Merge branch 'dev_1.16.0' into awp_adv

Author: beat-buesser

.github/workflows/dockerhub.yml

@@ -35,7 +35,7 @@ jobs:
         with:
           images: adversarialrobustnesstoolbox/releases
           tags: |
-            type=raw,value={{branch}}-1.14.1-{{sha}}
+            type=raw,value={{branch}}-1.15.1-{{sha}}
             type=semver,pattern={{version}}
 
       - name: Build and push Docker image

README-cn.md

@@ -1,4 +1,4 @@
-# Adversarial Robustness Toolbox (ART) v1.14
+# Adversarial Robustness Toolbox (ART) v1.15
 <p align="center">
   <img src="docs/images/art_lfai.png?raw=true" width="467" title="ART logo">
 </p>

README.md

@@ -1,4 +1,4 @@
-# Adversarial Robustness Toolbox (ART) v1.14
+# Adversarial Robustness Toolbox (ART) v1.15
 <p align="center">
   <img src="docs/images/art_lfai.png?raw=true" width="467" title="ART logo">
 </p>

art/__init__.py

@@ -12,7 +12,7 @@
 from art import preprocessing
 
 # Semantic Version
-__version__ = "1.14.1"
+__version__ = "1.15.1"
 
 # pylint: disable=C0103
 

art/attacks/evasion/auto_conjugate_gradient.py

@@ -463,7 +463,9 @@ def generate(self, x: np.ndarray, y: Optional[np.ndarray] = None, **kwargs) -> n
 
                 # self.eta = np.full((self.batch_size, 1, 1, 1), 2 * self.eps_step).astype(ART_NUMPY_DTYPE)
                 _batch_size = x_k.shape[0]
-                eta = np.full((_batch_size, 1, 1, 1), self.eps_step).astype(ART_NUMPY_DTYPE)
+                eta = np.full((_batch_size,) + (1,) * len(self.estimator.input_shape), self.eps_step).astype(
+                    ART_NUMPY_DTYPE
+                )
                 self.count_condition_1 = np.zeros(shape=(_batch_size,))
                 gradk_1 = np.zeros_like(x_k)
                 cgradk_1 = np.zeros_like(x_k)
@@ -650,4 +652,4 @@ def get_beta(gradk, gradk_1, cgradk_1):
     betak = -(_gradk * delta_gradk).sum(axis=1) / (
         (_cgradk_1 * delta_gradk).sum(axis=1) + np.finfo(ART_NUMPY_DTYPE).eps
     )
-    return betak.reshape((_batch_size, 1, 1, 1))
+    return betak.reshape((_batch_size,) + (1,) * (len(gradk.shape) - 1))

art/attacks/evasion/auto_projected_gradient_descent.py

@@ -458,7 +458,9 @@ def generate(self, x: np.ndarray, y: Optional[np.ndarray] = None, **kwargs) -> n
 
                 # modification for image-wise stepsize update
                 _batch_size = x_k.shape[0]
-                eta = np.full((_batch_size, 1, 1, 1), self.eps_step).astype(ART_NUMPY_DTYPE)
+                eta = np.full((_batch_size,) + (1,) * len(self.estimator.input_shape), self.eps_step).astype(
+                    ART_NUMPY_DTYPE
+                )
                 self.count_condition_1 = np.zeros(shape=(_batch_size,))
 
                 for k_iter in trange(self.max_iter, desc="AutoPGD - iteration", leave=False, disable=not self.verbose):

art/attacks/poisoning/perturbations/image_perturbations.py

@@ -21,7 +21,6 @@
 from typing import Optional, Tuple
 
 import numpy as np
-from PIL import Image
 
 
 def add_single_bd(x: np.ndarray, distance: int = 2, pixel_value: int = 1) -> np.ndarray:
@@ -112,6 +111,8 @@ def insert_image(
     :param blend: The blending factor
     :return: Backdoored image.
     """
+    from PIL import Image
+
     n_dim = len(x.shape)
     if n_dim == 4:
         return np.array(

