Advbox is a toolbox to generate adversarial examples that fool neural networks in PaddlePaddle、PyTorch、Caffe2、MxNet、Keras、TensorFlow and Advbox can benchmark the robustness of machine learning models.

Related tags

Deep Learning security machine-learning deep-learning paddlepaddle adversarial-example adversarial-examples onnx fgsm adversarial-attacks deepfool graphpipe
Overview

Advbox Family

logo

Advbox Family is a series of AI model security tools set of Baidu Open Source,including the generation, detection and protection of adversarial examples, as well as attack and defense cases for different AI applications.

Advbox Family support Python 3.*.

Our Work

AdvSDK

A Lightweight Adv SDK For PaddlePaddle to generate adversarial examples.

Homepage of AdvSDK

AdversarialBox

Adversarialbox is a toolbox to generate adversarial examples that fool neural networks in PaddlePaddle、PyTorch、Caffe2、MxNet、Keras、TensorFlow and Advbox can benchmark the robustness of machine learning models.Advbox give a command line tool to generate adversarial examples with Zero-Coding. It is inspired and based on FoolBox v1.

Homepage of AdversarialBox

AdvDetect

AdvDetect is a toolbox to detect adversarial examples from massive data.

Homepage of AdvDetect

AdvPoison

Data poisoning

AI applications

Face Recognition Attack

Homepage of Face Recognition Attack

Stealth T-shirt

On defcon, we demonstrated T-shirts that can disappear under smart cameras. Under this sub-project, we open-source the programs and deployment methods of smart cameras for demonstration.

Homepage of Stealth T-shirt

pic1

Fake Face Detect

The restful API is used to detect whether the face in the picture/video is a false face.

Homepage of Fake Face Detect

pic2

Paper and ppt of Advbox Family

How to cite

If you use AdvBox in an academic publication, please cite as:

@misc{goodman2020advbox,
    title={Advbox: a toolbox to generate adversarial examples that fool neural networks},
    author={Dou Goodman and Hao Xin and Wang Yang and Wu Yuesheng and Xiong Junfeng and Zhang Huan},
    year={2020},
    eprint={2001.05574},
    archivePrefix={arXiv},
    primaryClass={cs.LG}
}

Cloud-based Image Classification Service is Not Robust to Affine Transformation: A Forgotten Battlefield

@inproceedings{goodman2019cloud,
  title={Cloud-based Image Classification Service is Not Robust to Affine Transformation: A Forgotten Battlefield},
  author={Goodman, Dou and Hao, Xin and Wang, Yang and Tang, Jiawei and Jia, Yunhan and Wei, Tao and others},
  booktitle={Proceedings of the 2019 ACM SIGSAC Conference on Cloud Computing Security Workshop},
  pages={43--43},
  year={2019},
  organization={ACM}
}

Who use/cite AdvBox

  • Wu, Winston and Arendt, Dustin and Volkova, Svitlana; Evaluating Neural Model Robustness for Machine Comprehension; Proceedings of the 16th Conference of the European Chapter of the Association for Computational Linguistics: Main Volume, 2021, pp. 2470-2481
  • Pablo Navarrete Michelini, Hanwen Liu, Yunhua Lu, Xingqun Jiang; A Tour of Convolutional Networks Guided by Linear Interpreters; The IEEE International Conference on Computer Vision (ICCV), 2019, pp. 4753-4762
  • Ling, Xiang and Ji, Shouling and Zou, Jiaxu and Wang, Jiannan and Wu, Chunming and Li, Bo and Wang, Ting; Deepsec: A uniform platform for security analysis of deep learning model ; IEEE S&P, 2019
  • Deng, Ting and Zeng, Zhigang; Generate adversarial examples by spatially perturbing on the meaningful area; Pattern Recognition Letters[J], 2019, pp. 632-638

Issues report

https://github.com/baidu/AdvBox/issues

License

AdvBox support Apache License 2.0

Comments
  • add CW attack and interface to get logits in cnn model on Advbox fram…

    add CW attack and interface to get logits in cnn model on Advbox fram…

    Hi guys, This is an implementation of CW attack using Paddlepaddle. Also, a CW tutorial is added under tutorials folder.

