Merge branch 'dev_1.15.1' into development_issue_2234

Author: beat-buesser

art/attacks/evasion/auto_conjugate_gradient.py

@@ -463,7 +463,9 @@ def generate(self, x: np.ndarray, y: Optional[np.ndarray] = None, **kwargs) -> n
 
                 # self.eta = np.full((self.batch_size, 1, 1, 1), 2 * self.eps_step).astype(ART_NUMPY_DTYPE)
                 _batch_size = x_k.shape[0]
-                eta = np.full((_batch_size, 1, 1, 1), self.eps_step).astype(ART_NUMPY_DTYPE)
+                eta = np.full((_batch_size,) + (1,) * len(self.estimator.input_shape), self.eps_step).astype(
+                    ART_NUMPY_DTYPE
+                )
                 self.count_condition_1 = np.zeros(shape=(_batch_size,))
                 gradk_1 = np.zeros_like(x_k)
                 cgradk_1 = np.zeros_like(x_k)
@@ -650,4 +652,4 @@ def get_beta(gradk, gradk_1, cgradk_1):
     betak = -(_gradk * delta_gradk).sum(axis=1) / (
         (_cgradk_1 * delta_gradk).sum(axis=1) + np.finfo(ART_NUMPY_DTYPE).eps
     )
-    return betak.reshape((_batch_size, 1, 1, 1))
+    return betak.reshape((_batch_size,) + (1,) * (len(gradk.shape) - 1))

art/attacks/evasion/auto_projected_gradient_descent.py

@@ -458,7 +458,9 @@ def generate(self, x: np.ndarray, y: Optional[np.ndarray] = None, **kwargs) -> n
 
                 # modification for image-wise stepsize update
                 _batch_size = x_k.shape[0]
-                eta = np.full((_batch_size, 1, 1, 1), self.eps_step).astype(ART_NUMPY_DTYPE)
+                eta = np.full((_batch_size,) + (1,) * len(self.estimator.input_shape), self.eps_step).astype(
+                    ART_NUMPY_DTYPE
+                )
                 self.count_condition_1 = np.zeros(shape=(_batch_size,))
 
                 for k_iter in trange(self.max_iter, desc="AutoPGD - iteration", leave=False, disable=not self.verbose):

art/attacks/poisoning/perturbations/image_perturbations.py

@@ -21,7 +21,6 @@
 from typing import Optional, Tuple
 
 import numpy as np
-from PIL import Image
 
 
 def add_single_bd(x: np.ndarray, distance: int = 2, pixel_value: int = 1) -> np.ndarray:
@@ -112,6 +111,8 @@ def insert_image(
     :param blend: The blending factor
     :return: Backdoored image.
     """
+    from PIL import Image
+
     n_dim = len(x.shape)
     if n_dim == 4:
         return np.array(

art/estimators/object_detection/pytorch_object_detector.py

@@ -219,7 +219,10 @@ def _preprocess_and_convert_inputs(
 
             # Set gradients
             if not no_grad:
-                x_tensor.requires_grad = True
+                if x_tensor.is_leaf:
+                    x_tensor.requires_grad = True
+                else:
+                    x_tensor.retain_grad()
 
             # Apply framework-specific preprocessing
             x_preprocessed, y_preprocessed = self._apply_preprocessing(x=x_tensor, y=y_tensor, fit=fit, no_grad=no_grad)

art/visualization.py

@@ -25,7 +25,6 @@
 from typing import List, Optional, TYPE_CHECKING
 
 import numpy as np
-from PIL import Image
 
 from art import config
 
@@ -97,6 +96,8 @@ def save_image(image_array: np.ndarray, f_name: str) -> None:
     :param image_array: Image to be saved.
     :param f_name: File name containing extension e.g., my_img.jpg, my_img.png, my_images/my_img.png.
     """
+    from PIL import Image
+
     file_name = os.path.join(config.ART_DATA_PATH, f_name)
     folder = os.path.split(file_name)[0]
     if not os.path.exists(folder):

examples/adversarial_training_FBF.py

@@ -11,7 +11,7 @@
 import torchvision.transforms as transforms
 from torch.utils.data import Dataset, DataLoader
 
