Merge branch 'dev_1.7.0' into master

Author: beat-buesser

.github/workflows/ci-deepspeech-v2.yml

@@ -29,4 +29,4 @@ jobs:
       - name: Run Test Action
         uses: ./.github/actions/deepspeech-v2
       - name: Upload coverage to Codecov
-        uses: codecov/[email protected].0
+        uses: codecov/[email protected].2

.github/workflows/ci-lingvo.yml

@@ -60,4 +60,4 @@ jobs:
       - name: Run ${{ matrix.name }} Tests
         run: ./run_tests.sh ${{ matrix.framework }}
       - name: Upload coverage to Codecov
-        uses: codecov/[email protected].0
+        uses: codecov/[email protected].2

.github/workflows/ci-mxnet.yml

@@ -86,4 +86,4 @@ jobs:
       - name: Run ${{ matrix.name }} Tests
         run: ./run_tests.sh ${{ matrix.framework }}
       - name: Upload coverage to Codecov
-        uses: codecov/[email protected].0
+        uses: codecov/[email protected].2

.github/workflows/ci-pytorch-fasterrcnn.yml

@@ -46,4 +46,4 @@ jobs:
       - name: Run Test Action
         run: pytest --cov-report=xml --cov=art --cov-append -q -vv tests/estimators/object_detection/test_pytorch_faster_rcnn.py --framework=pytorch --skip_travis=True --durations=0
       - name: Upload coverage to Codecov
-        uses: codecov/[email protected].0
+        uses: codecov/[email protected].2

.github/workflows/ci.yml

@@ -133,4 +133,4 @@ jobs:
       - name: Run Tests
         run: ./run_tests.sh ${{ matrix.framework }}
       - name: Upload coverage to Codecov
-        uses: codecov/[email protected].0
+        uses: codecov/[email protected].2

AUTHORS

@@ -5,11 +5,12 @@
 # - Person <email address>
 
 - International Business Machines Corporation (IBM)
-- Two Six Labs, LLC
+- Two Six Technologies
 - Kyushu University
 - Intel Corporation
 - University of Chicago
 - The MITRE Corporation
+- General Motors Company
 - AGH University of Science and Technology
 - Rensselaer Polytechnic Institute (RPI)
 - IMT Atlantique

Dockerfile

@@ -31,6 +31,8 @@ RUN pip3 install lightgbm==2.3.1
 RUN pip3 install xgboost==1.1.1
 RUN pip3 install kornia==0.3.1
 
+RUN pip3 install lief==0.11.4
+
 RUN pip3 install pytest==5.4.1 pytest-pep8==1.0.6 pytest-mock==3.2.0 codecov==2.1.8 requests==2.24.0
 
 RUN mkdir /project; mkdir /project/TMP

README-cn.md

@@ -26,12 +26,21 @@
 （图像，表格，音频，视频等）和机器学习任务（分类，物体检测，语音识别，
 生成模型，认证等）。
 
+## Adversarial Threats
+
 <p align="center">
   <img src="docs/images/adversarial_threats_attacker.png?raw=true" width="400" title="ART logo">
   <img src="docs/images/adversarial_threats_art.png?raw=true" width="400" title="ART logo">
 </p>
 <br />
 
+## ART for Red and Blue Teams (selection)
+
+<p align="center">
+  <img src="docs/images/white_hat_blue_red.png?raw=true" width="800" title="ART Red and Blue Teams">
+</p>
+<br />
+
 ## 学到更多
 
 | **[开始使用][get-started]**     | **[文献资料][documentation]**     | **[贡献][contributing]**           |

README.md

@@ -27,12 +27,21 @@ adversarial threats of Evasion, Poisoning, Extraction, and Inference. ART suppor
 (images, tables, audio, video, etc.) and machine learning tasks (classification, object detection, speech recognition,
 generation, certification, etc.).
 
+## Adversarial Threats
+
 <p align="center">
   <img src="docs/images/adversarial_threats_attacker.png?raw=true" width="400" title="ART logo">
   <img src="docs/images/adversarial_threats_art.png?raw=true" width="400" title="ART logo">
 </p>
 <br />
 
+## ART for Red and Blue Teams (selection)
+
+<p align="center">
+  <img src="docs/images/white_hat_blue_red.png?raw=true" width="800" title="ART Red and Blue Teams">
+</p>
+<br />
+
 ## Learn more
 
 | **[Get Started][get-started]**     | **[Documentation][documentation]**     | **[Contributing][contributing]**           |

art/attacks/attack.py

@@ -93,9 +93,18 @@ class Attack(abc.ABC, metaclass=InputFilter):
     attack_params: List[str] = list()
     _estimator_requirements: Optional[Union[Tuple[Any, ...], Tuple[()]]] = None
 