    However, in order to get the original cnn model's logits, I made some modification on the original code, and all other demo need to be modified too to make them functional again.

    In order to run the CW demo, please copy all parameters of the original cnn model under advbox/attacks/mnist and change files' name accordingly, we need those parameter to initialize a new model as a program in Paddlepaddle, then just run python mnist_tutorial_cw.py.

    Thank you, Jay

    opened by jayxio 6
  • EOT Parameters

    EOT Parameters

    Hi again,

    From what I understand in the transformation.py file, the calibration.jpg performs 94 transformations in imshow. What does the calibration.xml file do which contains the box coordinates for the JPG image?

    I'm also using a surveillance camera for my project. Are there any variables I should modify to accommodate EOT?

    opened by kqvd 5
  • TypeError: Can't instantiate abstract class EOTB_attack with abstract methods interpret_output

    TypeError: Can't instantiate abstract class EOTB_attack with abstract methods interpret_output

    I'm trying to run the ODD code via attack_model.py, but I'm getting this error:

    2020-09-18 07:24:08.108889: I tensorflow/stream_executor/platform/default/dso_loader.cc:48] Successfully opened dynamic library libcudart.so.10.1 Traceback (most recent call last): File "attack_model.py", line 23, in main(sys.argv) File "attack_model.py", line 18, in main attack = EOTB_attack(YOLO_tiny_model_updated) TypeError: Can't instantiate abstract class EOTB_attack with abstract methods interpret_output

    opened by kqvd 5
  • Training code for StealthTshirt

    Training code for StealthTshirt

    Hi, thank you for your contribution. Are you going to release codes for generating Defcon_Sticker.png? Or , can you share the way to generate Defcon_Sticker.png?

    opened by XiaodanLi001 4
  • 关于attacks/gradient_method.py的问题

    关于attacks/gradient_method.py的问题 

            for i in range(steps):
            if adversary.is_targeted_attack:
                gradient = +self.model.gradient(adv_img,
                                                adversary.target_label)
            else:
                gradient = -self.model.gradient(adv_img,
                                               adversary.original_label)
            if norm_ord == np.inf:
                gradient_norm = np.sign(gradient)
            else:
                gradient_norm = gradient / self._norm(
                    gradient, ord=norm_ord)

            #logging.info('epsilon * gradient_norm={0}'.format(gradient_norm * epsilon))
            #logging.info('epsilon * gradient_norm* (max_ - min_)={0}'.format(gradient_norm * epsilon* (max_ - min_)))
            #改进的实现 不用考虑特征取值范围
            #adv_img = adv_img + epsilon * gradient_norm * (max_ - min_)
            #按照论文实现
            adv_img = adv_img + epsilon * gradient_norm

    请问以上这段代码里.为什么non_targeted_attack的时候加负号, targeted_attack的时候不加呢? 我对算法的理解是non_targeted_attack情况下,应该梯度上升,由于后面是直接 + epsilon * gradient_norm,所以不明白这里为何要加个负号,这样不是反而变成梯度下降了么?

    请教一下我哪里理解有问题,多谢了!

    opened by ygfrancois 4
  • imagenet_tutorial_fgsm_pytorch.py报错

    imagenet_tutorial_fgsm_pytorch.py报错

    imagenet_tutorial_fgsm_pytorch.py[line:52] INFO CUDA Available: True cuda pytorch.py[line:63] INFO Finish PytorchModel init (1, 3, 224, 224) Traceback (most recent call last): File "imagenet_tutorial_fgsm_pytorch.py", line 132, in <module> main("cropped_panda.jpg") File "imagenet_tutorial_fgsm_pytorch.py", line 108, in main adversary = attack(adversary, **attack_config) File "../advbox/attacks/base.py", line 47, in __call__ self._preprocess(adversary) File "../advbox/attacks/base.py", line 72, in _preprocess self.model.predict(adversary.original)) File "../advbox/models/pytorch.py", line 86, in predict predict = np.squeeze(predict, axis=0) File "/home/.../anaconda3/envs/bdbox/lib/python2.7/site-packages/numpy/core/fromnumeric.py", line 1292, in squeeze return squeeze(axis=axis) TypeError: squeeze() missing 1 required positional arguments: "dim" 按照官方的实例运行,环境也是按照requirement安装的,出现了这个squeeze()的问题。

    opened by weitianli 4
  • 您好,我在使用ebook_imagenet_jsma_tf.ipynb时,出现了一点问题

    您好,我在使用ebook_imagenet_jsma_tf.ipynb时,出现了一点问题

    我在使用JSMA的双像素点算法时: attack = JSMA(m) attack_config = { "max_iter": 2000, "theta": 0.3, "max_perturbations_per_pixel": 7, "fast":True, "two_pix":True } 报了下面的错: ValueError: axes don't match array