-from art.classifiers import PyTorchClassifier
+from art.estimators.classification import PyTorchClassifier
 from art.data_generators import PyTorchDataGenerator
 from art.defences.trainer import AdversarialTrainerFBFPyTorch
 from art.utils import load_cifar10

examples/adversarial_training_data_augmentation.py

@@ -1,6 +1,10 @@
 """
 This is an example of how to use ART and Keras to perform adversarial training using data generators for CIFAR10
 """
+import tensorflow as tf
+
+tf.compat.v1.disable_eager_execution()
+
 import keras
 import numpy as np
 from keras.layers import Conv2D, Dense, Flatten, MaxPooling2D, Input, BatchNormalization

examples/get_started_lightgbm.py

@@ -27,7 +27,7 @@
 
 # Step 2: Create the model
 
-params = {"objective": "multiclass", "metric": "multi_logloss", "num_class": 10}
+params = {"objective": "multiclass", "metric": "multi_logloss", "num_class": 10, "force_col_wise": True}
 train_set = lgb.Dataset(x_train, label=np.argmax(y_train, axis=1))
 test_set = lgb.Dataset(x_test, label=np.argmax(y_test, axis=1))
 model = lgb.train(params=params, train_set=train_set, num_boost_round=100, valid_sets=[test_set])

examples/get_started_xgboost.py

@@ -27,7 +27,7 @@
 
 # Step 2: Create the model
 
-params = {"objective": "multi:softprob", "metric": "accuracy", "num_class": 10}
+params = {"objective": "multi:softprob", "eval_metric": ["mlogloss", "merror"], "num_class": 10}
 dtrain = xgb.DMatrix(x_train, label=np.argmax(y_train, axis=1))
 dtest = xgb.DMatrix(x_test, label=np.argmax(y_test, axis=1))
 evals = [(dtest, "test"), (dtrain, "train")]

examples/mnist_cnn_fgsm.py

@@ -2,6 +2,10 @@
 """Trains a convolutional neural network on the MNIST dataset, then attacks it with the FGSM attack."""
 from __future__ import absolute_import, division, print_function, unicode_literals
 
+import tensorflow as tf
+
+tf.compat.v1.disable_eager_execution()
+
 from keras.models import Sequential
 from keras.layers import Dense, Flatten, Conv2D, MaxPooling2D, Dropout
 import numpy as np
@@ -35,12 +39,16 @@
 acc = np.sum(preds == np.argmax(y_test, axis=1)) / y_test.shape[0]
 print("\nTest accuracy: %.2f%%" % (acc * 100))
 
-# Craft adversarial samples with FGSM
-epsilon = 0.1  # Maximum perturbation
-adv_crafter = FastGradientMethod(classifier, eps=epsilon)
-x_test_adv = adv_crafter.generate(x=x_test)
+# Define epsilon values
+epsilon_values = [0.01, 0.1, 0.15, 0.2, 0.25, 0.3]
 
-# Evaluate the classifier on the adversarial examples
-preds = np.argmax(classifier.predict(x_test_adv), axis=1)
-acc = np.sum(preds == np.argmax(y_test, axis=1)) / y_test.shape[0]
-print("\nTest accuracy on adversarial sample: %.2f%%" % (acc * 100))
+# Iterate over epsilon values
+for epsilon in epsilon_values:
+    # Craft adversarial samples with FGSM
+    adv_crafter = FastGradientMethod(classifier, eps=epsilon)
+    x_test_adv = adv_crafter.generate(x=x_test, y=y_test)
+
+    # Evaluate the classifier on the adversarial examples
+    preds = np.argmax(classifier.predict(x_test_adv), axis=1)
+    acc = np.sum(preds == np.argmax(y_test, axis=1)) / y_test.shape[0]
+    print("Test accuracy on adversarial sample (epsilon = %.2f): %.2f%%" % (epsilon, acc * 100))