Merge branch 'dev_1.19.0' into development_patch_mask

.github/workflows/ci-tensorflow-v1.yml

@@ -48,7 +48,7 @@ jobs:
           sudo apt-get update
           sudo apt-get -y -q install ffmpeg libavcodec-extra
           python -m pip install --upgrade pip setuptools wheel
-          pip install -q -r <(sed '/^pandas/d;/^scipy/d;/^matplotlib/d;/^xgboost/d;/^tensorflow/d;/^keras/d;/^jax/d;/^torch/d;/^Pillow/d;/^h5py/d;/^kornia/d;/^scikit-learn/d;/^pytest-mock/d;/^GPy/d;/^lief/d;/^statsmodels/d;/^ultralytics/d;/^ipython/d;/^numba/d;/^pytest/d;/^pylint/d;/^mypy/d;/^pycodestyle/d;/^black/d;/^types-PyYAML/d;/^types-setuptools/d' requirements_test.txt)
+          pip install -q -r <(sed '/^pandas/d;/^scipy/d;/^matplotlib/d;/^xgboost/d;/^tensorflow/d;/^keras/d;/^jax/d;/^torch/d;/^Pillow/d;/^h5py/d;/^kornia/d;/^scikit-learn/d;/^pytest-mock/d;/^GPy/d;/^lief/d;/^statsmodels/d;/^ultralytics/d;/^ipython/d;/^numba/d;/^pytest/d;/^pylint/d;/^mypy/d;/^pycodestyle/d;/^black/d;/^types-PyYAML/d;/^types-setuptools/d;/^requests/d' requirements_test.txt)
           pip install pandas==1.3.5
           pip install scipy==1.7.2
           pip install matplotlib==3.5.3
@@ -71,6 +71,7 @@ jobs:
           pip install numba==0.56.4
           pip install pytest==7.4.4
           pip install pytest-cov
+          pip install requests==2.31.0
           pip list
       - name: Run Tests
         run: ./run_tests.sh ${{ matrix.framework }}

.github/workflows/dockerhub.yml

@@ -30,15 +30,15 @@ jobs:
 
       - name: Extract metadata (tags, labels) for Docker
         id: meta
-        uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81
+        uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96
         with:
           images: adversarialrobustnesstoolbox/releases
           tags: |
             type=raw,value={{branch}}-1.18.2-{{sha}}
             type=semver,pattern={{version}}
 
       - name: Build and push Docker image
-        uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75
+        uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355
         with:
           context: .
           push: true

art/attacks/evasion/__init__.py

@@ -14,6 +14,7 @@
 from art.attacks.evasion.auto_attack import AutoAttack
 from art.attacks.evasion.auto_projected_gradient_descent import AutoProjectedGradientDescent
 from art.attacks.evasion.auto_conjugate_gradient import AutoConjugateGradient
+from art.attacks.evasion.rescaling_auto_conjugate_gradient import RescalingAutoConjugateGradient
 
 if importlib.util.find_spec("numba") is not None:
     from art.attacks.evasion.brendel_bethge import BrendelBethgeAttack
@@ -62,6 +63,7 @@
 from art.attacks.evasion.shapeshifter import ShapeShifter
 from art.attacks.evasion.simba import SimBA
 from art.attacks.evasion.spatial_transformation import SpatialTransformation
+from art.attacks.evasion.steal_now_attack_later.steal_now_attack_later import SNAL
 from art.attacks.evasion.square_attack import SquareAttack
 from art.attacks.evasion.pixel_threshold import ThresholdAttack
 from art.attacks.evasion.universal_perturbation import UniversalPerturbation

art/attacks/evasion/auto_attack.py

@@ -78,7 +78,7 @@ def __init__(
         batch_size: int = 32,
         estimator_orig: "CLASSIFIER_TYPE" | None = None,
         targeted: bool = False,
-        parallel: bool = False,
+        parallel_pool_size: int = 0,
     ):
         """
         Create a :class:`.AutoAttack` instance.
@@ -93,7 +93,8 @@ def __init__(
         :param estimator_orig: Original estimator to be attacked by adversarial examples.
         :param targeted: If False run only untargeted attacks, if True also run targeted attacks against each possible
                          target.
-        :param parallel: If True run attacks in parallel.
+        :param parallel_pool_size: Number of parallel threads / pool size in multiprocessing. If parallel_pool_size=0
+                                   computation runs without multiprocessing.
         """
         super().__init__(estimator=estimator)
 
@@ -151,7 +152,7 @@ def __init__(
             self.estimator_orig = estimator
 
         self._targeted = targeted
-        self.parallel = parallel
+        self.parallel_pool_size = parallel_pool_size
         self.best_attacks: np.ndarray = np.array([])
         self._check_params()
 
@@ -199,7 +200,7 @@ def generate(self, x: np.ndarray, y: np.ndarray | None = None, **kwargs) -> np.n
             if attack.targeted:
                 attack.set_params(targeted=False)
 
-            if self.parallel:
+            if self.parallel_pool_size > 0:
                 args.append(
                     (
                         deepcopy(x_adv),
@@ -253,7 +254,7 @@ def generate(self, x: np.ndarray, y: np.ndarray | None = None, **kwargs) -> np.n
                             targeted_labels[:, i], nb_classes=self.estimator.nb_classes
                         )
 
-                        if self.parallel:
+                        if self.parallel_pool_size > 0:
                             args.append(
                                 (
                                     deepcopy(x_adv),
@@ -287,8 +288,8 @@ def generate(self, x: np.ndarray, y: np.ndarray | None = None, **kwargs) -> np.n
                 except ValueError as error:
                     logger.warning("Error completing attack: %s}", str(error))
 
-        if self.parallel:
-            with multiprocess.get_context("spawn").Pool() as pool:
+        if self.parallel_pool_size > 0:
+            with multiprocess.get_context("spawn").Pool(processes=self.parallel_pool_size) as pool:
                 # Results come back in the order that they were issued
                 results = pool.starmap(run_attack, args)
             perturbations = []
@@ -320,15 +321,16 @@ def __repr__(self) -> str:
         This method returns a summary of the best performing (lowest perturbation in the parallel case) attacks
         per image passed to the AutoAttack class.
         """
-        if self.parallel:
+        if self.parallel_pool_size > 0:
             best_attack_meta = "\n".join(
                 [
                     f"image {i+1}: {str(self.args[idx][3])}" if idx != 0 else f"image {i+1}: n/a"
                     for i, idx in enumerate(self.best_attacks)
                 ]
             )
             auto_attack_meta = (
-                f"AutoAttack(targeted={self.targeted}, parallel={self.parallel}, num_attacks={len(self.args)})"
+                f"AutoAttack(targeted={self.targeted}, parallel_pool_size={self.parallel_pool_size}, "
+                + "num_attacks={len(self.args)})"
             )
             return f"{auto_attack_meta}\nBestAttacks:\n{best_attack_meta}"
 
@@ -339,7 +341,8 @@ def __repr__(self) -> str:
             ]
         )
         auto_attack_meta = (
-            f"AutoAttack(targeted={self.targeted}, parallel={self.parallel}, num_attacks={len(self.attacks)})"
+            f"AutoAttack(targeted={self.targeted}, parallel_pool_size={self.parallel_pool_size}, "
+            + "num_attacks={len(self.attacks)})"
         )
         return f"{auto_attack_meta}\nBestAttacks:\n{best_attack_meta}"