    检查后,发现应该是saliency.py中有错误出现: def _saliency_map(self, image, target, labels, mask, fast=False, two_pix=True): """ Get pixel location with highest influence on class. Args: image(numpy.ndarray): Image with shape (height, width, channels). target(int): The target label. labels(int): The number of classes of the output label. mask(list): Each modified pixel with border value is set to zero in mask. fast(bool): Whether evaluate the pixel influence on sum of residual classes. two_pix(bool): Whether to select two pixels from salience map which is used in original paper. Return: idx: The index of optimal pixel (idx = idx1 * input_dimension + idx2 in two pix setting) pix_sign: The direction of perturbation """ # pixel influence on target class alphas = self.model.gradient(image, target) * mask # pixel influence on sum of residual classes(don't evaluate if fast == True) if fast: betas = -np.ones_like(alphas) else: betas = np.sum([ self.model.gradient(image, label) * mask - alphas for label in labels ], 0)

        if two_pix:
        # construct two pix matrix to treat it as one pix
        alphas_col = np.expand_dims(alphas, axis=0)
        #下面这句出现了问题
        alphas_mat = alphas_col.transpose(1, 0) + alphas_col

        输入image是一个形状[h,w,c]的矩阵,alphas模型关于image的偏导中属于类别target的部分,所以alphas的形状也为[h,w,c],alphas_col扩维后形状为[1,h,w,c],alphas_col.transpose(1, 0)这句维度不匹配。我不确定是否是这个问题,如果您有空的话,希望能得到您的回复,不胜感激
    opened by Eva-Deng 3
  • tutorials/mnist_tutorial_fgsm.py 报错(paddle.fluid.core.OpDesc 没有 set_attr 方法)

    tutorials/mnist_tutorial_fgsm.py 报错(paddle.fluid.core.OpDesc 没有 set_attr 方法)

    版本

    paddlepaddle v1.1.0

    问题

    运行 tutorials/mnist_tutorial_fgsm.py 报错:

    Traceback (most recent call last):
  File "mnist_tutorial_fgsm.py", line 152, in <module>
    main()
  File "mnist_tutorial_fgsm.py", line 76, in main
    channel_axis=1)
  File "../advbox/models/paddle.py", line 79, in __init__
    op.setattr('is_test', True)
AttributeError: 'paddle.fluid.core.OpDesc' object has no attribute 'set_attr'

    对应代码在这: https://github.com/baidu/AdvBox/blob/fe7e5dc2bb7159c7296c7a3c410a7090d0260417/advbox/models/paddle.py#L79

    看了一下应该是 paddlepaddle 把 set_attr 方法重命名成了 _set_attr,所以需要改一下对应代码?

    对应的 PR 在这: https://github.com/PaddlePaddle/Paddle/pull/12543

    opened by Cody2333 3
  • Single Pixel Attack Assertion Error

    Single Pixel Attack Assertion Error

    I get an Assertion Error when trying to run the Single Pixel Attack. Apparently, axes length must be equal to 2 (H, W), but my axes length is equal to 3 (B, H, W). I tried squeezing my img_tensor (3, 244, 244) but the predict method breaks. I tried removing the Assertion statement but creates an Index error.

    Can anyone tell me how to properly use the Single Pixel Attack? I followed the same method as shown in the FGSM notebook example written in Pytorch.

    Code to reproduce:

    from adversarialbox.attacks.localsearch import SinglePixelAttack

# initialize model and img_tensor here

attack = SinglePixelAttack(model)  # Channel axis = 1
adversary = Adversary(img_tensor.to('cpu'), label)  # Tensor shape: (1, 3, 244, 244) B, C, H, W

adversary = attack(adversary)
    opened by ajsanjoaquin 2
  • How to train my own adversarial sticker targetting a certain class with my own dataset?

