Cache audio triggers

[swsuggs]

Description

Calling librosa.load() for every sample to be poisoned can take hours. This PR uses a class instead of pure functions so that the loaded trigger can be stored.

Fixes #2052

Type of change

Please check all relevant options.

• Improvement (non-breaking)
• Bug fix (non-breaking)
• New feature (non-breaking)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

Testing

Please describe the tests that you ran to verify your changes. Consider listing any relevant details of your test configuration.

• Updated existing tests for audio perturbations

Checklist

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• I have commented my code
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes

[swsuggs]

@Swanand-Kadhe @beat-buesser Let me know if anything should be changed in formatting, style, documentation, or anything else, since this is my first pr into ART.

[codecov-commenter]

Codecov Report

Merging #2053 (52baf71) into dev_1.14.0 (7e33038) will increase coverage by 0.17%.
The diff coverage is 86.84%.

📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more

@@              Coverage Diff               @@
##           dev_1.14.0    #2053      +/-   ##
==============================================
+ Coverage       80.90%   81.08%   +0.17%     
==============================================
  Files             294      294              
  Lines           26223    26212      -11     
  Branches         4800     4797       -3     
==============================================
+ Hits            21216    21254      +38     
+ Misses           3801     3792       -9     
+ Partials         1206     1166      -40     

Impacted Files	Coverage Δ
...cks/poisoning/perturbations/audio_perturbations.py	87.80% <86.84%> (+1.26%)	⬆️

... and 63 files with indirect coverage changes

[Swanand-Kadhe]

Hi @swsuggs - thank you very much for this PR! I am happy to take a look.
Hi @beat-buesser - thanks a lot for handling the PR!

[Swanand-Kadhe]

Many thanks for the PR. It looks good to me. I just have a couple of minor suggestions regarding docstrings as mentioned below.

[swsuggs]

@Swanand-Kadhe Thanks for your suggestions, I have implemented them and also reformatted the docstrings a bit to match what it looks like in other ART classes. Please let me know if there is anything else.

[beat-buesser]

@swsuggs @Swanand-Kadhe Thank you very much!

[OrsonTyphanel93]

for a notebook update, https://nbviewer.org/github/Trusted-AI/adversarial-robustness-toolbox/blob/main/notebooks/poisoning_attack_backdoor_audio.ipynb#

you can do this, everything works fine, I hope it helps !

Thanks !

import numpy as np
from art.attacks.poisoning import PoisoningAttackBackdoor
from art.attacks.poisoning.perturbations.audio_perturbations import CacheToneTrigger, CacheAudioTrigger

# define the poison function
def poison_func(x_audio):
    return CacheToneTrigger(sampling_rate=16000, shift=True, scale=0.25).insert(x=x_audio)


# define the target label for the poisoned samples
target_label = np.array(['down'])    
target_label = np.expand_dims(target_label, axis=0)


# create a poisoning attack object using the poison function
backdoor_attack = PoisoningAttackBackdoor(poison_func)
poisoned_x, poisoned_y = backdoor_attack.poison(x_audio, target_label, broadcast=True)


try:
    poisoned_x, poisoned_y = backdoor_attack.poison(x_audio, target_label, broadcast=True)
except ValueError as e:
    print("Error:", e)
except Exception as e:
    print("Unknown error:", e)

# import necessary libraries
from art.attacks.poisoning import PoisoningAttackBackdoor
import numpy as np

# define the poison function
def poison_func(x):
  # insert a cough trigger backdoor into the input audio
    return CacheAudioTrigger( sampling_rate = 16000, duration =0.6,  backdoor_path = '../utils/data/backdoors/cough_trigger.wav',scale =0.1).insert(x=x_audio)

# define the target label for the trigger samples
target_label = np.array('stop')
target_label = np.expand_dims(target_label, axis=0)

# create a poisoning attack object using the poison function
backdoor_attack = PoisoningAttackBackdoor(poison_func)
poisoned_x, poisoned_y = backdoor_attack.poison(x_audio, target_label, broadcast=True)


try:
    poisoned_x, poisoned_y = backdoor_attack.poison(x_audio, target_label, broadcast=True)
except Exception as e:
    print("Error during poisoning:", e)
    poisoned_x, poisoned_y = None, None

[swsuggs]

Thank you @OrsonTyphanel93, I had indeed forgotten to update the demo notebook. An update is on the way. It looks like you figured out how to use the class, but let me know if you have any other questions!

[OrsonTyphanel93]

Thanks, I can confirm that it works! I'm actually thinking about how to detect it, thanks again!

[OrsonTyphanel93]

Hello Dear @Swanand-Kadhe, thank you very much ! for the update,

I just discovered that you have created a new function

def poison_loader_tone():
    trigger = CacheToneTrigger(
        sampling_rate=16000,
        frequency=440,
        duration=0.1,
        shift = 8000,
        scale = 0.25
    )

    def poison_func(x_audio):
        return trigger.insert(x_audio)


    return PoisoningAttackBackdoor(poison_func)

backdoor_attack = poison_loader_tone()