-    def __init__(self, estimator):
+    def __init__(
+        self,
+        estimator,
+        tensor_board: Union[str, bool] = False,
+    ):
         """
         :param estimator: An estimator.
+        :param tensor_board: Activate summary writer for TensorBoard: Default is `False` and deactivated summary writer.
+                             If `True` save runs/CURRENT_DATETIME_HOSTNAME in current directory. Provide `path` in type
+                             `str` to save in path/CURRENT_DATETIME_HOSTNAME.
+                             Use hierarchical folder structure to compare between runs easily. e.g. pass in ‘runs/exp1’,
+                             ‘runs/exp2’, etc. for each new experiment to compare across them.
         """
         super().__init__()
 
@@ -106,6 +115,19 @@ def __init__(self, estimator):
             raise EstimatorError(self.__class__, self.estimator_requirements, estimator)
 
         self._estimator = estimator
+        self.tensor_board = tensor_board
+
+        if tensor_board:
+            from tensorboardX import SummaryWriter
+
+            if isinstance(tensor_board, str):
+                self.summary_writer = SummaryWriter(tensor_board)
+            else:
+                self.summary_writer = SummaryWriter()
+        else:
+            self.summary_writer = None
+
+        Attack._check_params(self)
 
     @property
     def estimator(self):
@@ -129,7 +151,9 @@ def set_params(self, **kwargs) -> None:
         self._check_params()
 
     def _check_params(self) -> None:
-        pass
+
+        if not isinstance(self.tensor_board, (bool, str)):
+            raise ValueError("The argument `tensor_board` has to be either of type bool or str.")
 
 
 class EvasionAttack(Attack):
@@ -305,12 +329,12 @@ def __init__(self, estimator):
     @abc.abstractmethod
     def infer(self, x: np.ndarray, y: Optional[np.ndarray] = None, **kwargs) -> np.ndarray:
         """
-        Infer sensitive properties (attributes, membership training records) from the targeted estimator. This method
+        Infer sensitive attributes from the targeted estimator. This method
         should be overridden by all concrete inference attack implementations.
 
         :param x: An array with reference inputs to be used in the attack.
         :param y: Labels for `x`. This parameter is only used by some of the attacks.
-        :return: An array holding the inferred properties.
+        :return: An array holding the inferred attribute values.
         """
         raise NotImplementedError
 
@@ -334,12 +358,41 @@ def __init__(self, estimator, attack_feature: Union[int, slice] = 0):
     @abc.abstractmethod
     def infer(self, x: np.ndarray, y: Optional[np.ndarray] = None, **kwargs) -> np.ndarray:
         """
-        Infer sensitive properties (attributes, membership training records) from the targeted estimator. This method
+        Infer sensitive attributes from the targeted estimator. This method
+        should be overridden by all concrete inference attack implementations.
+
+        :param x: An array with reference inputs to be used in the attack.
+        :param y: Labels for `x`. This parameter is only used by some of the attacks.
+        :return: An array holding the inferred attribute values.
+        """
+        raise NotImplementedError
+
+
+class MembershipInferenceAttack(InferenceAttack):
+    """
+    Abstract base class for membership inference attack classes.
+    """
+
+    def __init__(self, estimator: Union["CLASSIFIER_TYPE"]):
+        """
+        :param estimator: A trained estimator targeted for inference attack.
+        :type estimator: :class:`.art.estimators.estimator.BaseEstimator`
+        :param attack_feature: The index of the feature to be attacked.
+        """
+        super().__init__(estimator)
+
+    @abc.abstractmethod
+    def infer(self, x: np.ndarray, y: Optional[np.ndarray] = None, **kwargs) -> np.ndarray:
+        """
+        Infer membership status of samples from the target estimator. This method
         should be overridden by all concrete inference attack implementations.
 
         :param x: An array with reference inputs to be used in the attack.
         :param y: Labels for `x`. This parameter is only used by some of the attacks.
-        :return: An array holding the inferred properties.
+        :param probabilities: a boolean indicating whether to return the predicted probabilities per class, or just
+                              the predicted class.
+        :return: An array holding the inferred membership status (1 indicates member of training set,
+                 0 indicates non-member) or class probabilities.
         """
         raise NotImplementedError
 