    How to train my own adversarial sticker targetting a certain class with my own dataset?

    Thanks for your wonderful work. I'd like to know how to train my own adv examples trargeting a certain object, such as cars, etc. If it is possible, what should i do? need i put my dataset in a certain folder or modify the code? Looking forward to your reply:D

    opened by satoshiSchubert 2
  • TypeError: 'filter' object is not subscriptable

    TypeError: 'filter' object is not subscriptable 

    ch@adv:~/AdvBox/tutorials$ python mnist_tutorial_fgsm.py
Traceback (most recent call last):
  File "mnist_tutorial_fgsm.py", line 152, in <module>
    main()
  File "mnist_tutorial_fgsm.py", line 76, in main
    channel_axis=1)
  File "../advbox/models/paddle.py", line 103, in __init__
    param_grads)[0][1]
TypeError: 'filter' object is not subscriptable
    opened by ch1762 2
  • Bump certifi from 2018.8.24 to 2022.12.7

    Bump certifi from 2018.8.24 to 2022.12.7

    Bumps certifi from 2018.8.24 to 2022.12.7.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump pillow from 5.2.0 to 9.3.0

    Bump pillow from 5.2.0 to 9.3.0

    Bumps pillow from 5.2.0 to 9.3.0.

    Release notes

    Sourced from pillow's releases.

    9.3.0

    https://pillow.readthedocs.io/en/stable/releasenotes/9.3.0.html

    Changes

    ... (truncated)

    Changelog

    Sourced from pillow's changelog.

    9.3.0 (2022-10-29)

    • Limit SAMPLESPERPIXEL to avoid runtime DOS #6700 [wiredfool]

    • Initialize libtiff buffer when saving #6699 [radarhere]

    • Inline fname2char to fix memory leak #6329 [nulano]

    • Fix memory leaks related to text features #6330 [nulano]

    • Use double quotes for version check on old CPython on Windows #6695 [hugovk]

    • Remove backup implementation of Round for Windows platforms #6693 [cgohlke]

    • Fixed set_variation_by_name offset #6445 [radarhere]

    • Fix malloc in _imagingft.c:font_setvaraxes #6690 [cgohlke]

    • Release Python GIL when converting images using matrix operations #6418 [hmaarrfk]

    • Added ExifTags enums #6630 [radarhere]

    • Do not modify previous frame when calculating delta in PNG #6683 [radarhere]

    • Added support for reading BMP images with RLE4 compression #6674 [npjg, radarhere]

    • Decode JPEG compressed BLP1 data in original mode #6678 [radarhere]

    • Added GPS TIFF tag info #6661 [radarhere]

    • Added conversion between RGB/RGBA/RGBX and LAB #6647 [radarhere]

    • Do not attempt normalization if mode is already normal #6644 [radarhere]

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump tensorflow from 1.10.1 to 2.9.3

    Bump tensorflow from 1.10.1 to 2.9.3

    Bumps tensorflow from 1.10.1 to 2.9.3.

    Release notes

    Sourced from tensorflow's releases.

    TensorFlow 2.9.3

    Release 2.9.3

    This release introduces several vulnerability fixes:

    TensorFlow 2.9.2

    Release 2.9.2

    This releases introduces several vulnerability fixes:

    ... (truncated)

    Changelog

    Sourced from tensorflow's changelog.

    Release 2.9.3

    This release introduces several vulnerability fixes:

    Release 2.8.4

    This release introduces several vulnerability fixes:

    ... (truncated)

    Commits
    • a5ed5f3 Merge pull request #58584 from tensorflow/vinila21-patch-2
    • 258f9a1 Update py_func.cc
    • cd27cfb Merge pull request #58580 from tensorflow-jenkins/version-numbers-2.9.3-24474
    • 3e75385 Update version numbers to 2.9.3
    • bc72c39 Merge pull request #58482 from tensorflow-jenkins/relnotes-2.9.3-25695
    • 3506c90 Update RELEASE.md
    • 8dcb48e Update RELEASE.md
    • 4f34ec8 Merge pull request #58576 from pak-laura/c2.99f03a9d3bafe902c1e6beb105b2f2417...
    • 6fc67e4 Replace CHECK with returning an InternalError on failing to create python tuple
    • 5dbe90a Merge pull request #58570 from tensorflow/r2.9-7b174a0f2e4
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump tensorflow-gpu from 1.10.1 to 2.9.3

    Bump tensorflow-gpu from 1.10.1 to 2.9.3

    Bumps tensorflow-gpu from 1.10.1 to 2.9.3.

