diff --git a/armory/art_experimental/attacks/poison_loader_audio.py b/armory/art_experimental/attacks/poison_loader_audio.py index 2c2946f47..0156b587d 100644 --- a/armory/art_experimental/attacks/poison_loader_audio.py +++ b/armory/art_experimental/attacks/poison_loader_audio.py @@ -60,6 +60,7 @@ def insert(self, x: np.ndarray) -> np.ndarray: raise ValueError("Shift + Backdoor length is greater than audio's length.") audio[shift : shift + bd_length] += self.scaled_trigger + audio = np.clip(audio, -1.0, 1.0) return audio.astype(original_dtype) diff --git a/armory/baseline_models/tf_graph/audio_resnet50.py b/armory/baseline_models/tf_graph/audio_resnet50.py index befc741b1..c8049ddef 100644 --- a/armory/baseline_models/tf_graph/audio_resnet50.py +++ b/armory/baseline_models/tf_graph/audio_resnet50.py @@ -19,7 +19,7 @@ def get_spectrogram(audio): return spectrogram # shape (124, 129, 1) -def make_audio_resnet(**kwargs) -> tf.keras.Model: +def make_audio_resnet(sequential=True, **kwargs) -> tf.keras.Model: inputs = keras.Input(shape=(16000,)) spectrogram = Lambda(lambda audio: get_spectrogram(audio))(inputs) @@ -32,8 +32,10 @@ def make_audio_resnet(**kwargs) -> tf.keras.Model: ) model = keras.Model(resnet.inputs, resnet.outputs) - # ART's TensorFlowV2Classifier get_activations() requires a Sequential model - model = keras.Sequential([model]) + if sequential: + # ART's TensorFlowV2Classifier get_activations() requires a Sequential model + model = keras.Sequential([model]) + model.compile( optimizer=tf.keras.optimizers.Adam(), loss=tf.keras.losses.SparseCategoricalCrossentropy(), @@ -47,12 +49,7 @@ def get_art_model( model_kwargs: dict, wrapper_kwargs: dict, weights_path: Optional[str] = None ): - if weights_path: - raise ValueError( - "This model is implemented for poisoning and does not (yet) load saved weights." - ) - - model = make_audio_resnet(**model_kwargs) + model = make_audio_resnet(sequential=True, **model_kwargs) loss_object = losses.SparseCategoricalCrossentropy() @@ -73,3 +70,14 @@ def train_step(model, samples, labels): ) return art_classifier + + +def get_unwrapped_model( + weights_path: str, + **model_kwargs, +): + # This is used for the explanatory model for the poisoning fairness metrics + model = make_audio_resnet(sequential=False, **model_kwargs) + model.load_weights(weights_path) + + return model diff --git a/armory/metrics/poisoning.py b/armory/metrics/poisoning.py index 61ef25e0c..3eeb43df1 100644 --- a/armory/metrics/poisoning.py +++ b/armory/metrics/poisoning.py @@ -4,12 +4,21 @@ from PIL import Image import numpy as np import torch +import tensorflow as tf from armory.data.utils import maybe_download_weights_from_s3 # An armory user may request one of these models under 'adhoc'/'explanatory_model' EXPLANATORY_MODEL_CONFIGS = explanatory_model_configs = { - "cifar10_silhouette_model": { + "speech_commands_explanatory_model": { + "activation_layer": "avg_pool", + "data_modality": "audio", + "model_framework": "tensorflow", + "module": "armory.baseline_models.tf_graph.audio_resnet50", + "name": "get_unwrapped_model", + "weights_file": "speech_commands_explanatory_model_resnet50_bean.h5", + }, + "cifar10_explanatory_model": { "model_kwargs": { "data_means": [0.4914, 0.4822, 0.4465], "data_stds": [0.2471, 0.2435, 0.2616], @@ -17,17 +26,14 @@ }, "module": "armory.baseline_models.pytorch.resnet18_bean_regularization", "name": "get_model", - "resize_image": False, "weights_file": "cifar10_explanatory_model_resnet18_bean.pt", }, - "gtsrb_silhouette_model": { - "model_kwargs": {}, + "gtsrb_explanatory_model": { "module": "armory.baseline_models.pytorch.micronnet_gtsrb_bean_regularization", "name": "get_model", - "resize_image": False, "weights_file": "gtsrb_explanatory_model_micronnet_bean.pt", }, - "resisc10_silhouette_model": { + "resisc10_explanatory_model": { "model_kwargs": { "data_means": [0.39382024, 0.4159701, 0.40887499], "data_stds": [0.18931773, 0.18901625, 0.19651154], @@ -35,6 +41,9 @@ }, "module": "armory.baseline_models.pytorch.resnet18_bean_regularization", "name": "get_model", + "preprocess_kwargs": { + "resize_image": True, + }, "weights_file": "resisc10_explanatory_model_resnet18_bean.pt", }, } @@ -46,18 +55,44 @@ class ExplanatoryModel: def __init__( self, explanatory_model, - resize_image=True, - size=(224, 224), - resample=Image.BILINEAR, - device=DEVICE, + data_modality="image", + model_framework="pytorch", + activation_layer=None, + preprocess_kwargs=None, ): + """ + explanatory_model: A callable pytorch or tensorflow model used to produce + activations for silhouette analysis + data_modality: one of "image" or "audio" (more options to be added as needed) + model_framework: "pytorch" or "tensorflow" + activation_layer: name of the layer of the model from which to draw activations + (currently only for tensorflow models). + If None, uses the final output layer. + preprocess_kwargs: keyword arguments for the preprocessing function + """ if not callable(explanatory_model): raise ValueError(f"explanatory_model {explanatory_model} is not callable") + if model_framework not in ("pytorch", "tensorflow"): + raise ValueError( + f"model_framework should be 'pytorch' or 'tensorflow', not '{model_framework}'" + ) self.explanatory_model = explanatory_model - self.resize_image = bool(resize_image) - self.size = size - self.resample = resample - self.device = device + self.data_modality = data_modality + self.model_framework = model_framework + self.activation_layer = activation_layer + self.preprocess_kwargs = preprocess_kwargs if preprocess_kwargs else {} + + if self.activation_layer is not None: + if self.model_framework == "tensorflow": + # Set explanatory_model to return activations from internal layer + self.explanatory_model = tf.keras.Model( + explanatory_model.layers[0].input, + explanatory_model.get_layer(self.activation_layer).output, + ) + else: + raise ValueError( + "Currently, 'activation_layer' can only be specified for a tensorflow model, not pytorch." + ) @classmethod def from_config(cls, model_config, **kwargs): @@ -87,7 +122,10 @@ def from_config(cls, model_config, **kwargs): model_fn = getattr(model_module, name) explanatory_model = model_fn(weights_path, **model_kwargs) - return cls(explanatory_model, **model_config) + return cls( + explanatory_model, + **model_config, + ) def get_activations(self, x, batch_size: int = None): """ @@ -96,25 +134,32 @@ def get_activations(self, x, batch_size: int = None): if batch_size, batch inputs and then concatenate """ activations = [] - with torch.no_grad(): - if batch_size: - batch_size = int(batch_size) - if batch_size < 1: - raise ValueError("batch_size must be false or a positive int") - else: - batch_size = len(x) + if batch_size: + batch_size = int(batch_size) + if batch_size < 1: + raise ValueError("batch_size must be false or a positive int") + else: + batch_size = len(x) + + for i in range(0, len(x), batch_size): + x_batch = x[i : i + batch_size] - for i in range(0, len(x), batch_size): - x_batch = x[i : i + batch_size] + if self.model_framework == "pytorch": + with torch.no_grad(): + x_batch = self.preprocess(x_batch) + activation, _ = self.explanatory_model(x_batch) + activations.append(activation.detach().cpu().numpy()) + + elif self.model_framework == "tensorflow": x_batch = self.preprocess(x_batch) - activation, _ = self.explanatory_model(x_batch) - activations.append(activation.detach().cpu().numpy()) + activation = self.explanatory_model(x_batch, training=False) + activations.append(activation.numpy()) return np.concatenate(activations) @staticmethod - def _preprocess( - x, resize_image=True, size=(224, 224), resample=Image.BILINEAR, device=DEVICE + def _preprocess_image( + x, resize_image=False, size=(224, 224), resample=Image.BILINEAR, device=DEVICE ): if np.issubdtype(x.dtype, np.floating): if x.min() < 0.0 or x.max() > 1.0: @@ -145,10 +190,15 @@ def preprocess(self, x): """ Preprocess a batch of images """ - return type(self)._preprocess( - x, - self.resize_image, - self.size, - resample=self.resample, - device=self.device, - ) + if self.data_modality == "image": + return type(self)._preprocess_image( + x, + **self.preprocess_kwargs, + ) + elif self.data_modality == "audio": + return x + + else: + raise ValueError( + f"There is no preprocessing function for data_modality '{self.data_modality}'. Please set data_modality to 'image' or 'audio', or implement preprocessing for data_modality '{self.data_modality}'" + ) diff --git a/scenario_configs/eval1-4/poisoning/gtsrb_scenario_clbd.json b/scenario_configs/eval1-4/poisoning/gtsrb_scenario_clbd.json index 85dc64de8..582f60254 100644 --- a/scenario_configs/eval1-4/poisoning/gtsrb_scenario_clbd.json +++ b/scenario_configs/eval1-4/poisoning/gtsrb_scenario_clbd.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": true, "experiment_id": 0, - "explanatory_model": "gtsrb_silhouette_model", + "explanatory_model": "gtsrb_explanatory_model", "poison_dataset": true, "source_class": 1, "split_id": 0, diff --git a/scenario_configs/eval1-4/poisoning/gtsrb_scenario_clbd_bullethole.json b/scenario_configs/eval1-4/poisoning/gtsrb_scenario_clbd_bullethole.json index 16a1d5b52..568fa9d35 100644 --- a/scenario_configs/eval1-4/poisoning/gtsrb_scenario_clbd_bullethole.json +++ b/scenario_configs/eval1-4/poisoning/gtsrb_scenario_clbd_bullethole.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": true, "experiment_id": 0, - "explanatory_model": "gtsrb_silhouette_model", + "explanatory_model": "gtsrb_explanatory_model", "poison_dataset": true, "source_class": 1, "split_id": 0, diff --git a/scenario_configs/eval1-4/poisoning/gtsrb_scenario_clbd_defended.json b/scenario_configs/eval1-4/poisoning/gtsrb_scenario_clbd_defended.json index 0a2489870..231fe90e5 100644 --- a/scenario_configs/eval1-4/poisoning/gtsrb_scenario_clbd_defended.json +++ b/scenario_configs/eval1-4/poisoning/gtsrb_scenario_clbd_defended.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": true, "experiment_id": 0, - "explanatory_model": "gtsrb_silhouette_model", + "explanatory_model": "gtsrb_explanatory_model", "poison_dataset": true, "source_class": 1, "split_id": 0, diff --git a/scenario_configs/eval1-4/poisoning/resisc10_poison_dlbd.json b/scenario_configs/eval1-4/poisoning/resisc10_poison_dlbd.json index 92ae3869b..547691db9 100644 --- a/scenario_configs/eval1-4/poisoning/resisc10_poison_dlbd.json +++ b/scenario_configs/eval1-4/poisoning/resisc10_poison_dlbd.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": true, "experiment_id": 0, - "explanatory_model": "resisc10_silhouette_model", + "explanatory_model": "resisc10_explanatory_model", "fraction_poisoned": 0.1, "poison_dataset": true, "source_class": 1, diff --git a/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/dlbd/copyright/cifar10_dlbd_copyright_activation_defense.json b/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/dlbd/copyright/cifar10_dlbd_copyright_activation_defense.json index 8c81dcb80..a50a7a395 100644 --- a/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/dlbd/copyright/cifar10_dlbd_copyright_activation_defense.json +++ b/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/dlbd/copyright/cifar10_dlbd_copyright_activation_defense.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": true, "experiment_id": 0, - "explanatory_model": "cifar10_silhouette_model", + "explanatory_model": "cifar10_explanatory_model", "fraction_poisoned": 0.1, "poison_dataset": true, "source_class": 0, diff --git a/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/dlbd/copyright/cifar10_dlbd_copyright_perfect_filter.json b/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/dlbd/copyright/cifar10_dlbd_copyright_perfect_filter.json index c2bfeffb3..443cbf4dc 100644 --- a/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/dlbd/copyright/cifar10_dlbd_copyright_perfect_filter.json +++ b/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/dlbd/copyright/cifar10_dlbd_copyright_perfect_filter.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": true, "experiment_id": 0, - "explanatory_model": "cifar10_silhouette_model", + "explanatory_model": "cifar10_explanatory_model", "fraction_poisoned": 0.1, "poison_dataset": true, "source_class": 0, diff --git a/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/dlbd/copyright/cifar10_dlbd_copyright_random_filter.json b/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/dlbd/copyright/cifar10_dlbd_copyright_random_filter.json index 4ccc423c0..ce5bd993b 100644 --- a/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/dlbd/copyright/cifar10_dlbd_copyright_random_filter.json +++ b/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/dlbd/copyright/cifar10_dlbd_copyright_random_filter.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": true, "experiment_id": 0, - "explanatory_model": "cifar10_silhouette_model", + "explanatory_model": "cifar10_explanatory_model", "fit_defense_classifier_outside_defense": false, "fraction_poisoned": 0.1, "poison_dataset": true, diff --git a/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/dlbd/copyright/cifar10_dlbd_copyright_spectral_signature_defense.json b/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/dlbd/copyright/cifar10_dlbd_copyright_spectral_signature_defense.json index 0b72a68c5..f25b25c27 100644 --- a/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/dlbd/copyright/cifar10_dlbd_copyright_spectral_signature_defense.json +++ b/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/dlbd/copyright/cifar10_dlbd_copyright_spectral_signature_defense.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": true, "experiment_id": 0, - "explanatory_model": "cifar10_silhouette_model", + "explanatory_model": "cifar10_explanatory_model", "fraction_poisoned": 0.1, "poison_dataset": true, "source_class": 0, diff --git a/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/dlbd/copyright/cifar10_dlbd_copyright_undefended.json b/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/dlbd/copyright/cifar10_dlbd_copyright_undefended.json index 0e649c354..7f578aaab 100644 --- a/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/dlbd/copyright/cifar10_dlbd_copyright_undefended.json +++ b/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/dlbd/copyright/cifar10_dlbd_copyright_undefended.