Added support for BEYOND [ICML-2024]

[allenhzy]

Description

This pull request adds the support of the BEYOND Detection method proposed in [1].

[1] Be Your Own Neighborhood: Detecting Adversarial Example by the Neighborhood Relations Built on Self-Supervised Learning. ICML. 2024[Paper]

Type of change

Please check all relevant options.

• Improvement (non-breaking)
• Bug fix (non-breaking)
• New feature (non-breaking)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

Testing

Please describe the tests that you ran to verify your changes. Consider listing any relevant details of your test configuration.

• Unit Test

Test Configuration:

• OS: Ubuntu 18.04
• Python version: 3.9.19
• ART version or commit number: 1.18.1
• Pytorch: 2.4.0
• cudnn version: 90100

Checklist

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• I have commented my code
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes
• My changes have been tested using both CPU and GPU devices

[codecov]

Codecov Report

Attention: Patch coverage is 20.96774% with 49 lines in your changes missing coverage. Please review.

Project coverage is 49.07%. Comparing base (6c57e03) to head (94c6ced).

Files with missing lines	Patch %	Lines
art/defences/detector/evasion/beyond_detector.py	19.67%	49 Missing ⚠️

Additional details and impacted files

@@              Coverage Diff               @@
##           dev_1.19.0    #2489      +/-   ##
==============================================
- Coverage       53.27%   49.07%   -4.21%     
==============================================
  Files             666      668       +2     
  Lines           61858    61982     +124     
  Branches        10516    10523       +7     
==============================================
- Hits            32956    30416    -2540     
- Misses          27205    29999    +2794     
+ Partials         1697     1567     -130     

Files with missing lines	Coverage Δ
art/defences/detector/evasion/__init__.py	100.00% <100.00%> (ø)
art/defences/detector/evasion/beyond_detector.py	19.67% <19.67%> (ø)

... and 54 files with indirect coverage changes

[beat-buesser]

Hi @allenhzy Thank you very much for your pull request! Could you please take a look at my review comments and add the proposed updates?

[beat-buesser]

Suggested change

	# Copyright (C) The Adversarial Robustness Toolbox (ART) Authors 2023
	# Copyright (C) The Adversarial Robustness Toolbox (ART) Authors 2024

[beat-buesser]

Suggested change

	This module implements the abstract base class for all evasion detectors.
	This module implements the BEYOND detector for adversarial examples detection.
	| Paper link: https://openreview.net/pdf?id=S4LqI6CcJ3

[beat-buesser]

Suggested change

	"""
	BEYOND detector for adversarial samples detection.
	This detector uses a combination of SSL and target model predictions to detect adversarial samples.
	"""
	"""
	BEYOND detector for adversarial samples detection.
	This detector uses a combination of SSL and target model predictions to detect adversarial examples.
	| Paper link: https://openreview.net/pdf?id=S4LqI6CcJ3
	"""

[beat-buesser]

Suggested change

from typing import Any

[beat-buesser]

Suggested change

from typing import Any

[beat-buesser]

How large are the downloaded files? Can we store them in the ART repo?

[allenhzy]

The pre-trained model has over 100 M

[beat-buesser]

Please replace print with logger.

[beat-buesser]

Would it be possible to make these assertions more accurate?

[beat-buesser]

I think we can use load_cifar10() directly and remove get_cifar10()(.

[beat-buesser]

Add import for fixture load_cifar10().

[beat-buesser]

Hi @allenhzy Thank you very much for your updates! Could you please take a look above at my two last change requests and the alerts from CodeQL about unused variables?

[beat-buesser]

Suggested change

	"""
	This module implements the BEYOND detector for adversarial examples detection.
	| Paper link: https://openreview.net/pdf?id=S4LqI6CcJ3
	"""
	"""
	This module implements the BEYOND detector for adversarial examples detection.
	| Paper link: https://openreview.net/pdf?id=S4LqI6CcJ3
	"""

[beat-buesser]

This line seems to cause the unittest errors because of the missing import of logging. Because the attack here is not actively using logging I suggest to remove this line.

Suggested change

logger = logging.getLogger(__name__)

[allenhzy]

I have revised the related codes.

[allenhzy]

Dear Beat, I have revised the codes. Please check it. Best, Zhiyuan HE 发件人: Beat Buesser ***@***.***> 日期: 星期一, 2024年12月9日 下午7:29 收件人: Trusted-AI/adversarial-robustness-toolbox ***@***.***> 抄送: hzy ***@***.***>, Mention ***@***.***> 主题: Re: [Trusted-AI/adversarial-robustness-toolbox] Added support for BEYOND [ICML-2024] (PR #2489) @beat-buesser commented on this pull request. Hi @allenhzy<https://github.com/allenhzy> Thank you very much for your updates! Could you please take a look above at my two last change requests and the alerts from CodeQL about unused variables?

________________________________ In art/defences/detector/evasion/beyond_detector.py<#2489 (comment)>:

+"""

+This module implements the BEYOND detector for adversarial examples detection. +| Paper link: https://openreview.net/pdf?id=S4LqI6CcJ3 +""" ⬇️ Suggested change -"""

-This module implements the BEYOND detector for adversarial examples detection. -| Paper link: https://openreview.net/pdf?id=S4LqI6CcJ3 -""" +""" +This module implements the BEYOND detector for adversarial examples detection. + +| Paper link: https://openreview.net/pdf?id=S4LqI6CcJ3 +"""

________________________________ In art/defences/detector/evasion/beyond_detector.py<#2489 (comment)>:

+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE

+# WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, +# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +""" +This module implements the BEYOND detector for adversarial examples detection. +| Paper link: https://openreview.net/pdf?id=S4LqI6CcJ3 +""" +import numpy as np +from typing import TYPE_CHECKING +if TYPE_CHECKING: + from art.utils import CLASSIFIER_NEURALNETWORK_TYPE + + +logger = logging.getLogger(__name__) This line seems to cause the unittest errors because of the missing import of logging. Because the attack here is not actively using logging I suggest to remove this line. ⬇️ Suggested change

…

-logger = logging.getLogger(__name__) — Reply to this email directly, view it on GitHub<#2489 (review)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AF2RSJG555KPWYSJTCOORXT2EV5IFAVCNFSM6AAAAABNRUHJ7CVHI2DSMVQWIX3LMV43YUDVNRWFEZLROVSXG5CSMV3GSZLXHMZDIOBYGM3TSMBVGU>. You are receiving this because you were mentioned.Message ID: ***@***.***>

[beat-buesser]

Hi @allenhzy Thank you very much! There seems to be one more item making the test fail, the code suggestion above should fix them. Could you please add them to the PR?

[beat-buesser]

Hi @allenhzy I have merge this PR into the release branch, but I had to make some changes to remove errors that prevented the detector from running at all. Could you please take a look at the changes here to see if they are correct and let me know?