art/defences/detector/poison/clustering_analyzer.py

@@ -68,10 +68,9 @@ def analyze_by_size(self, separated_clusters: List[np.ndarray]) -> Tuple[np.ndar
         all_assigned_clean = []
         nb_classes = len(separated_clusters)
         nb_clusters = len(np.unique(separated_clusters[0]))
-        summary_poison_clusters: np.ndarray = np.zeros((nb_classes, nb_clusters))
+        summary_poison_clusters: np.ndarray = np.zeros((nb_classes, nb_clusters), dtype=object)
 
         for i, clusters in enumerate(separated_clusters):
-
             # assume that smallest cluster is poisonous and all others are clean
             sizes = np.bincount(clusters)
             total_dp_in_class = np.sum(sizes)
@@ -98,8 +97,8 @@ def analyze_by_size(self, separated_clusters: List[np.ndarray]) -> Tuple[np.ndar
 
             report["Class_" + str(i)] = report_class
 
-        report["suspicious_clusters"] = report["suspicious_clusters"] + np.sum(summary_poison_clusters).item()
-        return np.asarray(all_assigned_clean), summary_poison_clusters, report
+        report["suspicious_clusters"] = report["suspicious_clusters"] + np.sum(summary_poison_clusters)
+        return np.asarray(all_assigned_clean, dtype=object), summary_poison_clusters, report
 
     def analyze_by_distance(
         self,
@@ -187,7 +186,7 @@ def analyze_by_distance(
             assigned_clean = self.assign_class(clusters, clean_clusters, np.array(poison_clusters))
             all_assigned_clean.append(assigned_clean)
 
-        all_assigned_clean_array = np.asarray(all_assigned_clean)
+        all_assigned_clean_array = np.asarray(all_assigned_clean, dtype=object)
         return all_assigned_clean_array, summary_poison_clusters, report
 
     def analyze_by_relative_size(

art/defences/preprocessor/spatial_smoothing.py

@@ -30,7 +30,7 @@
 from typing import Optional, Tuple
 
 import numpy as np
-from scipy.ndimage.filters import median_filter
+from scipy.ndimage import median_filter
 
 from art.utils import CLIP_VALUES_TYPE
 from art.defences.preprocessor.preprocessor import Preprocessor

art/defences/trainer/adversarial_trainer_trades_pytorch.py

@@ -33,6 +33,7 @@
 from art.estimators.classification.pytorch import PyTorchClassifier
 from art.data_generators import DataGenerator
 from art.attacks.attack import EvasionAttack
+from art.utils import check_and_transform_label_format
 
 if TYPE_CHECKING:
     import torch
@@ -97,6 +98,15 @@ def fit(
         ind = np.arange(len(x))
 
         logger.info("Adversarial Training TRADES")
+        y = check_and_transform_label_format(y, nb_classes=self.classifier.nb_classes)
+
+        if validation_data is not None:
+            (x_test, y_test) = validation_data
+            y_test = check_and_transform_label_format(y_test, nb_classes=self.classifier.nb_classes)
+
+            x_preprocessed_test, y_preprocessed_test = self._classifier._apply_preprocessing(  # pylint: disable=W0212
+                x_test, y_test, fit=True
+            )
 
         for i_epoch in trange(nb_epochs, desc="Adversarial Training TRADES - Epochs"):
             # Shuffle the examples
@@ -107,7 +117,6 @@ def fit(
             train_n = 0.0
 
             for batch_id in range(nb_batches):
-
                 # Create batch data
                 x_batch = x[ind[batch_id * batch_size : min((batch_id + 1) * batch_size, x.shape[0])]].copy()
                 y_batch = y[ind[batch_id * batch_size : min((batch_id + 1) * batch_size, x.shape[0])]]
@@ -125,9 +134,9 @@ def fit(
 