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": true, "experiment_id": 0, - "explanatory_model": "cifar10_silhouette_model", + "explanatory_model": "cifar10_explanatory_model", "fraction_poisoned": 0.1, "poison_dataset": true, "source_class": 0, diff --git a/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/dlbd/watermark/cifar10_dlbd_watermark_activation_defense.json b/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/dlbd/watermark/cifar10_dlbd_watermark_activation_defense.json index a0b4fff16..fdb2d38e8 100644 --- a/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/dlbd/watermark/cifar10_dlbd_watermark_activation_defense.json +++ b/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/dlbd/watermark/cifar10_dlbd_watermark_activation_defense.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": true, "experiment_id": 0, - "explanatory_model": "cifar10_silhouette_model", + "explanatory_model": "cifar10_explanatory_model", "fraction_poisoned": 0.1, "poison_dataset": true, "source_class": 0, diff --git a/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/dlbd/watermark/cifar10_dlbd_watermark_perfect_filter.json b/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/dlbd/watermark/cifar10_dlbd_watermark_perfect_filter.json index 001f12cbc..ed6e53fa4 100644 --- a/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/dlbd/watermark/cifar10_dlbd_watermark_perfect_filter.json +++ b/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/dlbd/watermark/cifar10_dlbd_watermark_perfect_filter.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": true, "experiment_id": 0, - "explanatory_model": "cifar10_silhouette_model", + "explanatory_model": "cifar10_explanatory_model", "fraction_poisoned": 0.1, "poison_dataset": true, "source_class": 0, diff --git a/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/dlbd/watermark/cifar10_dlbd_watermark_random_filter.json b/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/dlbd/watermark/cifar10_dlbd_watermark_random_filter.json index e6fda6bbc..3bcff8ede 100644 --- a/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/dlbd/watermark/cifar10_dlbd_watermark_random_filter.json +++ b/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/dlbd/watermark/cifar10_dlbd_watermark_random_filter.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": true, "experiment_id": 0, - "explanatory_model": "cifar10_silhouette_model", + "explanatory_model": "cifar10_explanatory_model", "fit_defense_classifier_outside_defense": false, "fraction_poisoned": 0.1, "poison_dataset": true, diff --git a/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/dlbd/watermark/cifar10_dlbd_watermark_spectral_signature_defense.json b/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/dlbd/watermark/cifar10_dlbd_watermark_spectral_signature_defense.json index b184e6c9c..509b42419 100644 --- a/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/dlbd/watermark/cifar10_dlbd_watermark_spectral_signature_defense.json +++ b/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/dlbd/watermark/cifar10_dlbd_watermark_spectral_signature_defense.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": true, "experiment_id": 0, - "explanatory_model": "cifar10_silhouette_model", + "explanatory_model": "cifar10_explanatory_model", "fraction_poisoned": 0.1, "poison_dataset": true, "source_class": 0, diff --git a/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/dlbd/watermark/cifar10_dlbd_watermark_undefended.json b/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/dlbd/watermark/cifar10_dlbd_watermark_undefended.json index d2f0d00d8..925e51188 100644 --- a/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/dlbd/watermark/cifar10_dlbd_watermark_undefended.json +++ b/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/dlbd/watermark/cifar10_dlbd_watermark_undefended.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": true, "experiment_id": 0, - "explanatory_model": "cifar10_silhouette_model", + "explanatory_model": "cifar10_explanatory_model", "fraction_poisoned": 0.1, "poison_dataset": true, "source_class": 0, diff --git a/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/witches_brew/cifar10_witches_brew_activation_defense.json b/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/witches_brew/cifar10_witches_brew_activation_defense.json index 14f3f2d48..334ea571f 100644 --- a/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/witches_brew/cifar10_witches_brew_activation_defense.json +++ b/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/witches_brew/cifar10_witches_brew_activation_defense.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": true, "experiment_id": 0, - "explanatory_model": "cifar10_silhouette_model", + "explanatory_model": "cifar10_explanatory_model", "fraction_poisoned": 0.1, "poison_dataset": true, "source_class": [ diff --git a/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/witches_brew/cifar10_witches_brew_perfect_filter.json b/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/witches_brew/cifar10_witches_brew_perfect_filter.json index 1c48c0bc3..ac8245dd6 100644 --- a/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/witches_brew/cifar10_witches_brew_perfect_filter.json +++ b/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/witches_brew/cifar10_witches_brew_perfect_filter.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": true, "experiment_id": 0, - "explanatory_model": "cifar10_silhouette_model", + "explanatory_model": "cifar10_explanatory_model", "fraction_poisoned": 0.1, "poison_dataset": true, "source_class": [ diff --git a/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/witches_brew/cifar10_witches_brew_random_filter.json b/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/witches_brew/cifar10_witches_brew_random_filter.json index 808afa07c..b7cc9fcca 100644 --- a/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/witches_brew/cifar10_witches_brew_random_filter.json +++ b/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/witches_brew/cifar10_witches_brew_random_filter.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": true, "experiment_id": 0, - "explanatory_model": "cifar10_silhouette_model", + "explanatory_model": "cifar10_explanatory_model", "fit_defense_classifier_outside_defense": false, "fraction_poisoned": 0.1, "poison_dataset": true, diff --git a/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/witches_brew/cifar10_witches_brew_spectral_signature_defense.json b/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/witches_brew/cifar10_witches_brew_spectral_signature_defense.json index 1bee80af1..c3b2f4908 100644 --- a/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/witches_brew/cifar10_witches_brew_spectral_signature_defense.json +++ b/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/witches_brew/cifar10_witches_brew_spectral_signature_defense.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": true, "experiment_id": 0, - "explanatory_model": "cifar10_silhouette_model", + "explanatory_model": "cifar10_explanatory_model", "fraction_poisoned": 0.1, "poison_dataset": true, "source_class": [ diff --git a/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/witches_brew/cifar10_witches_brew_undefended.json b/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/witches_brew/cifar10_witches_brew_undefended.json index 18ed94ca0..cacd8e609 100644 --- a/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/witches_brew/cifar10_witches_brew_undefended.json +++ b/scenario_configs/eval5/poisoning/baseline_defenses/cifar10/witches_brew/cifar10_witches_brew_undefended.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": true, "experiment_id": 0, - "explanatory_model": "cifar10_silhouette_model", + "explanatory_model": "cifar10_explanatory_model", "fraction_poisoned": 0.1, "poison_dataset": true, "source_class": [ diff --git a/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/clbd/bullet_holes/gtsrb_clbd_bullet_holes_activation_defense.json b/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/clbd/bullet_holes/gtsrb_clbd_bullet_holes_activation_defense.json index a9f4dd826..e9767799e 100644 --- a/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/clbd/bullet_holes/gtsrb_clbd_bullet_holes_activation_defense.json +++ b/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/clbd/bullet_holes/gtsrb_clbd_bullet_holes_activation_defense.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": true, "experiment_id": 0, - "explanatory_model": "gtsrb_silhouette_model", + "explanatory_model": "gtsrb_explanatory_model", "poison_dataset": true, "source_class": 1, "split_id": 0, diff --git a/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/clbd/bullet_holes/gtsrb_clbd_bullet_holes_perfect_filter.json b/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/clbd/bullet_holes/gtsrb_clbd_bullet_holes_perfect_filter.json index ff8ea228a..e5ef2ce72 100644 --- a/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/clbd/bullet_holes/gtsrb_clbd_bullet_holes_perfect_filter.json +++ b/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/clbd/bullet_holes/gtsrb_clbd_bullet_holes_perfect_filter.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": true, "experiment_id": 0, - "explanatory_model": "gtsrb_silhouette_model", + "explanatory_model": "gtsrb_explanatory_model", "poison_dataset": true, "source_class": 1, "split_id": 0, diff --git a/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/clbd/bullet_holes/gtsrb_clbd_bullet_holes_random_filter.json b/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/clbd/bullet_holes/gtsrb_clbd_bullet_holes_random_filter.json index 47e8faa87..42a999aae 100644 --- a/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/clbd/bullet_holes/gtsrb_clbd_bullet_holes_random_filter.json +++ b/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/clbd/bullet_holes/gtsrb_clbd_bullet_holes_random_filter.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": true, "experiment_id": 0, - "explanatory_model": "gtsrb_silhouette_model", + "explanatory_model": "gtsrb_explanatory_model", "fit_defense_classifier_outside_defense": false, "poison_dataset": true, "source_class": 1, diff --git a/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/clbd/bullet_holes/gtsrb_clbd_bullet_holes_spectral_signature_defense.json b/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/clbd/bullet_holes/gtsrb_clbd_bullet_holes_spectral_signature_defense.json index 806c62549..9d7cc98f7 100644 --- a/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/clbd/bullet_holes/gtsrb_clbd_bullet_holes_spectral_signature_defense.json +++ b/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/clbd/bullet_holes/gtsrb_clbd_bullet_holes_spectral_signature_defense.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": true, "experiment_id": 0, - "explanatory_model": "gtsrb_silhouette_model", + "explanatory_model": "gtsrb_explanatory_model", "poison_dataset": true, "source_class": 1, "split_id": 0, diff --git a/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/clbd/bullet_holes/gtsrb_clbd_bullet_holes_undefended.json b/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/clbd/bullet_holes/gtsrb_clbd_bullet_holes_undefended.json index 05ff51d4c..4c5fea615 100644 --- a/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/clbd/bullet_holes/gtsrb_clbd_bullet_holes_undefended.json +++ b/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/clbd/bullet_holes/gtsrb_clbd_bullet_holes_undefended.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": true, "experiment_id": 0, - "explanatory_model": "gtsrb_silhouette_model", + "explanatory_model": "gtsrb_explanatory_model", "poison_dataset": true, "source_class": 1, "split_id": 0, diff --git a/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/clbd/peace_sign/gtsrb_clbd_peace_sign_activation_defense.json b/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/clbd/peace_sign/gtsrb_clbd_peace_sign_activation_defense.json index 004ba4006..f22a3a5d1 100644 --- a/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/clbd/peace_sign/gtsrb_clbd_peace_sign_activation_defense.json +++ b/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/clbd/peace_sign/gtsrb_clbd_peace_sign_activation_defense.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": true, "experiment_id": 0, - "explanatory_model": "gtsrb_silhouette_model", + "explanatory_model": "gtsrb_explanatory_model", "poison_dataset": true, "source_class": 1, "split_id": 0, diff --git a/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/clbd/peace_sign/gtsrb_clbd_peace_sign_perfect_filter.json b/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/clbd/peace_sign/gtsrb_clbd_peace_sign_perfect_filter.json index 06bca5699..f250e8f33 100644 --- a/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/clbd/peace_sign/gtsrb_clbd_peace_sign_perfect_filter.json +++ b/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/clbd/peace_sign/gtsrb_clbd_peace_sign_perfect_filter.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": true, "experiment_id": 0, - "explanatory_model": "gtsrb_silhouette_model", + "explanatory_model": "gtsrb_explanatory_model", "poison_dataset": true, "source_class": 1, "split_id": 0, diff --git a/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/clbd/peace_sign/gtsrb_clbd_peace_sign_random_filter.json b/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/clbd/peace_sign/gtsrb_clbd_peace_sign_random_filter.json index 8ed4435e7..3f7b91029 100644 --- a/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/clbd/peace_sign/gtsrb_clbd_peace_sign_random_filter.json +++ b/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/clbd/peace_sign/gtsrb_clbd_peace_sign_random_filter.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": true, "experiment_id": 0, - "explanatory_model": "gtsrb_silhouette_model", + "explanatory_model": "gtsrb_explanatory_model", "fit_defense_classifier_outside_defense": false, "poison_dataset": true, "source_class": 1, diff --git a/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/clbd/peace_sign/gtsrb_clbd_peace_sign_spectral_signature_defense.json b/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/clbd/peace_sign/gtsrb_clbd_peace_sign_spectral_signature_defense.json index 4958064ba..7e408ffe2 100644 --- a/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/clbd/peace_sign/gtsrb_clbd_peace_sign_spectral_signature_defense.json +++ b/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/clbd/peace_sign/gtsrb_clbd_peace_sign_spectral_signature_defense.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": true, "experiment_id": 0, - "explanatory_model": "gtsrb_silhouette_model", + "explanatory_model": "gtsrb_explanatory_model", "poison_dataset": true, "source_class": 1, "split_id": 0, diff --git a/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/clbd/peace_sign/gtsrb_clbd_peace_sign_undefended.json b/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/clbd/peace_sign/gtsrb_clbd_peace_sign_undefended.json index a7f980675..43f291367 100644 --- a/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/clbd/peace_sign/gtsrb_clbd_peace_sign_undefended.json +++ b/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/clbd/peace_sign/gtsrb_clbd_peace_sign_undefended.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": true, "experiment_id": 0, - "explanatory_model": "gtsrb_silhouette_model", + "explanatory_model": "gtsrb_explanatory_model", "poison_dataset": true, "source_class": 1, "split_id": 0, diff --git a/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/dlbd/bullet_holes/gtsrb_dlbd_bullet_holes_activation_defense.json b/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/dlbd/bullet_holes/gtsrb_dlbd_bullet_holes_activation_defense.json index 1c9ef0078..f121d0cdf 100644 --- a/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/dlbd/bullet_holes/gtsrb_dlbd_bullet_holes_activation_defense.json +++ b/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/dlbd/bullet_holes/gtsrb_dlbd_bullet_holes_activation_defense.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": true, "experiment_id": 0, - "explanatory_model": "gtsrb_silhouette_model", + "explanatory_model": "gtsrb_explanatory_model", "fraction_poisoned": 0.1, "poison_dataset": true, "source_class": 1, diff --git a/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/dlbd/bullet_holes/gtsrb_dlbd_bullet_holes_perfect_filter.json b/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/dlbd/bullet_holes/gtsrb_dlbd_bullet_holes_perfect_filter.json index 633f698a9..c11204312 100644 --- a/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/dlbd/bullet_holes/gtsrb_dlbd_bullet_holes_perfect_filter.json +++ b/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/dlbd/bullet_holes/gtsrb_dlbd_bullet_holes_perfect_filter.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": true, "experiment_id": 0, - "explanatory_model": "gtsrb_silhouette_model", + "explanatory_model": "gtsrb_explanatory_model", "fraction_poisoned": 0.1, "poison_dataset": true, "source_class": 1, diff --git a/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/dlbd/bullet_holes/gtsrb_dlbd_bullet_holes_random_filter.json b/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/dlbd/bullet_holes/gtsrb_dlbd_bullet_holes_random_filter.json index 4c802aff5..8d8db0c6b 100644 --- a/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/dlbd/bullet_holes/gtsrb_dlbd_bullet_holes_random_filter.json +++ b/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/dlbd/bullet_holes/gtsrb_dlbd_bullet_holes_random_filter.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": true, "experiment_id": 0, - "explanatory_model": "gtsrb_silhouette_model", + "explanatory_model": "gtsrb_explanatory_model", "fit_defense_classifier_outside_defense": false, "fraction_poisoned": 0.1, "poison_dataset": true, diff --git a/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/dlbd/bullet_holes/gtsrb_dlbd_bullet_holes_spectral_signature_defense.json b/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/dlbd/bullet_holes/gtsrb_dlbd_bullet_holes_spectral_signature_defense.json index 85d861d01..1c9ca11ea 100644 --- a/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/dlbd/bullet_holes/gtsrb_dlbd_bullet_holes_spectral_signature_defense.json +++ b/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/dlbd/bullet_holes/gtsrb_dlbd_bullet_holes_spectral_signature_defense.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": true, "experiment_id": 0, - "explanatory_model": "gtsrb_silhouette_model", + "explanatory_model": "gtsrb_explanatory_model", "fraction_poisoned": 0.1, "poison_dataset": true, "source_class": 1, diff --git a/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/dlbd/bullet_holes/gtsrb_dlbd_bullet_holes_undefended.json b/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/dlbd/bullet_holes/gtsrb_dlbd_bullet_holes_undefended.json index f9a90aea8..a0b6b8bc2 100644 --- a/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/dlbd/bullet_holes/gtsrb_dlbd_bullet_holes_undefended.json +++ b/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/dlbd/bullet_holes/gtsrb_dlbd_bullet_holes_undefended.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": true, "experiment_id": 0, - "explanatory_model": "gtsrb_silhouette_model", + "explanatory_model": "gtsrb_explanatory_model", "fraction_poisoned": 0.1, "poison_dataset": true, "source_class": 1, diff --git a/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/dlbd/peace_sign/gtsrb_dlbd_peace_sign_activation_defense.json b/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/dlbd/peace_sign/gtsrb_dlbd_peace_sign_activation_defense.json index ba6b3c040..cc72f0107 100644 --- a/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/dlbd/peace_sign/gtsrb_dlbd_peace_sign_activation_defense.json +++ b/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/dlbd/peace_sign/gtsrb_dlbd_peace_sign_activation_defense.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": true, "experiment_id": 0, - "explanatory_model": "gtsrb_silhouette_model", + "explanatory_model": "gtsrb_explanatory_model", "fraction_poisoned": 0.1, "poison_dataset": true, "source_class": 1, diff --git a/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/dlbd/peace_sign/gtsrb_dlbd_peace_sign_perfect_filter.json b/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/dlbd/peace_sign/gtsrb_dlbd_peace_sign_perfect_filter.json index fa9be3aca..d7771c848 100644 --- a/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/dlbd/peace_sign/gtsrb_dlbd_peace_sign_perfect_filter.json +++ b/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/dlbd/peace_sign/gtsrb_dlbd_peace_sign_perfect_filter.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": true, "experiment_id": 0, - "explanatory_model": "gtsrb_silhouette_model", + "explanatory_model": "gtsrb_explanatory_model", "fraction_poisoned": 0.1, "poison_dataset": true, "source_class": 1, diff --git a/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/dlbd/peace_sign/gtsrb_dlbd_peace_sign_random_filter.json b/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/dlbd/peace_sign/gtsrb_dlbd_peace_sign_random_filter.json index ad83c0919..64738770e 100644 --- a/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/dlbd/peace_sign/gtsrb_dlbd_peace_sign_random_filter.json +++ b/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/dlbd/peace_sign/gtsrb_dlbd_peace_sign_random_filter.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": true, "experiment_id": 0, - "explanatory_model": "gtsrb_silhouette_model", + "explanatory_model": "gtsrb_explanatory_model", "fit_defense_classifier_outside_defense": false, "fraction_poisoned": 0.1, "poison_dataset": true, diff --git a/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/dlbd/peace_sign/gtsrb_dlbd_peace_sign_spectral_signature_defense.json b/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/dlbd/peace_sign/gtsrb_dlbd_peace_sign_spectral_signature_defense.json index d01c5e76f..d0a6e77f2 100644 --- a/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/dlbd/peace_sign/gtsrb_dlbd_peace_sign_spectral_signature_defense.json +++ b/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/dlbd/peace_sign/gtsrb_dlbd_peace_sign_spectral_signature_defense.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": true, "experiment_id": 0, - "explanatory_model": "gtsrb_silhouette_model", + "explanatory_model": "gtsrb_explanatory_model", "fraction_poisoned": 0.1, "poison_dataset": true, "source_class": 1, diff --git a/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/dlbd/peace_sign/gtsrb_dlbd_peace_sign_undefended.json b/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/dlbd/peace_sign/gtsrb_dlbd_peace_sign_undefended.json index ad60d9dd6..4c1436ba5 100644 --- a/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/dlbd/peace_sign/gtsrb_dlbd_peace_sign_undefended.json +++ b/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/dlbd/peace_sign/gtsrb_dlbd_peace_sign_undefended.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": true, "experiment_id": 0, - "explanatory_model": "gtsrb_silhouette_model", + "explanatory_model": "gtsrb_explanatory_model", "fraction_poisoned": 0.1, "poison_dataset": true, "source_class": 1, diff --git a/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/witches_brew/gtsrb_witches_brew_activation_defense.json b/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/witches_brew/gtsrb_witches_brew_activation_defense.json index 80dafa9be..fdd93c243 100644 --- a/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/witches_brew/gtsrb_witches_brew_activation_defense.json +++ b/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/witches_brew/gtsrb_witches_brew_activation_defense.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": true, "experiment_id": 0, - "explanatory_model": "gtsrb_silhouette_model", + "explanatory_model": "gtsrb_explanatory_model", "fraction_poisoned": 0.01, "poison_dataset": true, "source_class": 1, diff --git a/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/witches_brew/gtsrb_witches_brew_perfect_filter.json b/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/witches_brew/gtsrb_witches_brew_perfect_filter.json index e37ca581e..964293649 100644 --- a/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/witches_brew/gtsrb_witches_brew_perfect_filter.json +++ b/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/witches_brew/gtsrb_witches_brew_perfect_filter.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": true, "experiment_id": 0, - "explanatory_model": "gtsrb_silhouette_model", + "explanatory_model": "gtsrb_explanatory_model", "fraction_poisoned": 0.01, "poison_dataset": true, "source_class": 1, diff --git a/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/witches_brew/gtsrb_witches_brew_random_filter.json b/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/witches_brew/gtsrb_witches_brew_random_filter.json index 0557f2ea2..bc0971933 100644 --- a/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/witches_brew/gtsrb_witches_brew_random_filter.json +++ b/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/witches_brew/gtsrb_witches_brew_random_filter.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": true, "experiment_id": 0, - "explanatory_model": "gtsrb_silhouette_model", + "explanatory_model": "gtsrb_explanatory_model", "fit_defense_classifier_outside_defense": false, "fraction_poisoned": 0.01, "poison_dataset": true, diff --git a/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/witches_brew/gtsrb_witches_brew_spectral_signature_defense.json b/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/witches_brew/gtsrb_witches_brew_spectral_signature_defense.json index 0c87e39c1..367428039 100644 --- a/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/witches_brew/gtsrb_witches_brew_spectral_signature_defense.json +++ b/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/witches_brew/gtsrb_witches_brew_spectral_signature_defense.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": true, "experiment_id": 0, - "explanatory_model": "gtsrb_silhouette_model", + "explanatory_model": "gtsrb_explanatory_model", "fraction_poisoned": 0.01, "poison_dataset": true, "source_class": 1, diff --git a/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/witches_brew/gtsrb_witches_brew_undefended.json b/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/witches_brew/gtsrb_witches_brew_undefended.json index 8de841057..027a85fa6 100644 --- a/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/witches_brew/gtsrb_witches_brew_undefended.json +++ b/scenario_configs/eval5/poisoning/baseline_defenses/gtsrb/witches_brew/gtsrb_witches_brew_undefended.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": true, "experiment_id": 0, - "explanatory_model": "gtsrb_silhouette_model", + "explanatory_model": "gtsrb_explanatory_model", "fraction_poisoned": 0.01, "poison_dataset": true, "source_class": 1, diff --git a/scenario_configs/eval5/poisoning/cifar10_poison_dlbd.json b/scenario_configs/eval5/poisoning/cifar10_poison_dlbd.json index 3d4b7379a..c0ade563c 100644 --- a/scenario_configs/eval5/poisoning/cifar10_poison_dlbd.json +++ b/scenario_configs/eval5/poisoning/cifar10_poison_dlbd.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": true, "experiment_id": 0, - "explanatory_model": "cifar10_silhouette_model", + "explanatory_model": "cifar10_explanatory_model", "fraction_poisoned": 0.1, "poison_dataset": true, "source_class": 0, diff --git a/scenario_configs/eval5/poisoning/cifar10_witches_brew.json b/scenario_configs/eval5/poisoning/cifar10_witches_brew.json index dc8e1c9ec..ab4e7cd09 100644 --- a/scenario_configs/eval5/poisoning/cifar10_witches_brew.json +++ b/scenario_configs/eval5/poisoning/cifar10_witches_brew.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": true, "experiment_id": 0, - "explanatory_model": "cifar10_silhouette_model", + "explanatory_model": "cifar10_explanatory_model", "fraction_poisoned": 0.1, "poison_dataset": true, "source_class": [ diff --git a/scenario_configs/eval5/poisoning/gtsrb_dlbd_baseline_keras.json b/scenario_configs/eval5/poisoning/gtsrb_dlbd_baseline_keras.json index 3333d9841..c7720d8d8 100644 --- a/scenario_configs/eval5/poisoning/gtsrb_dlbd_baseline_keras.json +++ b/scenario_configs/eval5/poisoning/gtsrb_dlbd_baseline_keras.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": true, "experiment_id": 0, - "explanatory_model": "gtsrb_silhouette_model", + "explanatory_model": "gtsrb_explanatory_model", "fraction_poisoned": 0.1, "poison_dataset": true, "source_class": 1, diff --git a/scenario_configs/eval5/poisoning/gtsrb_dlbd_baseline_pytorch.json b/scenario_configs/eval5/poisoning/gtsrb_dlbd_baseline_pytorch.json index 8417da5fb..e37b2f619 100644 --- a/scenario_configs/eval5/poisoning/gtsrb_dlbd_baseline_pytorch.json +++ b/scenario_configs/eval5/poisoning/gtsrb_dlbd_baseline_pytorch.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": true, "experiment_id": 0, - "explanatory_model": "gtsrb_silhouette_model", + "explanatory_model": "gtsrb_explanatory_model", "fraction_poisoned": 0.1, "poison_dataset": true, "source_class": 1, diff --git a/scenario_configs/eval5/poisoning/gtsrb_witches_brew.json b/scenario_configs/eval5/poisoning/gtsrb_witches_brew.json index 9a00c03cb..efd02102a 100644 --- a/scenario_configs/eval5/poisoning/gtsrb_witches_brew.json +++ b/scenario_configs/eval5/poisoning/gtsrb_witches_brew.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": true, "experiment_id": 0, - "explanatory_model": "gtsrb_silhouette_model", + "explanatory_model": "gtsrb_explanatory_model", "fraction_poisoned": 0.01, "poison_dataset": true, "source_class": 1, diff --git a/scenario_configs/eval6/poisoning/audio_dlbd/audio_p00_undefended.json b/scenario_configs/eval6/poisoning/audio_dlbd/audio_p00_undefended.json index f72899d72..91f53e552 100644 --- a/scenario_configs/eval6/poisoning/audio_dlbd/audio_p00_undefended.json +++ b/scenario_configs/eval6/poisoning/audio_dlbd/audio_p00_undefended.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": false, "experiment_id": 0, - "explanatory_model": null, + "explanatory_model": "speech_commands_explanatory_model", "fraction_poisoned": 0, "poison_dataset": false, "source_class": 11, diff --git a/scenario_configs/eval6/poisoning/audio_dlbd/audio_p01_undefended.json b/scenario_configs/eval6/poisoning/audio_dlbd/audio_p01_undefended.json index 03629aa1b..6e6db4ab2 100644 --- a/scenario_configs/eval6/poisoning/audio_dlbd/audio_p01_undefended.json +++ b/scenario_configs/eval6/poisoning/audio_dlbd/audio_p01_undefended.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": false, "experiment_id": 0, - "explanatory_model": null, + "explanatory_model": "speech_commands_explanatory_model", "fraction_poisoned": 0.01, "poison_dataset": true, "source_class": 11, @@ -46,9 +46,7 @@ "wrapper_kwargs": {} }, "scenario": { - "kwargs": { - "fit_generator": false - }, + "kwargs": {}, "module": "armory.scenarios.poison", "name": "Poison" }, diff --git a/scenario_configs/eval6/poisoning/audio_dlbd/audio_p05_undefended.json b/scenario_configs/eval6/poisoning/audio_dlbd/audio_p05_undefended.json index 1d3736884..30c31d1a7 100644 --- a/scenario_configs/eval6/poisoning/audio_dlbd/audio_p05_undefended.json +++ b/scenario_configs/eval6/poisoning/audio_dlbd/audio_p05_undefended.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": false, "experiment_id": 0, - "explanatory_model": null, + "explanatory_model": "speech_commands_explanatory_model", "fraction_poisoned": 0.05, "poison_dataset": true, "source_class": 11, diff --git a/scenario_configs/eval6/poisoning/audio_dlbd/audio_p10_undefended.json b/scenario_configs/eval6/poisoning/audio_dlbd/audio_p10_undefended.json index 94e6cb6ac..c6492e794 100644 --- a/scenario_configs/eval6/poisoning/audio_dlbd/audio_p10_undefended.json +++ b/scenario_configs/eval6/poisoning/audio_dlbd/audio_p10_undefended.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": false, "experiment_id": 0, - "explanatory_model": null, + "explanatory_model": "speech_commands_explanatory_model", "fraction_poisoned": 0.1, "poison_dataset": true, "source_class": 11, diff --git a/scenario_configs/eval6/poisoning/audio_dlbd/audio_p20_undefended.json b/scenario_configs/eval6/poisoning/audio_dlbd/audio_p20_undefended.json index 01525f88a..ffb8d4f42 100644 --- a/scenario_configs/eval6/poisoning/audio_dlbd/audio_p20_undefended.json +++ b/scenario_configs/eval6/poisoning/audio_dlbd/audio_p20_undefended.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": false, "experiment_id": 0, - "explanatory_model": null, + "explanatory_model": "speech_commands_explanatory_model", "fraction_poisoned": 0.2, "poison_dataset": true, "source_class": 11, diff --git a/scenario_configs/eval6/poisoning/audio_dlbd/audio_p30_undefended.json b/scenario_configs/eval6/poisoning/audio_dlbd/audio_p30_undefended.json index 7dd5142a1..fc51107d8 100644 --- a/scenario_configs/eval6/poisoning/audio_dlbd/audio_p30_undefended.json +++ b/scenario_configs/eval6/poisoning/audio_dlbd/audio_p30_undefended.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": false, "experiment_id": 0, - "explanatory_model": null, + "explanatory_model": "speech_commands_explanatory_model", "fraction_poisoned": 0.3, "poison_dataset": true, "source_class": 11, diff --git a/scenario_configs/eval6/poisoning/sleeper_agent/baseline_defenses/cifar10_sleeper_agent_p10_activation_defense.json b/scenario_configs/eval6/poisoning/sleeper_agent/baseline_defenses/cifar10_sleeper_agent_p10_activation_defense.json index 0eb4b38e8..e168d83a6 100644 --- a/scenario_configs/eval6/poisoning/sleeper_agent/baseline_defenses/cifar10_sleeper_agent_p10_activation_defense.json +++ b/scenario_configs/eval6/poisoning/sleeper_agent/baseline_defenses/cifar10_sleeper_agent_p10_activation_defense.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": false, "experiment_id": 0, - "explanatory_model": "cifar10_silhouette_model", + "explanatory_model": "cifar10_explanatory_model", "fraction_poisoned": 0.1, "poison_dataset": true, "source_class": 0, diff --git a/scenario_configs/eval6/poisoning/sleeper_agent/baseline_defenses/cifar10_sleeper_agent_p10_dpinstahide.json b/scenario_configs/eval6/poisoning/sleeper_agent/baseline_defenses/cifar10_sleeper_agent_p10_dpinstahide.json index 2efc5cacd..f0f814264 100644 --- a/scenario_configs/eval6/poisoning/sleeper_agent/baseline_defenses/cifar10_sleeper_agent_p10_dpinstahide.json +++ b/scenario_configs/eval6/poisoning/sleeper_agent/baseline_defenses/cifar10_sleeper_agent_p10_dpinstahide.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": false, "experiment_id": 0, - "explanatory_model": "cifar10_silhouette_model", + "explanatory_model": "cifar10_explanatory_model", "fit_defense_classifier_outside_defense": false, "fraction_poisoned": 0.1, "poison_dataset": true, diff --git a/scenario_configs/eval6/poisoning/sleeper_agent/baseline_defenses/cifar10_sleeper_agent_p10_perfect_filter.json b/scenario_configs/eval6/poisoning/sleeper_agent/baseline_defenses/cifar10_sleeper_agent_p10_perfect_filter.json index 23a9e3ff8..9a8efbf31 100644 --- a/scenario_configs/eval6/poisoning/sleeper_agent/baseline_defenses/cifar10_sleeper_agent_p10_perfect_filter.json +++ b/scenario_configs/eval6/poisoning/sleeper_agent/baseline_defenses/cifar10_sleeper_agent_p10_perfect_filter.