-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement smoothed Vision Transformer as defense against patch evasion attacks #2171
Implement smoothed Vision Transformer as defense against patch evasion attacks #2171
Conversation
Codecov Report
❗ Your organization needs to install the Codecov GitHub app to enable full functionality. @@ Coverage Diff @@
## dev_1.16.0 #2171 +/- ##
==============================================
+ Coverage 85.24% 85.61% +0.36%
==============================================
Files 318 323 +5
Lines 28716 29176 +460
Branches 5260 5374 +114
==============================================
+ Hits 24480 24979 +499
+ Misses 2921 2824 -97
- Partials 1315 1373 +58
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @GiulioZizzo Thank you very much for your pull request. I have added a few suggestions above, what do you think?
art/estimators/certification/smoothed_vision_transformers/smooth_vit.py
Outdated
Show resolved
Hide resolved
art/estimators/certification/smoothed_vision_transformers/pytorch.py
Outdated
Show resolved
Hide resolved
art/estimators/certification/smoothed_vision_transformers/pytorch.py
Outdated
Show resolved
Hide resolved
Create a ArtViT instance | ||
:param kwargs: keyword arguments required to create the mask embedder. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add all arguments specifically.
Create a ArtViT instance | |
:param kwargs: keyword arguments required to create the mask embedder. | |
Create a ArtViT instance | |
:param kwargs: keyword arguments required to create the mask embedder. |
raise ValueError("Projection layer not yet created.") | ||
|
||
|
||
class ArtViT(VisionTransformer): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this like a model-specific or architecture-specific object detection estimator?
art/estimators/certification/smoothed_vision_transformers/pytorch.py
Outdated
Show resolved
Hide resolved
art/estimators/certification/smoothed_vision_transformers/pytorch.py
Outdated
Show resolved
Hide resolved
art/estimators/certification/smoothed_vision_transformers/pytorch.py
Outdated
Show resolved
Hide resolved
art/estimators/certification/smoothed_vision_transformers/pytorch.py
Outdated
Show resolved
Hide resolved
b7e41a7
to
0c5c284
Compare
f7dae57
to
3dc8283
Compare
art/estimators/certification/derandomized_smoothing/vision_transformers/pytorch.py
Fixed
Show fixed
Hide fixed
7f00384
to
b7f8229
Compare
Signed-off-by: GiulioZizzo <giulio.zizzo@yahoo.co.uk>
…in test CI pipeline Signed-off-by: GiulioZizzo <giulio.zizzo@yahoo.co.uk>
Signed-off-by: GiulioZizzo <giulio.zizzo@yahoo.co.uk>
Signed-off-by: GiulioZizzo <giulio.zizzo@yahoo.co.uk>
Signed-off-by: GiulioZizzo <giulio.zizzo@yahoo.co.uk>
Signed-off-by: GiulioZizzo <giulio.zizzo@yahoo.co.uk>
…dding progress bar to tf to match pytorch Signed-off-by: GiulioZizzo <giulio.zizzo@yahoo.co.uk>
Signed-off-by: GiulioZizzo <giulio.zizzo@yahoo.co.uk>
Co-authored-by: Beat Buesser <49047826+beat-buesser@users.noreply.github.com> Signed-off-by: GiulioZizzo <giulio.zizzo@yahoo.co.uk>
Signed-off-by: GiulioZizzo <giulio.zizzo@yahoo.co.uk>
Signed-off-by: GiulioZizzo <giulio.zizzo@yahoo.co.uk>
Signed-off-by: GiulioZizzo <giulio.zizzo@yahoo.co.uk>
Signed-off-by: GiulioZizzo <giulio.zizzo@yahoo.co.uk>
Signed-off-by: GiulioZizzo <giulio.zizzo@yahoo.co.uk>
Signed-off-by: GiulioZizzo <giulio.zizzo@yahoo.co.uk>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @GiulioZizzo Thank you very much for your updates. I have added a few more items I think we should consider.
raise NotImplementedError | ||
|
||
@abstractmethod | ||
def ablate(self, x: np.ndarray, column_pos: int, row_pos: int) -> Union[np.ndarray, "torch.Tensor"]: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
def ablate(self, x: np.ndarray, column_pos: int, row_pos: int) -> Union[np.ndarray, "torch.Tensor"]: | |
def ablate(self, x: np.ndarray, column_pos: int, row_pos: Optional[int] = None) -> Union[np.ndarray, "torch.Tensor"]: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Current signature type-hinting is required by mypy due to https://mypy.readthedocs.io/en/stable/common_issues.html#incompatible-overrides
I.e. we can go to a more general argument type in the subclass, but we cannot start with a more general type-hint in the the base class and go a more specific type.
cifar_labels = fix_get_cifar10_data[1][:50] | ||
|
||
scheduler = torch.optim.lr_scheduler.MultiStepLR(art_model.optimizer, milestones=[1], gamma=0.1) | ||
art_model.fit(cifar_data, cifar_labels, nb_epochs=1, update_batchnorm=True, scheduler=scheduler, batch_size=128) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add an assert to this test to verify the outcome of the call to fit
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
assertions for test_equivalence
are in the forward_features
method above: this test is just to check the intermediate values are equivalent.
art/estimators/certification/derandomized_smoothing/vision_transformers/pytorch.py
Outdated
Show resolved
Hide resolved
art/estimators/certification/derandomized_smoothing/vision_transformers/vit.py
Outdated
Show resolved
Hide resolved
art/estimators/certification/derandomized_smoothing/vision_transformers/vit.py
Outdated
Show resolved
Hide resolved
logger = logging.getLogger(__name__) | ||
|
||
|
||
class PyTorchSmoothedViT: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it should be combined into a single class PyTorchDeRandomizedSmoothing
.
Signed-off-by: GiulioZizzo <giulio.zizzo@yahoo.co.uk>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please move the 3 binary files in tests/estimators/certification/smooth_vit/smooth_vit_results to utils/resoruces/models.
art/estimators/certification/derandomized_smoothing/derandomized.py
Outdated
Show resolved
Hide resolved
art/estimators/certification/derandomized_smoothing/derandomized.py
Outdated
Show resolved
Hide resolved
art/estimators/certification/derandomized_smoothing/vision_transformers/vit.py
Outdated
Show resolved
Hide resolved
art/estimators/certification/derandomized_smoothing/vision_transformers/vit.py
Outdated
Show resolved
Hide resolved
Co-authored-by: Beat Buesser <49047826+beat-buesser@users.noreply.github.com> Signed-off-by: GiulioZizzo <giulio.zizzo@yahoo.co.uk>
Signed-off-by: GiulioZizzo <giulio.zizzo@yahoo.co.uk>
2309599
to
584218a
Compare
Signed-off-by: GiulioZizzo <giulio.zizzo@yahoo.co.uk>
Description
In this PR we include functionality for Certified Patch Robustness via Smoothed Vision Transformers proposed in Salman, Hadi, et al. "Certified patch robustness via smoothed vision transformers." Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition. 2022.
This algorithm achieves very strong certified performance against patch attacks against Vision Transformers by performing image ablations.
Fixes # (issue)
Type of change
Please check all relevant options.
Testing
Please describe the tests that you ran to verify your changes. Consider listing any relevant details of your test configuration.
Tests included in: tests/estimators/certification/test_smooth_vit.py
Test Configuration:
Checklist