
 
         if y is None:
             y = get_labels_np_array(self.estimator.predict(x, batch_size=self.batch_size))
@@ -207,7 +207,9 @@ def generate(self, x: np.ndarray, y: Optional[np.ndarray] = None, **kwargs) -> n
                         if np.sum(sample_is_robust) == 0:
                             break
 
-                        target = check_and_transform_label_format(targeted_labels[:, i], self.estimator.nb_classes)
+                        target = check_and_transform_label_format(
+                            targeted_labels[:, i], nb_classes=self.estimator.nb_classes
+                        )
 
                         x_adv, sample_is_robust = self._run_attack(
                             x=x_adv,

art/attacks/evasion/auto_projected_gradient_descent.py

@@ -376,7 +376,7 @@ def generate(self, x: np.ndarray, y: Optional[np.ndarray] = None, **kwargs) -> n
         mask = kwargs.get("mask")
 
         if y is not None:
-            y = check_and_transform_label_format(y, self.estimator.nb_classes)
+            y = check_and_transform_label_format(y, nb_classes=self.estimator.nb_classes)
 
         if y is None:
             if self.targeted: