Merge poisoning branch into develop #1360
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* update version * update json version
* update version * revert version * added resisc10 poison dataset * Update refs to point to S3, add cached dataset * Add test for resisc10 dataset Co-authored-by: David Slater <david.slater@twosixlabs.com> Co-authored-by: Neal Gupta <neal.gupta@twosixlabs.com>
* update build script * added command echoes
* Add CIFAR100 dataset * Typo
* renamed file * fix typo while remaining backwards compatible * refactored label targeter config loading logic * updating configs accordingly * adding one more config * changing filename back to labels.py * adding warning message for deprecated 'scheme' key * removing code that shouldn't have been pushed/fixing typo * update configs for label_targeters.py --> labels.py change * removing configs i didn't meant to push * keyword-only args; change config 'args' --> 'kwargs'
* refactored object_detection_AP_per_class * refactor dapricot and apricot AP functions * update tests for od metrics refactor * removing od metrics that aren't useful * modify od format check function; renamed a couple variables * refactor to remove unnecessary elifs; rename append() to add_results() * formatting * renamed method * document function input format
* * Update image-based trigger to allow blending * Use blended trigger to enable bullethole clbd attack * Update docker image reference in config * Update pathing to load image path when armory is pip installed * Use armory.__file__ to simplify relative pathing
* call set_params() so classifier.all_framework_preprocessing attribute is updated * no longer using kwarg which ART has removed * use get_params() to append defenses; removed if ART < 1.5 logic * flake8
* adjust scale for insert_patch(); make patch shape square * force dapricot attacks to be targeted * formatting * increment label index in loss_gradient for baseline 0-indexed model * need to decrement not increment * adding dapricot_patch_target_success metric * resetting this variable to empty list since dparicot has no nontargeted tasks * this workaround is no longer necessary per previous commit * deleting commented out code that was accidentally pushed * removing config since DPatch doesn't support targeted attack yet * formatting * reshape box to flat array * add docs for fn input format * formatting * updated dapricot RobustDPatch attack and associated files * ran black, flake8, and format_json * adding targeted Dpatch to file itself so we dont need to use dev version of ART * minor documentation/error msg update * removing channels_first logic since x will always be channels_last with armory * black formatting * adding clarifying comment * set num_images_per_patch in scenario code; force threat model to be specified in scenario code * minor modifications to error messages * dont overwrite model kwargs; add 'batch_size' kwarg to baseline models get_art_model() * add warning if batch_size model_kwarg isnt set; also edited comment at top of script * removing unused line of code * removing code that has no effect on attack * avoid warning message by renaming colour fn to its updated name * set check on lower bound of brightness range * fix typo * point to armory 0.13.1 in config * point to armory 0.13.1 in pgd config too * only display warning for physical attacks * flake8 * the code in this file was moved to inside the attack * removing dapricot robust dpatch attack and associated utility functions * flake8 Co-authored-by: Yusong Tan <ytan@mitre.org>
* * Update image-based trigger to allow blending * Use blended trigger to enable bullethole clbd attack * Update docker image reference in config * Update pathing to load image path when armory is pip installed * resisc10 poison scenario related files * Updated poisoning attack call based on ART updates, fix channel ordering for image data * Update metrics method names * Update config to work with pip-installed armory Co-authored-by: Neal Gupta <neal.gupta@twosixlabs.com>
* Pytorch compatibility for poisoning scenarios, example Pytorch config for dlbd * Configs closer to eval approach
* Update version * Update jsons
…fixes CI testing) (#1080) * Update dockerfile for tf1, temporary logging to check need for fix * Remove logging/group pip installs
* added SweepAttack functionality * adding docs * adding docs for attack type field * adding clarification to docs * improved logging for how attack success is measured * specify possible values for attack type and throw warning if unexpected value * added mAP function which returns scalar value instead of dict returned by object_detection_AP_per_class() * update metric and max_iter of xview sweep config * refactor how metrics are computed for SweepAttack; enforce that returned value is scalar * set record_metric_per_sample true; add a note on this in docs * update mkdocs.yml * removing unused type field from poisoning configs * adding clarification about what the attack returns * consistent log prefix at end of generate() regardless of failure/success * update sweep configs to 0.14.0
* * TFDS integration script * Move S3 upload tool to main repo from armory-private * Fail fast, indentation, fix upload typo * Update dataset docs * Improved code organization * Update template to include all parameters (except indexing params) * Update docs * Remove args typically passed through **kwargs * More logical step numbering * Add ref to docs in script
* remove extra kwarg * formatting
* update version * revert version * 0.13.1 release (#1068) * update version (#1034) * update version * update json version * set channels_first False for relevant pytorch models (#1037) * Resisc10 poison dataset (#1038) * update version * revert version * added resisc10 poison dataset * Update refs to point to S3, add cached dataset * Add test for resisc10 dataset Co-authored-by: David Slater <david.slater@twosixlabs.com> Co-authored-by: Neal Gupta <neal.gupta@twosixlabs.com> * Build tag script (#1035) * update build script * added command echoes * pinning to numpy 1.19.2 to avoid ART error (#1056) * updating comment on relevant np issue (#1057) * CIFAR-100 dataset (#1048) * Add CIFAR100 dataset * Typo * label targeter refactor (#1052) * renamed file * fix typo while remaining backwards compatible * refactored label targeter config loading logic * updating configs accordingly * adding one more config * changing filename back to labels.py * adding warning message for deprecated 'scheme' key * removing code that shouldn't have been pushed/fixing typo * update configs for label_targeters.py --> labels.py change * removing configs i didn't meant to push * keyword-only args; change config 'args' --> 'kwargs' * refactor object detection metrics (#1046) * refactored object_detection_AP_per_class * refactor dapricot and apricot AP functions * update tests for od metrics refactor * removing od metrics that aren't useful * modify od format check function; renamed a couple variables * refactor to remove unnecessary elifs; rename append() to add_results() * formatting * renamed method * document function input format * bumping ART 1.6.0 --> 1.6.1 (#1062) * updating baseline config to be compatible with newer versions of ART (#1063) * don't assume default branch is named master (#1064) * Poisoning scenario with blended trigger (#1049) * * Update image-based trigger to allow blending * Use blended trigger to enable bullethole clbd attack * Update docker image reference in config * Update pathing to load image path when armory is pip installed * Use armory.__file__ to simplify relative pathing * preprocessing defense fixes (#1060) * call set_params() so classifier.all_framework_preprocessing attribute is updated * no longer using kwarg which ART has removed * use get_params() to append defenses; removed if ART < 1.5 logic * flake8 * dapricot updates (#1040) * adjust scale for insert_patch(); make patch shape square * force dapricot attacks to be targeted * formatting * increment label index in loss_gradient for baseline 0-indexed model * need to decrement not increment * adding dapricot_patch_target_success metric * resetting this variable to empty list since dparicot has no nontargeted tasks * this workaround is no longer necessary per previous commit * deleting commented out code that was accidentally pushed * removing config since DPatch doesn't support targeted attack yet * formatting * reshape box to flat array * add docs for fn input format * formatting * updated dapricot RobustDPatch attack and associated files * ran black, flake8, and format_json * adding targeted Dpatch to file itself so we dont need to use dev version of ART * minor documentation/error msg update * removing channels_first logic since x will always be channels_last with armory * black formatting * adding clarifying comment * set num_images_per_patch in scenario code; force threat model to be specified in scenario code * minor modifications to error messages * dont overwrite model kwargs; add 'batch_size' kwarg to baseline models get_art_model() * add warning if batch_size model_kwarg isnt set; also edited comment at top of script * removing unused line of code * removing code that has no effect on attack * avoid warning message by renaming colour fn to its updated name * set check on lower bound of brightness range * fix typo * point to armory 0.13.1 in config * point to armory 0.13.1 in pgd config too * only display warning for physical attacks * flake8 * the code in this file was moved to inside the attack * removing dapricot robust dpatch attack and associated utility functions * flake8 Co-authored-by: Yusong Tan <ytan@mitre.org> * Resisc10 poison (#1065) * * Update image-based trigger to allow blending * Use blended trigger to enable bullethole clbd attack * Update docker image reference in config * Update pathing to load image path when armory is pip installed * resisc10 poison scenario related files * Updated poisoning attack call based on ART updates, fix channel ordering for image data * Update metrics method names * Update config to work with pip-installed armory Co-authored-by: Neal Gupta <neal.gupta@twosixlabs.com> * Poisoning scenario Pytorch example (#1067) * Pytorch compatibility for poisoning scenarios, example Pytorch config for dlbd * Configs closer to eval approach Co-authored-by: davidslater <david.slater@twosixlabs.com> Co-authored-by: yusong-tan <59029053+yusong-tan@users.noreply.github.com> Co-authored-by: Neal Gupta <neal.gupta@twosixlabs.com> Co-authored-by: Yusong Tan <ytan@mitre.org> * Update dockerfile for tf1 (#1086) * 0.13.2 (#1102) * Increment version to 0.13.2 (#1095) * Bump version * Update configs * dapricot test set (#1096) * cherry-picked dapricot test commits from 1088 * correct checksum filename * Coco (#1097) * cherry-picking commits from 1085, excluding the commit merging in dev branch * adding coco tests, skipping if not available locally * adding note to docs about apricot class indexing * updated checksum after new upload to s3 Co-authored-by: ng390 <neal.gupta@twosixlabs.com> Co-authored-by: David Slater <david.slater@twosixlabs.com> Co-authored-by: lcadalzo <39925313+lcadalzo@users.noreply.github.com> Co-authored-by: yusong-tan <59029053+yusong-tan@users.noreply.github.com> Co-authored-by: Yusong Tan <ytan@mitre.org>
* existing updates * updated evasion scenarios * update * dapricot update * so2sat update * poisoning * scenario updates * remove base * typedef hint for JSON-like config dict * add jupyter text * typehints and docstrings * avoid name error if attack_type is preloaded * unbound local errors * calls via super have implied self * self reference removed * torchvision is back-versioned * typo metrics for metric * align torchvision version with pytorch version as prescribed by https://pypi.org/project/torchvision/ * black19.10b0 and flake8 compliant * update workflow * forgot to push latest commit * name changes * updated names * simplify * simplification * update ART api usage Co-authored-by: matt wartell <matt.wartell@twosixlabs.com>
* Optimize Kenansville attack and fixes bug Resolves #1103 Was tested outside of Armory * lint * update with rfft * update with rfft * length mismatch Co-authored-by: David Slater <david.slater@twosixlabs.com>
* poison update * update to new names * nit * even more nit * match scenario * use * dataset kwargs
…#1120) * Add non-preloaded dirty-label backdoor attack with bullethole trigger * Fix docker image version Co-authored-by: Neal Gupta <neal.gupta@twosixlabs.com>
Co-authored-by: Neal Gupta <neal.gupta@twosixlabs.com>
…ic 2.2, now Model Subclass Bias and Filter Subclass Bias)
mwartell
requested changes
Mar 24, 2022
armory/baseline_models/pytorch/micronnet_gtsrb_bean_regularization.py
Outdated
Show resolved
Hide resolved
davidslater
suggested changes
Mar 28, 2022
armory/baseline_models/pytorch/micronnet_gtsrb_bean_regularization.py
Outdated
Show resolved
Hide resolved
davidslater
suggested changes
Mar 28, 2022
swsuggs
changed the title
davidslater
suggested changes
Mar 28, 2022
armory/baseline_models/pytorch/micronnet_gtsrb_bean_regularization.py
Outdated
Show resolved
Hide resolved
|
When running |
davidslater
suggested changes
Mar 28, 2022
davidslater
approved these changes
Mar 28, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #1298