Adding changes related to style and types

monshri · monshri · commit c7ddc77c0337 · 2022-06-27T20:23:47.000-04:00
Signed-off-by: monshri &lt;priya.shriti@gmail.com&gt;
Signed-off-by: Shriti Priya &lt;shritip@ibm.com&gt;
diff --git a/art/attacks/poisoning/sleeper_agent_attack.py b/art/attacks/poisoning/sleeper_agent_attack.py
@@ -73,6 +73,8 @@ def __init__(
 
         :param classifier: The proxy classifier used for the attack.
         :param percent_poison: The ratio of samples to poison among x_train, with range [0,1].
+        :patch: The patch to be applied as trigger.
+        :indices_target: The indices of training data having target label.
         :param epsilon: The L-inf perturbation budget.
         :param max_trials: The maximum number of restarts to optimize the poison.
         :param max_epochs: The maximum number of epochs to optimize the train per trial.
@@ -82,15 +84,15 @@ def __init__(
         :param batch_size: Batch size.
         :param clip_values: The range of the input features to the classifier.
         :param verbose: Show progress bars.
-        :indices_target: The indices of training data having target label.
         :patching_strategy: Patching strategy to be used for adding trigger, either random/fixed.
         :selection_strategy: Selection strategy for getting the indices of
                              poison examples - either random/maximum gradient norm.
         :retraining_factor: The factor for which retraining needs to be applied.
         :model_retrain: True, if retraining has to be applied, else False.
         :model_retraining_epoch: The epochs for which retraining has to be applied.
-        :patch: The patch to be applied as trigger.
-        :K: Number of training samples belonging to target class selected for poisoning.
+        :class_source: Source class from which triggers are selected.
+        :class_target: The target class to be misclassified after poisoning.
+        
         """
         super().__init__(
             classifier,
@@ -152,7 +154,7 @@ def poison(  # type: ignore
             raise NotImplementedError("SleeperAgentAttack is currently implemented only for PyTorch.")
 
         # Choose samples to poison.
-        x_trigger = self.apply_trigger_patch(x_trigger) 
+        x_trigger = self.apply_trigger_patch(x_trigger)
         if len(np.shape(y_trigger)) == 2:  # dense labels
             classes_target = set(np.argmax(y_trigger, axis=-1))
         else:  # sparse labels
@@ -410,7 +412,6 @@ def apply_trigger_patch(self, x_trigger: np.ndarray) -> Union[np.ndarray, "torch
         :x_trigger: Samples to be used for trigger.
         :return tensor with applied trigger patches.
         """
-        from art.estimators.classification.pytorch import PyTorchClassifier
 
         patch_size = self.patch.shape[1]
         if self.patching_strategy == "fixed":
@@ -420,9 +421,8 @@ def apply_trigger_patch(self, x_trigger: np.ndarray) -> Union[np.ndarray, "torch
                 x_cord = random.randrange(0, x.shape[1] - self.patch.shape[1] + 1)
                 y_cord = random.randrange(0, x.shape[2] - self.patch.shape[2] + 1)
                 x[x_cord : x_cord + patch_size, y_cord : y_cord + patch_size, :] = self.patch
-        if isinstance(self.substitute_classifier, PyTorchClassifier):
-            import torch
 
-            return torch.tensor(np.transpose(x_trigger, [0, 3, 1, 2]))
+        if self.estimator.channels_first:
+            return np.transpose(x_trigger, [0, 3, 1, 2])
 
-        return np.transpose(x_trigger, [0, 3, 1, 2])
+        return x_trigger
