test file fixes

keykholt · keykholt · commit f1e69ffdfaec · 2022-01-20T19:13:45.000Z
Signed-off-by: Kevin Eykholt &lt;kheykholt@gmail.com&gt;
diff --git a/art/attacks/poisoning/hidden_trigger_backdoor/hidden_trigger_backdoor.py b/art/attacks/poisoning/hidden_trigger_backdoor/hidden_trigger_backdoor.py
@@ -187,7 +187,7 @@ def _check_params(self) -> None:
 
         if isinstance(self.feature_layer, int):
             if not 0 <= self.feature_layer < len(self.estimator.layer_names):
-                raise ValueError("feature_layer is not positive integer")
+                raise ValueError("feature_layer is not a non-negative integer")
 
         if self.decay_coeff <= 0:
             raise ValueError("Decay coefficient must be positive")
diff --git a/art/attacks/poisoning/hidden_trigger_backdoor/hidden_trigger_backdoor_pytorch.py b/art/attacks/poisoning/hidden_trigger_backdoor/hidden_trigger_backdoor_pytorch.py
@@ -295,7 +295,7 @@ def _check_params(self) -> None:
 
         if isinstance(self.feature_layer, int):
             if not 0 <= self.feature_layer < len(self.estimator.layer_names):
-                raise ValueError("feature_layer is not positive integer")
+                raise ValueError("feature_layer is not a non-negative integer")
 
         if self.decay_coeff <= 0:
             raise ValueError("Decay coefficient must be positive")
diff --git a/notebooks/attack_feature_adversaries_pytorch.ipynb b/notebooks/attack_feature_adversaries_pytorch.ipynb
@@ -639,7 +639,7 @@
  ],
  "metadata": {
   "kernelspec": {
-   "display_name": "Python 3",
+   "display_name": "Python 3 (ipykernel)",
    "language": "python",
    "name": "python3"
   },
@@ -653,7 +653,7 @@
    "name": "python",
    "nbconvert_exporter": "python",
    "pygments_lexer": "ipython3",
-   "version": "3.8.10"
+   "version": "3.9.7"
   }
  },
  "nbformat": 4,
diff --git a/tests/attacks/poison/test_hidden_trigger_backdoor.py b/tests/attacks/poison/test_hidden_trigger_backdoor.py
@@ -35,15 +35,24 @@ def test_poison(art_warning, get_default_mnist_subset, image_dl_estimator):
     try:
         (x_train, y_train), (_, _) = get_default_mnist_subset
         classifier, _ = image_dl_estimator(functional=True)
-        backdoor = PoisoningAttackBackdoor(add_pattern_bd)
-        target = 0
-        source = 1
+
+        def mod(x):
+            original_dtype = x.dtype
+            x = np.transpose(x, (0, 2, 3, 1)).astype(np.float32)
+            x = add_pattern_bd(x)
+            x = np.transpose(x, (0, 3, 1, 2)).astype(np.float32)
+            return x.astype(original_dtype)
+
+        backdoor = PoisoningAttackBackdoor(mod)
+        target = y_train[0]
+        diff_index = list(set(np.arange(len(y_train))) - set(np.where(np.all(y_train == target, axis=1))[0]))[0]
+        source = y_train[diff_index]
         attack = HiddenTriggerBackdoor(
             classifier,
-            eps=0.3,
+            eps=0.01,
             target=target,
             source=source,
-            feature_layer=len(classifier.layers) - 2,
+            feature_layer=len(classifier.layer_names) - 2,
             backdoor=backdoor,
             decay_coeff=0.95,
             decay_iter=1,
@@ -68,17 +77,27 @@ def test_check_params(art_warning, get_default_mnist_subset, image_dl_estimator)
     try:
         (x_train, y_train), (_, _) = get_default_mnist_subset
         classifier, _ = image_dl_estimator(functional=True)
-        backdoor = PoisoningAttackBackdoor(add_pattern_bd)
-        target = np.expand_dims(x_train[3], 0)
+
+        def mod(x):
+            original_dtype = x.dtype
+            x = np.transpose(x, (0, 2, 3, 1)).astype(np.float32)
+            x = add_pattern_bd(x)
+            x = np.transpose(x, (0, 3, 1, 2)).astype(np.float32)
+            return x.astype(original_dtype)
+
+        backdoor = PoisoningAttackBackdoor(mod)
+        target = y_train[0]
+        diff_index = list(set(np.arange(len(y_train))) - set(np.where(np.all(y_train == target, axis=1))[0]))[0]
+        source = y_train[diff_index]
 
         # Test target/source not numpy arrays
         with pytest.raises(ValueError):
             _ = HiddenTriggerBackdoor(
                 classifier,
                 eps=0.3,
-                target=target,
-                source=source,
-                feature_layer=len(classifier.layers) - 2,
+                target=1,
+                source=0,
+                feature_layer=len(classifier.layer_names) - 2,
                 backdoor=backdoor,
                 decay_coeff=0.95,
                 decay_iter=1,
@@ -94,7 +113,7 @@ def test_check_params(art_warning, get_default_mnist_subset, image_dl_estimator)
                 eps=0.3,
                 target=target,
                 source=source,
-                feature_layer=len(classifier.layers) - 2,
+                feature_layer=len(classifier.layer_names) - 2,
                 backdoor=backdoor,
                 decay_coeff=0.95,
                 decay_iter=1,
@@ -110,7 +129,7 @@ def test_check_params(art_warning, get_default_mnist_subset, image_dl_estimator)
                 eps=0.3,
                 target=source,
                 source=source,
-                feature_layer=len(classifier.layers) - 2,
+                feature_layer=len(classifier.layer_names) - 2,
                 backdoor=backdoor,
                 decay_coeff=0.95,
                 decay_iter=1,
@@ -125,7 +144,7 @@ def test_check_params(art_warning, get_default_mnist_subset, image_dl_estimator)
                 eps=0.3,
                 target=target,
                 source=source,
-                feature_layer=len(classifier.layers) - 2,
+                feature_layer=len(classifier.layer_names) - 2,
                 backdoor=source,
                 decay_coeff=0.95,
                 decay_iter=1,
@@ -140,7 +159,7 @@ def test_check_params(art_warning, get_default_mnist_subset, image_dl_estimator)
                 eps=-1,
                 target=target,
                 source=source,
-                feature_layer=len(classifier.layers) - 2,
+                feature_layer=len(classifier.layer_names) - 2,
                 backdoor=backdoor,
                 decay_coeff=0.95,
                 decay_iter=1,
@@ -163,7 +182,7 @@ def test_check_params(art_warning, get_default_mnist_subset, image_dl_estimator)
                 batch_size=1,
                 poison_percent=0.1,
             )
-        # Test negative feature yaer
+        # Test negative feature layer
         with pytest.raises(ValueError):
             _ = HiddenTriggerBackdoor(
                 classifier,
@@ -185,7 +204,7 @@ def test_check_params(art_warning, get_default_mnist_subset, image_dl_estimator)
                 eps=0.3,
                 target=target,
                 source=source,
-                feature_layer=len(classifier.layers) - 2,
+                feature_layer=len(classifier.layer_names) - 2,
                 backdoor=backdoor,
                 decay_coeff=-1,
                 decay_iter=1,
@@ -200,7 +219,7 @@ def test_check_params(art_warning, get_default_mnist_subset, image_dl_estimator)
                 eps=0.3,
                 target=target,
                 source=source,
-                feature_layer=len(classifier.layers) - 2,
+                feature_layer=len(classifier.layer_names) - 2,
                 backdoor=backdoor,
                 decay_coeff=0.95,
                 decay_iter=1,