    Release notes

    Sourced from tensorflow-gpu's releases.

    TensorFlow 2.9.3

    Release 2.9.3

    This release introduces several vulnerability fixes:

    TensorFlow 2.9.2

    Release 2.9.2

    This releases introduces several vulnerability fixes:

    ... (truncated)

    Changelog

    Sourced from tensorflow-gpu's changelog.

    Release 2.9.3

    This release introduces several vulnerability fixes:

    Release 2.8.4

    This release introduces several vulnerability fixes:

    ... (truncated)

    Commits
    • a5ed5f3 Merge pull request #58584 from tensorflow/vinila21-patch-2
    • 258f9a1 Update py_func.cc
    • cd27cfb Merge pull request #58580 from tensorflow-jenkins/version-numbers-2.9.3-24474
    • 3e75385 Update version numbers to 2.9.3
    • bc72c39 Merge pull request #58482 from tensorflow-jenkins/relnotes-2.9.3-25695
    • 3506c90 Update RELEASE.md
    • 8dcb48e Update RELEASE.md
    • 4f34ec8 Merge pull request #58576 from pak-laura/c2.99f03a9d3bafe902c1e6beb105b2f2417...
    • 6fc67e4 Replace CHECK with returning an InternalError on failing to create python tuple
    • 5dbe90a Merge pull request #58570 from tensorflow/r2.9-7b174a0f2e4
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump protobuf from 3.6.1 to 3.18.3

    Bump protobuf from 3.6.1 to 3.18.3

    Bumps protobuf from 3.6.1 to 3.18.3.

    Release notes

    Sourced from protobuf's releases.

    Protocol Buffers v3.18.3

    C++

    Protocol Buffers v3.16.1

    Java

    • Improve performance characteristics of UnknownFieldSet parsing (#9371)

    Protocol Buffers v3.18.2

    Java

    • Improve performance characteristics of UnknownFieldSet parsing (#9371)

    Protocol Buffers v3.18.1

    Python

    • Update setup.py to reflect that we now require at least Python 3.5 (#8989)
    • Performance fix for DynamicMessage: force GetRaw() to be inlined (#9023)

    Ruby

    • Update ruby_generator.cc to allow proto2 imports in proto3 (#9003)

    Protocol Buffers v3.18.0

    C++

    • Fix warnings raised by clang 11 (#8664)
    • Make StringPiece constructible from std::string_view (#8707)
    • Add missing capability attributes for LLVM 12 (#8714)
    • Stop using std::iterator (deprecated in C++17). (#8741)
    • Move field_access_listener from libprotobuf-lite to libprotobuf (#8775)
    • Fix #7047 Safely handle setlocale (#8735)
    • Remove deprecated version of SetTotalBytesLimit() (#8794)
    • Support arena allocation of google::protobuf::AnyMetadata (#8758)
    • Fix undefined symbol error around SharedCtor() (#8827)
    • Fix default value of enum(int) in json_util with proto2 (#8835)
    • Better Smaller ByteSizeLong
    • Introduce event filters for inject_field_listener_events
    • Reduce memory usage of DescriptorPool
    • For lazy fields copy serialized form when allowed.
    • Re-introduce the InlinedStringField class
    • v2 access listener
    • Reduce padding in the proto's ExtensionRegistry map.
    • GetExtension performance optimizations
    • Make tracker a static variable rather than call static functions
    • Support extensions in field access listener
    • Annotate MergeFrom for field access listener
    • Fix incomplete types for field access listener
    • Add map_entry/new_map_entry to SpecificField in MessageDifferencer. They record the map items which are different in MessageDifferencer's reporter.
    • Reduce binary size due to fieldless proto messages
    • TextFormat: ParseInfoTree supports getting field end location in addition to start.

