Merge pull request #2650 from c4ts0up/detector-refactoring

Addition of CCA-UD poison detector for DNNs

Author: beat-buesser

Dockerfile

@@ -9,7 +9,7 @@ RUN pip3 install tensorflow==2.9.1 keras==2.9.0 numpy==1.22.4 scipy==1.8.1 matpl
                  resampy==0.3.1 ffmpeg-python==0.2.0 cma==3.2.2 pandas==1.4.3 h5py==3.7.0 tensorflow-addons==0.17.1 \
                  torch==1.12.0 torchaudio==0.12.0 torchvision==0.13.0 catboost==1.0.6 GPy==1.10.0 \
                  lightgbm==3.3.2 xgboost==1.6.1 kornia==0.6.6 lief==0.12.1 pytest==7.1.2 pytest-pep8==1.0.6 \
-                 pytest-mock==3.8.2 requests==2.28.1
+                 pytest-mock==3.8.2 requests==2.28.1 umap-learn==0.5.7
 
 RUN apt-get -y install ffmpeg libavcodec-extra vim git
 

art/attacks/poisoning/perturbations/__init__.py

@@ -2,7 +2,7 @@
 Module providing perturbation functions under a common interface
 """
 
-from art.attacks.poisoning.perturbations.image_perturbations import (
+from .image_perturbations import (
     add_pattern_bd,
     add_single_bd,
     insert_image,

art/defences/detector/poison/__init__.py

@@ -5,7 +5,7 @@
 from art.defences.detector.poison.poison_filtering_defence import PoisonFilteringDefence
 from art.defences.detector.poison.ground_truth_evaluator import GroundTruthEvaluator
 from art.defences.detector.poison.activation_defence import ActivationDefence
-from art.defences.detector.poison.clustering_analyzer import ClusteringAnalyzer
+import art.defences.detector.poison.clustering_analyzer as ClusteringAnalyzer
 from art.defences.detector.poison.provenance_defense import ProvenanceDefense
 from art.defences.detector.poison.roni import RONIDefense
 from art.defences.detector.poison.spectral_signature_defense import SpectralSignatureDefense

art/defences/detector/poison/activation_defence.py

@@ -36,12 +36,13 @@
 from sklearn.cluster import KMeans, MiniBatchKMeans
 
 from art.data_generators import DataGenerator
-from art.defences.detector.poison.clustering_analyzer import ClusteringAnalyzer
 from art.defences.detector.poison.ground_truth_evaluator import GroundTruthEvaluator
 from art.defences.detector.poison.poison_filtering_defence import PoisonFilteringDefence
 from art.utils import segment_by_class
 from art.visualization import create_sprite, save_image, plot_3d
 
+from art.defences.detector.poison.clustering_analyzer import ClusterAnalysisType, get_cluster_analyzer
+
 if TYPE_CHECKING:
     from art.utils import CLASSIFIER_NEURALNETWORK_TYPE
 
@@ -311,44 +312,27 @@ def analyze_clusters(self, **kwargs) -> tuple[dict[str, Any], np.ndarray]:
         :return: (report, assigned_clean_by_class), where the report is a dict object and assigned_clean_by_class
                  is a list of arrays that contains what data points where classified as clean.
         """
+        # default argument setting
         self.set_params(**kwargs)
 
         if not self.clusters_by_class:
             self.cluster_activations()
 
-        analyzer = ClusteringAnalyzer()
-        if self.cluster_analysis == "smaller":
-            (
-                self.assigned_clean_by_class,
-                self.poisonous_clusters,
-                report,
-            ) = analyzer.analyze_by_size(self.clusters_by_class)
-        elif self.cluster_analysis == "relative-size":
-            (
-                self.assigned_clean_by_class,
-                self.poisonous_clusters,
-                report,
-            ) = analyzer.analyze_by_relative_size(self.clusters_by_class)
-        elif self.cluster_analysis == "distance":
-            (
-                self.assigned_clean_by_class,
-                self.poisonous_clusters,
-                report,
-            ) = analyzer.analyze_by_distance(
-                self.clusters_by_class,
-                separated_activations=self.red_activations_by_class,
+        analysis_type = ClusterAnalysisType(self.cluster_analysis)
+        analyzer = get_cluster_analyzer(analysis_type)
+
+        if analysis_type in [ClusterAnalysisType.SMALLER, ClusterAnalysisType.RELATIVE_SIZE]:
+            self.assigned_clean_by_class, self.poisonous_clusters, report = analyzer(self.clusters_by_class)
+        elif analysis_type == ClusterAnalysisType.DISTANCE:
+            self.assigned_clean_by_class, self.poisonous_clusters, report = analyzer(
+                self.clusters_by_class, separated_activations=self.red_activations_by_class
             )
-        elif self.cluster_analysis == "silhouette-scores":
-            (
-                self.assigned_clean_by_class,
-                self.poisonous_clusters,
-                report,
-            ) = analyzer.analyze_by_silhouette_score(
-                self.clusters_by_class,
-                reduced_activations_by_class=self.red_activations_by_class,
+        elif analysis_type == ClusterAnalysisType.SILHOUETTE_SCORES:
+            self.assigned_clean_by_class, self.poisonous_clusters, report = analyzer(
+                self.clusters_by_class, reduced_activations_by_class=self.red_activations_by_class
             )
         else:
-            raise ValueError("Unsupported cluster analysis technique " + self.cluster_analysis)
+            raise ValueError("Unsupported cluster analysis technique " + analysis_type.value)
 
         # Add to the report current parameters used to run the defence and the analysis summary
         report = dict(list(report.items()) + list(self.get_params().items()))