             # compute accuracy
             if validation_data is not None:
-                (x_test, y_test) = validation_data
-                output = np.argmax(self.predict(x_test), axis=1)
-                nb_correct_pred = np.sum(output == np.argmax(y_test, axis=1))
+                output = np.argmax(self.predict(x_preprocessed_test), axis=1)
+                nb_correct_pred = np.sum(output == np.argmax(y_preprocessed_test, axis=1))
+
                 logger.info(
                     "epoch: %s time(s): %.1f loss: %.4f acc(tr): %.4f acc(val): %.4f",
                     i_epoch,
@@ -188,7 +197,6 @@ def fit_generator(
             train_n = 0.0
 
             for batch_id in range(nb_batches):  # pylint: disable=W0612
-
                 # Create batch data
                 x_batch, y_batch = generator.get_batch()
                 x_batch = x_batch.copy()
@@ -232,6 +240,8 @@ def _batch_process(self, x_batch: np.ndarray, y_batch: np.ndarray) -> Tuple[floa
         x_batch_pert = self._attack.generate(x_batch, y=y_batch)
 
         # Apply preprocessing
+        y_batch = check_and_transform_label_format(y_batch, nb_classes=self.classifier.nb_classes)
+
         x_preprocessed, y_preprocessed = self._classifier._apply_preprocessing(  # pylint: disable=W0212
             x_batch, y_batch, fit=True
         )

art/estimators/certification/__init__.py

@@ -2,12 +2,26 @@
 This module contains certified classifiers.
 """
 import importlib
-from art.estimators.certification import randomized_smoothing
-from art.estimators.certification import derandomized_smoothing
+from art.estimators.certification.randomized_smoothing.randomized_smoothing import RandomizedSmoothingMixin
+from art.estimators.certification.randomized_smoothing.numpy import NumpyRandomizedSmoothing
+from art.estimators.certification.randomized_smoothing.tensorflow import TensorFlowV2RandomizedSmoothing
+from art.estimators.certification.randomized_smoothing.pytorch import PyTorchRandomizedSmoothing
+from art.estimators.certification.derandomized_smoothing.derandomized_smoothing import DeRandomizedSmoothingMixin
+from art.estimators.certification.derandomized_smoothing.pytorch import PyTorchDeRandomizedSmoothing
+from art.estimators.certification.derandomized_smoothing.tensorflow import TensorFlowV2DeRandomizedSmoothing
 
 if importlib.util.find_spec("torch") is not None:
-    from art.estimators.certification import deep_z
-    from art.estimators.certification import interval
+    from art.estimators.certification.deep_z.deep_z import ZonoDenseLayer
+    from art.estimators.certification.deep_z.deep_z import ZonoBounds
+    from art.estimators.certification.deep_z.deep_z import ZonoConv
+    from art.estimators.certification.deep_z.deep_z import ZonoReLU
+    from art.estimators.certification.deep_z.pytorch import PytorchDeepZ
+    from art.estimators.certification.interval.interval import PyTorchIntervalDense
+    from art.estimators.certification.interval.interval import PyTorchIntervalConv2D
+    from art.estimators.certification.interval.interval import PyTorchIntervalReLU
+    from art.estimators.certification.interval.interval import PyTorchIntervalFlatten
+    from art.estimators.certification.interval.interval import PyTorchIntervalBounds
+    from art.estimators.certification.interval.pytorch import PyTorchIBPClassifier
 else:
     import warnings
 

art/estimators/certification/randomized_smoothing/__init__.py

@@ -4,5 +4,10 @@
 from art.estimators.certification.randomized_smoothing.randomized_smoothing import RandomizedSmoothingMixin
 
 from art.estimators.certification.randomized_smoothing.numpy import NumpyRandomizedSmoothing
-from art.estimators.certification.randomized_smoothing.tensorflow import TensorFlowV2RandomizedSmoothing
 from art.estimators.certification.randomized_smoothing.pytorch import PyTorchRandomizedSmoothing
+from art.estimators.certification.randomized_smoothing.tensorflow import TensorFlowV2RandomizedSmoothing
+from art.estimators.certification.randomized_smoothing.smooth_mix.pytorch import PyTorchSmoothMix
+from art.estimators.certification.randomized_smoothing.macer.pytorch import PyTorchMACER
+from art.estimators.certification.randomized_smoothing.macer.tensorflow import TensorFlowV2MACER
+from art.estimators.certification.randomized_smoothing.smooth_adv.pytorch import PyTorchSmoothAdv
+from art.estimators.certification.randomized_smoothing.smooth_adv.tensorflow import TensorFlowV2SmoothAdv