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump numpy from 1.14.5 to 1.22.0

    Bump numpy from 1.14.5 to 1.22.0

    Bumps numpy from 1.14.5 to 1.22.0.

    Release notes

    Sourced from numpy's releases.

    v1.22.0

    NumPy 1.22.0 Release Notes

    NumPy 1.22.0 is a big release featuring the work of 153 contributors spread over 609 pull requests. There have been many improvements, highlights are:

    • Annotations of the main namespace are essentially complete. Upstream is a moving target, so there will likely be further improvements, but the major work is done. This is probably the most user visible enhancement in this release.
    • A preliminary version of the proposed Array-API is provided. This is a step in creating a standard collection of functions that can be used across application such as CuPy and JAX.
    • NumPy now has a DLPack backend. DLPack provides a common interchange format for array (tensor) data.
    • New methods for quantile, percentile, and related functions. The new methods provide a complete set of the methods commonly found in the literature.
    • A new configurable allocator for use by downstream projects.

    These are in addition to the ongoing work to provide SIMD support for commonly used functions, improvements to F2PY, and better documentation.

    The Python versions supported in this release are 3.8-3.10, Python 3.7 has been dropped. Note that 32 bit wheels are only provided for Python 3.8 and 3.9 on Windows, all other wheels are 64 bits on account of Ubuntu, Fedora, and other Linux distributions dropping 32 bit support. All 64 bit wheels are also linked with 64 bit integer OpenBLAS, which should fix the occasional problems encountered by folks using truly huge arrays.

    Expired deprecations

    Deprecated numeric style dtype strings have been removed

    Using the strings "Bytes0", "Datetime64", "Str0", "Uint32", and "Uint64" as a dtype will now raise a TypeError.

    (gh-19539)

    Expired deprecations for loads, ndfromtxt, and mafromtxt in npyio

    numpy.loads was deprecated in v1.15, with the recommendation that users use pickle.loads instead. ndfromtxt and mafromtxt were both deprecated in v1.17 - users should use numpy.genfromtxt instead with the appropriate value for the usemask parameter.

    (gh-19615)

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
Owner
AdvBox
AI Security and Robustness Benchmarks
AdvBox
GitHub
Paddle-Adversarial-Toolbox (PAT) is a Python library for Deep Learning Security based on PaddlePaddle.

Paddle-Adversarial-Toolbox Paddle-Adversarial-Toolbox (PAT) is a Python library for Deep Learning Security based on PaddlePaddle. Model Zoo Common FGS

AgentMaker 17 Nov 8, 2022
This is the official repository for evaluation on the NoW Benchmark Dataset. The goal of the NoW benchmark is to introduce a standard evaluation metric to measure the accuracy and robustness of 3D face reconstruction methods from a single image under variations in viewing angle, lighting, and common occlusions.

NoW Evaluation This is the official repository for evaluation on the NoW Benchmark Dataset. The goal of the NoW benchmark is to introduce a standard e

Soubhik Sanyal 71 Dec 30, 2022
A repository that shares tuning results of trained models generated by TensorFlow / Keras. Post-training quantization (Weight Quantization, Integer Quantization, Full Integer Quantization, Float16 Quantization), Quantization-aware training. TensorFlow Lite. OpenVINO. CoreML. TensorFlow.js. TF-TRT. MediaPipe. ONNX. [.tflite,.h5,.pb,saved_model,tfjs,tftrt,mlmodel,.xml/.bin, .onnx]

PINTO_model_zoo Please read the contents of the LICENSE file located directly under each folder before using the model. My model conversion scripts ar

Katsuya Hyodo 2.4k Jan 5, 2023
Simple, efficient and flexible vision toolbox for mxnet framework.

