Update to ART 1.14.0

.github/workflows/ci-pytorch-object-detectors.yml

@@ -33,7 +33,7 @@ jobs:
       - name: Setup Python
         uses: actions/setup-python@v4
         with:
-          python-version: 3.8
+          python-version: '3.10'
       - name: Install Dependencies
         run: |
           sudo apt-get update

.github/workflows/ci-pytorch.yml

@@ -28,13 +28,13 @@ jobs:
       fail-fast: false
       matrix:
         include:
-          - name: PyTorch 1.11.0 (Python 3.8)
+          - name: PyTorch 1.11.0 (Python 3.9)
             framework: pytorch
             python: 3.8
             torch: 1.11.0+cpu
             torchvision: 0.12.0+cpu
             torchaudio: 0.11.0
-          - name: PyTorch 1.12.1 (Python 3.8)
+          - name: PyTorch 1.12.1 (Python 3.9)
             framework: pytorch
             python: 3.8
             torch: 1.12.1+cpu
@@ -46,6 +46,12 @@ jobs:
             torch: 1.13.1+cpu
             torchvision: 0.14.1+cpu
             torchaudio: 0.13.1
+          - name: PyTorch 1.13.1 (Python 3.10)
+            framework: pytorch
+            python: '3.10'
+            torch: 1.13.1+cpu
+            torchvision: 0.14.1+cpu
+            torchaudio: 0.13.1
 
     name: ${{ matrix.name }}
     steps:

.github/workflows/ci-scikit-learn.yml

@@ -32,14 +32,18 @@ jobs:
             framework: scikitlearn
             scikit-learn: 0.24.2
             python: 3.9
-          - name: scikit-learn 1.0.2 (Python 3.9)
+          - name: scikit-learn 1.1.3 (Python 3.9)
             framework: scikitlearn
-            scikit-learn: 1.0.2
+            scikit-learn: 1.1.3
             python: 3.9
-          - name: scikit-learn 1.1.0 (Python 3.9)
+          - name: scikit-learn 1.2.2 (Python 3.9)
             framework: scikitlearn
-            scikit-learn: 1.1.0
+            scikit-learn: 1.2.2
             python: 3.9
+          - name: scikit-learn 1.2.2 (Python 3.10)
+            framework: scikitlearn
+            scikit-learn: 1.2.2
+            python: '3.10'
 
     name: ${{ matrix.name }}
     steps:
@@ -55,8 +59,8 @@ jobs:
           sudo apt-get -y -q install ffmpeg libavcodec-extra
           python -m pip install --upgrade pip setuptools wheel
           pip install -r requirements_test.txt
-          pip install tensorflow==2.7.0
-          pip install keras==2.7.0
+          pip install tensorflow==2.10.1
+          pip install keras==2.10.0
           pip install scikit-learn==${{ matrix.scikit-learn }}
           pip list
       - name: Run Tests

.github/workflows/ci-tensorflow-v2.yml

@@ -49,6 +49,13 @@ jobs:
             tf_version: v2
             keras: 2.10.0
             tf_addons: 0.18.0
+          - name: TensorFlow 2.10.1 (Keras 2.10.0 Python 3.10)
+            framework: tensorflow
+            python: '3.10'
+            tensorflow: 2.10.1
+            tf_version: v2
+            keras: 2.10.0
+            tf_addons: 0.18.0
 
     name: ${{ matrix.name }}
     steps:

art/attacks/__init__.py

@@ -2,7 +2,8 @@
 Module providing adversarial attacks under a common interface.
 """
 from art.attacks.attack import Attack, EvasionAttack, PoisoningAttack, PoisoningAttackBlackBox, PoisoningAttackWhiteBox
-from art.attacks.attack import PoisoningAttackTransformer, ExtractionAttack, InferenceAttack, AttributeInferenceAttack
+from art.attacks.attack import PoisoningAttackGenerator, PoisoningAttackTransformer, PoisoningAttackObjectDetector
+from art.attacks.attack import ExtractionAttack, InferenceAttack, AttributeInferenceAttack
 from art.attacks.attack import ReconstructionAttack
 