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": false, "experiment_id": 0, - "explanatory_model": "cifar10_silhouette_model", + "explanatory_model": "cifar10_explanatory_model", "fraction_poisoned": 0.1, "poison_dataset": true, "source_class": 0, diff --git a/scenario_configs/eval6/poisoning/sleeper_agent/baseline_defenses/cifar10_sleeper_agent_p10_random_filter.json b/scenario_configs/eval6/poisoning/sleeper_agent/baseline_defenses/cifar10_sleeper_agent_p10_random_filter.json index db406e780..6ea9eb0af 100644 --- a/scenario_configs/eval6/poisoning/sleeper_agent/baseline_defenses/cifar10_sleeper_agent_p10_random_filter.json +++ b/scenario_configs/eval6/poisoning/sleeper_agent/baseline_defenses/cifar10_sleeper_agent_p10_random_filter.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": false, "experiment_id": 0, - "explanatory_model": "cifar10_silhouette_model", + "explanatory_model": "cifar10_explanatory_model", "fit_defense_classifier_outside_defense": false, "fraction_poisoned": 0.1, "poison_dataset": true, diff --git a/scenario_configs/eval6/poisoning/sleeper_agent/baseline_defenses/cifar10_sleeper_agent_p10_spectral_signatures_defense.json b/scenario_configs/eval6/poisoning/sleeper_agent/baseline_defenses/cifar10_sleeper_agent_p10_spectral_signatures_defense.json index 1aad0d1f2..207402d34 100644 --- a/scenario_configs/eval6/poisoning/sleeper_agent/baseline_defenses/cifar10_sleeper_agent_p10_spectral_signatures_defense.json +++ b/scenario_configs/eval6/poisoning/sleeper_agent/baseline_defenses/cifar10_sleeper_agent_p10_spectral_signatures_defense.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": false, "experiment_id": 0, - "explanatory_model": "cifar10_silhouette_model", + "explanatory_model": "cifar10_explanatory_model", "fraction_poisoned": 0.1, "poison_dataset": true, "source_class": 0, diff --git a/scenario_configs/eval6/poisoning/sleeper_agent/cifar10_sleeper_agent_p00_undefended.json b/scenario_configs/eval6/poisoning/sleeper_agent/cifar10_sleeper_agent_p00_undefended.json index d263c91a1..d54f07f1f 100644 --- a/scenario_configs/eval6/poisoning/sleeper_agent/cifar10_sleeper_agent_p00_undefended.json +++ b/scenario_configs/eval6/poisoning/sleeper_agent/cifar10_sleeper_agent_p00_undefended.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": false, "experiment_id": 0, - "explanatory_model": "cifar10_silhouette_model", + "explanatory_model": "cifar10_explanatory_model", "fraction_poisoned": 0, "poison_dataset": false, "source_class": 0, diff --git a/scenario_configs/eval6/poisoning/sleeper_agent/cifar10_sleeper_agent_p01_undefended.json b/scenario_configs/eval6/poisoning/sleeper_agent/cifar10_sleeper_agent_p01_undefended.json index 30ed778a8..ae503b45f 100644 --- a/scenario_configs/eval6/poisoning/sleeper_agent/cifar10_sleeper_agent_p01_undefended.json +++ b/scenario_configs/eval6/poisoning/sleeper_agent/cifar10_sleeper_agent_p01_undefended.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": false, "experiment_id": 0, - "explanatory_model": "cifar10_silhouette_model", + "explanatory_model": "cifar10_explanatory_model", "fraction_poisoned": 0.01, "poison_dataset": true, "source_class": 0, diff --git a/scenario_configs/eval6/poisoning/sleeper_agent/cifar10_sleeper_agent_p05_undefended.json b/scenario_configs/eval6/poisoning/sleeper_agent/cifar10_sleeper_agent_p05_undefended.json index 399550b0c..caf6b0f66 100644 --- a/scenario_configs/eval6/poisoning/sleeper_agent/cifar10_sleeper_agent_p05_undefended.json +++ b/scenario_configs/eval6/poisoning/sleeper_agent/cifar10_sleeper_agent_p05_undefended.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": false, "experiment_id": 0, - "explanatory_model": "cifar10_silhouette_model", + "explanatory_model": "cifar10_explanatory_model", "fraction_poisoned": 0.05, "poison_dataset": true, "source_class": 0, diff --git a/scenario_configs/eval6/poisoning/sleeper_agent/cifar10_sleeper_agent_p10_undefended.json b/scenario_configs/eval6/poisoning/sleeper_agent/cifar10_sleeper_agent_p10_undefended.json index 787fc0c38..3ad650cd0 100644 --- a/scenario_configs/eval6/poisoning/sleeper_agent/cifar10_sleeper_agent_p10_undefended.json +++ b/scenario_configs/eval6/poisoning/sleeper_agent/cifar10_sleeper_agent_p10_undefended.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": false, "experiment_id": 0, - "explanatory_model": "cifar10_silhouette_model", + "explanatory_model": "cifar10_explanatory_model", "fraction_poisoned": 0.1, "poison_dataset": true, "source_class": 0, diff --git a/scenario_configs/eval6/poisoning/sleeper_agent/cifar10_sleeper_agent_p20_undefended.json b/scenario_configs/eval6/poisoning/sleeper_agent/cifar10_sleeper_agent_p20_undefended.json index 6a4962da0..ab7834cc2 100644 --- a/scenario_configs/eval6/poisoning/sleeper_agent/cifar10_sleeper_agent_p20_undefended.json +++ b/scenario_configs/eval6/poisoning/sleeper_agent/cifar10_sleeper_agent_p20_undefended.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": false, "experiment_id": 0, - "explanatory_model": "cifar10_silhouette_model", + "explanatory_model": "cifar10_explanatory_model", "fraction_poisoned": 0.2, "poison_dataset": true, "source_class": 0, diff --git a/scenario_configs/eval6/poisoning/sleeper_agent/cifar10_sleeper_agent_p30_undefended.json b/scenario_configs/eval6/poisoning/sleeper_agent/cifar10_sleeper_agent_p30_undefended.json index 30be8c1d5..2add4e06f 100644 --- a/scenario_configs/eval6/poisoning/sleeper_agent/cifar10_sleeper_agent_p30_undefended.json +++ b/scenario_configs/eval6/poisoning/sleeper_agent/cifar10_sleeper_agent_p30_undefended.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": false, "experiment_id": 0, - "explanatory_model": "cifar10_silhouette_model", + "explanatory_model": "cifar10_explanatory_model", "fraction_poisoned": 0.3, "poison_dataset": true, "source_class": 0, diff --git a/scenario_configs/eval6/poisoning/sleeper_agent/cifar10_sleeper_agent_p50_undefended.json b/scenario_configs/eval6/poisoning/sleeper_agent/cifar10_sleeper_agent_p50_undefended.json index d5c318ce2..bc2915f1f 100644 --- a/scenario_configs/eval6/poisoning/sleeper_agent/cifar10_sleeper_agent_p50_undefended.json +++ b/scenario_configs/eval6/poisoning/sleeper_agent/cifar10_sleeper_agent_p50_undefended.json @@ -3,7 +3,7 @@ "adhoc": { "compute_fairness_metrics": false, "experiment_id": 0, - "explanatory_model": "cifar10_silhouette_model", + "explanatory_model": "cifar10_explanatory_model", "fraction_poisoned": 0.5, "poison_dataset": true, "source_class": 0, diff --git a/tests/unit/test_poisoning_metrics.py b/tests/unit/test_poisoning_metrics.py index 4f69a5714..78d7804e5 100644 --- a/tests/unit/test_poisoning_metrics.py +++ b/tests/unit/test_poisoning_metrics.py @@ -18,19 +18,22 @@ def test_explanatory_model(): config_keys = [ - "cifar10_silhouette_model", - "gtsrb_silhouette_model", - "resisc10_silhouette_model", + "cifar10_explanatory_model", + "gtsrb_explanatory_model", + "resisc10_explanatory_model", + "speech_commands_explanatory_model", ] data_sizes = [ (10, 32, 32, 3), (10, 48, 48, 3), (10, 256, 256, 3), + (10, 16000), ] activation_shapes = [ (10, 512), (10, 1184), (10, 512), + (10, 2048), ] for config_key, data_size, activation_shape in zip( @@ -68,7 +71,7 @@ def test_explanatory_model(): def test_preprocess(): x = np.random.rand(10, 32, 32, 3).astype(np.float32) - x_ = poisoning.ExplanatoryModel._preprocess(x) + x_ = poisoning.ExplanatoryModel._preprocess_image(x, resize_image=True) assert x_.shape == (10, 224, 224, 3) assert x_.max() <= 1 assert x_.min() >= 0