art/attacks/evasion/__init__.py

@@ -18,14 +18,18 @@
 from art.attacks.evasion.elastic_net import ElasticNet
 from art.attacks.evasion.fast_gradient import FastGradientMethod
 from art.attacks.evasion.frame_saliency import FrameSaliencyAttack
-from art.attacks.evasion.feature_adversaries import FeatureAdversaries
+from art.attacks.evasion.feature_adversaries.feature_adversaries_numpy import FeatureAdversariesNumpy
+from art.attacks.evasion.feature_adversaries.feature_adversaries_pytorch import FeatureAdversariesPyTorch
+from art.attacks.evasion.feature_adversaries.feature_adversaries_tensorflow import FeatureAdversariesTensorFlowV2
+from art.attacks.evasion.geometric_decision_based_attack import GeoDA
 from art.attacks.evasion.hclu import HighConfidenceLowUncertainty
 from art.attacks.evasion.hop_skip_jump import HopSkipJump
 from art.attacks.evasion.imperceptible_asr.imperceptible_asr import ImperceptibleASR
 from art.attacks.evasion.imperceptible_asr.imperceptible_asr_pytorch import ImperceptibleASRPyTorch
 from art.attacks.evasion.iterative_method import BasicIterativeMethod
 from art.attacks.evasion.lowprofool import LowProFool
 from art.attacks.evasion.newtonfool import NewtonFool
+from art.attacks.evasion.pe_malware_attack import MalwareGDTensorFlow
 from art.attacks.evasion.pixel_threshold import PixelAttack
 from art.attacks.evasion.projected_gradient_descent.projected_gradient_descent import ProjectedGradientDescent
 from art.attacks.evasion.projected_gradient_descent.projected_gradient_descent_numpy import (

art/attacks/evasion/adversarial_patch/adversarial_patch_pytorch.py

@@ -59,6 +59,7 @@ class AdversarialPatchPyTorch(EvasionAttack):
         "max_iter",
         "batch_size",
         "patch_shape",
+        "tensor_board",
         "verbose",
     ]
 
@@ -76,6 +77,7 @@ def __init__(
         batch_size: int = 16,
         patch_shape: Optional[Tuple[int, int, int]] = None,
         patch_type: str = "circle",
+        tensor_board: Union[str, bool] = False,
         verbose: bool = True,
     ):
         """
@@ -95,6 +97,11 @@ def __init__(
         :param batch_size: The size of the training batch.
         :param patch_shape: The shape of the adversarial patch as a tuple of shape HWC (width, height, nb_channels).
         :param patch_type: The patch type, either circle or square.
+        :param tensor_board: Activate summary writer for TensorBoard: Default is `False` and deactivated summary writer.
+                             If `True` save runs/CURRENT_DATETIME_HOSTNAME in current directory. Provide `path` in type
+                             `str` to save in path/CURRENT_DATETIME_HOSTNAME.
+                             Use hierarchical folder structure to compare between runs easily. e.g. pass in ‘runs/exp1’,
+                             ‘runs/exp2’, etc. for each new experiment to compare across them.
         :param verbose: Show progress bars.
         """
         import torch  # lgtm [py/repeated-import]
@@ -107,7 +114,7 @@ def __init__(
             torchvision_version[0] >= 0 and torchvision_version[1] >= 8
         ), "AdversarialPatchPyTorch requires torchvision>=0.8.0"
 
-        super().__init__(estimator=classifier)
+        super().__init__(estimator=classifier, tensor_board=tensor_board)
         self.rotation_max = rotation_max
         self.scale_min = scale_min
         self.scale_max = scale_max
@@ -427,9 +434,6 @@ def generate(self, x: np.ndarray, y: Optional[np.ndarray] = None, **kwargs) -> T
         else:
             self.targeted = True
 
-        if y is None:
-            raise ValueError("The labels `y` cannot be None, please provide labels `y`.")
-
         y = check_and_transform_label_format(labels=y, nb_classes=self.estimator.nb_classes)
 
         # check if logits or probabilities
@@ -461,14 +465,34 @@ def generate(self, x: np.ndarray, y: Optional[np.ndarray] = None, **kwargs) -> T
                 drop_last=False,
             )
 
-        for _ in trange(self.max_iter, desc="Adversarial Patch TensorFlow v2", disable=not self.verbose):
+        for i_iter in trange(self.max_iter, desc="Adversarial Patch PyTorch", disable=not self.verbose):
             if mask is None:
                 for images, target in data_loader:
                     _ = self._train_step(images=images, target=target, mask=None)
             else:
                 for images, target, mask_i in data_loader:
                     _ = self._train_step(images=images, target=target, mask=mask_i)
 
+            if self.summary_writer is not None:
+                self.summary_writer.add_image(
+                    "patch",
+                    self._patch,
+                    global_step=i_iter,
+                )
+
+                if hasattr(self.estimator, "compute_losses"):
+                    x_patched = self._random_overlay(
+                        images=torch.from_numpy(x).to(self.estimator.device), patch=self._patch, mask=mask
+                    )
+                    losses = self.estimator.compute_losses(x=x_patched, y=torch.from_numpy(y).to(self.estimator.device))
+
+                    for key, value in losses.items():
+                        self.summary_writer.add_scalar(
+                            "loss/{}".format(key),
+                            np.mean(value.detach().cpu().numpy()),
+                            global_step=i_iter,
+                        )
+
         return (
             self._patch.detach().cpu().numpy(),
             self._get_circular_patch_mask(nb_samples=1).numpy()[0],