 from art.attacks import evasion

art/attacks/attack.py

@@ -22,12 +22,13 @@
 
 import abc
 import logging
-from typing import Any, List, Optional, Tuple, Union, TYPE_CHECKING
+from typing import Any, Dict, List, Optional, Tuple, Union, TYPE_CHECKING
 
 import numpy as np
 
 from art.exceptions import EstimatorError
 from art.summary_writer import SummaryWriter, SummaryWriterDefault
+from art.utils import get_feature_index
 
 if TYPE_CHECKING:
     from art.utils import CLASSIFIER_TYPE, GENERATOR_TYPE
@@ -265,7 +266,7 @@ def poison_estimator(
         max_iter: int,
         lambda_p: float,
         verbose: int,
-        **kwargs
+        **kwargs,
     ) -> "GENERATOR_TYPE":
         """
         Returns a poisoned version of the generator used to initialize the attack
@@ -324,6 +325,39 @@ def poison_estimator(self, x: np.ndarray, y: np.ndarray, **kwargs) -> "CLASSIFIE
         raise NotImplementedError
 
 
+class PoisoningAttackObjectDetector(Attack):
+    """
+    Abstract base class for poisoning attack classes on object detection models.
+    """
+
+    def __init__(self):
+        """
+        Initializes object detector poisoning attack.
+        """
+        super().__init__(None)  # type: ignore
+
+    @abc.abstractmethod
+    def poison(
+        self,
+        x: np.ndarray,
+        y: List[Dict[str, np.ndarray]],
+        **kwargs,
+    ) -> Tuple[np.ndarray, List[Dict[str, np.ndarray]]]:
+        """
+        Generate poisoning examples and return them as an array. This method should be overridden by all concrete
+        poisoning attack implementations.
+
+        :param x: An array with the original inputs to be attacked.
+        :param y: True labels of type `List[Dict[np.ndarray]]`, one dictionary per input image.
+                  The keys and values of the dictionary are:
+                  - boxes [N, 4]: the boxes in [x1, y1, x2, y2] format, with 0 <= x1 < x2 <= W and 0 <= y1 < y2 <= H.
+                  - labels [N]: the labels for each image
+                  - scores [N]: the scores or each prediction.
+        :return: An tuple holding the `(poisoning_examples, poisoning_labels)`.
+        """
+        raise NotImplementedError
+
+
 class PoisoningAttackBlackBox(PoisoningAttack):
     """
     Abstract base class for poisoning attack classes that have no access to the model (classifier object).
@@ -425,7 +459,8 @@ def __init__(self, estimator, attack_feature: Union[int, slice] = 0):
         :param attack_feature: The index of the feature to be attacked.
         """
         super().__init__(estimator)
-        self.attack_feature = attack_feature
+        self._check_attack_feature(attack_feature)
+        self.attack_feature = get_feature_index(attack_feature)
 
     @abc.abstractmethod
     def infer(self, x: np.ndarray, y: Optional[np.ndarray] = None, **kwargs) -> np.ndarray:
@@ -439,6 +474,17 @@ def infer(self, x: np.ndarray, y: Optional[np.ndarray] = None, **kwargs) -> np.n
         """
         raise NotImplementedError
 
+    @staticmethod
+    def _check_attack_feature(attack_feature: Union[int, slice]) -> None:
+        if not isinstance(attack_feature, int) and not isinstance(attack_feature, slice):
+            raise ValueError("Attack feature must be either an integer or a slice object.")
+
+        if isinstance(attack_feature, int) and attack_feature < 0:
+            raise ValueError("Attack feature index must be non-negative.")
+
+    def _check_params(self) -> None:
+        self._check_attack_feature(self.attack_feature)
+
 
 class MembershipInferenceAttack(InferenceAttack):
     """

art/attacks/evasion/__init__.py

@@ -12,6 +12,7 @@
 from art.attacks.evasion.adversarial_asr import CarliniWagnerASR
 from art.attacks.evasion.auto_attack import AutoAttack
 from art.attacks.evasion.auto_projected_gradient_descent import AutoProjectedGradientDescent
+from art.attacks.evasion.auto_conjugate_gradient import AutoConjugateGradient
 
 if importlib.util.find_spec("numba") is not None:
     from art.attacks.evasion.brendel_bethge import BrendelBethgeAttack