MXbox: Simple, efficient and flexible vision toolbox for mxnet framework. MXbox is a toolbox aiming to provide a general and simple interface for visi

Ligeng Zhu 31 Oct 19, 2019
Causal-Adversarial-Instruments - PyTorch Implementation for Developing Library of Investigating Adversarial Examples on A Causal View by Instruments

Causal-Adversarial-Instruments This is a PyTorch Implementation code for develop

LBK 26 Dec 28, 2022
Universal Adversarial Examples in Remote Sensing: Methodology and Benchmark

Universal Adversarial Examples in Remote Sensing: Methodology and Benchmark Yong

null 19 Dec 17, 2022
MXNet implementation for: Drop an Octave: Reducing Spatial Redundancy in Convolutional Neural Networks with Octave Convolution

Octave Convolution MXNet implementation for: Drop an Octave: Reducing Spatial Redundancy in Convolutional Neural Networks with Octave Convolution Imag

Meta Research 549 Dec 28, 2022
A certifiable defense against adversarial examples by training neural networks to be provably robust

DiffAI v3 DiffAI is a system for training neural networks to be provably robust and for proving that they are robust. The system was developed for the

SRI Lab, ETH Zurich 202 Dec 13, 2022
Adversarial-Information-Bottleneck - Distilling Robust and Non-Robust Features in Adversarial Examples by Information Bottleneck (NeurIPS21)

NeurIPS 2021 Title: Distilling Robust and Non-Robust Features in Adversarial Exa

LBK 35 Dec 26, 2022
transfer attack; adversarial examples; black-box attack; unrestricted Adversarial Attacks on ImageNet; CVPR2021 天池黑盒竞赛

transfer_adv CVPR-2021 AIC-VI: unrestricted Adversarial Attacks on ImageNet CVPR2021 安全AI挑战者计划第六期赛道2:ImageNet无限制对抗攻击 介绍 : 深度神经网络已经在各种视觉识别问题上取得了最先进的性能。

null 25 Dec 8, 2022
ColossalAI-Examples - Examples of training models with hybrid parallelism using ColossalAI

ColossalAI-Examples This repository contains examples of training models with Co

HPC-AI Tech 185 Jan 9, 2023
Code repository accompanying the paper "On Adversarial Robustness: A Neural Architecture Search perspective"

On Adversarial Robustness: A Neural Architecture Search perspective Preparation: Clone the repository: https://github.com/tdchaitanya/nas-robustness.g

Chaitanya Devaguptapu 4 Nov 10, 2022
Hierarchical-Bayesian-Defense - Towards Adversarial Robustness of Bayesian Neural Network through Hierarchical Variational Inference (Openreview)

Towards Adversarial Robustness of Bayesian Neural Network through Hierarchical V

LBK 20 Dec 2, 2022
Pre-trained model, code, and materials from the paper "Impact of Adversarial Examples on Deep Learning Models for Biomedical Image Segmentation" (MICCAI 2019).

Adaptive Segmentation Mask Attack This repository contains the implementation of the Adaptive Segmentation Mask Attack (ASMA), a targeted adversarial

Utku Ozbulak 53 Jul 4, 2022
An implementation of paper `Real-time Convolutional Neural Networks for Emotion and Gender Classification` with PaddlePaddle.

简介 通过PaddlePaddle框架复现了论文 Real-time Convolutional Neural Networks for Emotion and Gender Classification 中提出的两个模型,分别是SimpleCNN和MiniXception。利用 imdb_crop

null 8 Mar 11, 2022
Graph Neural Networks with Keras and Tensorflow 2.

Welcome to Spektral Spektral is a Python library for graph deep learning, based on the Keras API and TensorFlow 2. The main goal of this project is to

Daniele Grattarola 2.2k Jan 8, 2023
With this package, you can generate mixed-integer linear programming (MIP) models of trained artificial neural networks (ANNs) using the rectified linear unit (ReLU) activation function

With this package, you can generate mixed-integer linear programming (MIP) models of trained artificial neural networks (ANNs) using the rectified linear unit (ReLU) activation function. At the moment, only TensorFlow sequential models are supported. Interfaces to either the Pyomo or Gurobi modeling environments are offered.

ChemEngAI 40 Dec 27, 2022
Reproduce ResNet-v2(Identity Mappings in Deep Residual Networks) with MXNet

Reproduce ResNet-v2 using MXNet Requirements Install MXNet on a machine with CUDA GPU, and it's better also installed with cuDNN v5 Please fix the ran

Wei Wu 531 Dec 4, 2022
Pytorch implementation for "Adversarial Robustness under Long-Tailed Distribution" (CVPR 2021 Oral)

Adversarial Long-Tail This repository contains the PyTorch implementation of the paper: Adversarial Robustness under Long-Tailed Distribution, CVPR 20

Tong WU 89 Dec 15, 2022