Implement Interval Bound Propagation Training

[GiulioZizzo]

Description

In this PR we include adversarial training with interval bound propagation. With careful training this can achieve excellent certified robustness.

Fixes #2037

Type of change

Please check all relevant options.

• Improvement (non-breaking)
• Bug fix (non-breaking)
• New feature (non-breaking)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

Testing

Tests can be found in test_interval.py. We check that the certification gives the correct results, runs without errors, propagates gradients correctly and when running without bounds gives the same results as regular neural networks.

Test Configuration:

• OS: MacOS
• Python version: 3.8
• 1.13.1
• Pytorch 1.13

Checklist

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• I have commented my code
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes

[codecov-commenter]

Codecov Report

Merging #2044 (9013b8c) into dev_1.14.0 (0727e2b) will increase coverage by 8.63%.
The diff coverage is 80.38%.

📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more

@@              Coverage Diff               @@
##           dev_1.14.0    #2044      +/-   ##
==============================================
+ Coverage       76.94%   85.58%   +8.63%     
==============================================
  Files             291      292       +1     
  Lines           25612    25798     +186     
  Branches         4631     4665      +34     
==============================================
+ Hits            19708    22079    +2371     
+ Misses           4871     2529    -2342     
- Partials         1033     1190     +157     

Impacted Files	Coverage Δ
art/utils.py	73.41% <ø> (+0.75%)	⬆️
.../defences/trainer/ibp_certified_trainer_pytorch.py	78.16% <78.16%> (ø)
art/estimators/certification/interval/interval.py	84.66% <78.94%> (+2.77%)	⬆️
art/estimators/certification/interval/pytorch.py	79.86% <92.00%> (+13.19%)	⬆️
art/defences/trainer/__init__.py	100.00% <100.00%> (ø)
art/defences/trainer/trainer.py	100.00% <100.00%> (ø)

... and 28 files with indirect coverage changes

[beat-buesser]

Hi @GiulioZizzo Thank you very much for your pull request in Interval Bound Propagation training! I have left a few comments, what do you think?

[beat-buesser]

Suggested change

	from art.defences.trainer.ibp_certified_trainer_pytorch import AdversarialTrainerCertifiedIBPPytorch
	from art.defences.trainer.ibp_certified_trainer_pytorch import AdversarialTrainerCertifiedIBPPyTorch

[GiulioZizzo]

Agree, name changed!

[beat-buesser]

Does this docstring build correctly?

[GiulioZizzo]

checked, all ok!

[beat-buesser]

Please update docs and check if new docstrings build correctly.