Randomised smoothing fix

[GiulioZizzo]

Description

The old implementation of randomised smoothing only added noise once to the data. We now add a new noise draw each time the data is seen. For torch and tensorflow we implement a slightly modified version of the normal fitting procedure which uses noise. For numpy we call fit with epoch=1 for the required amount.

We add warnings to the user to be careful with the use of pre-processors as we are adding the noise after their application for torch/tensorflow and before their application for numpy. In either case, the use of pre-processors could cause the expected certification radius to vary.

Fixes #1617

Type of change

Please check all relevant options.

• Improvement (non-breaking)
• Bug fix (non-breaking)
• New feature (non-breaking)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

Testing

existing tests for randomized smoothing pass

Test Configuration:

• OS: RHEL 8
• Python version: 3.9
• ART version or commit number: 1.10.0
• TensorFlow / Keras / PyTorch / MXNet version: TF2.8, torch 1.11

Checklist

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• I have commented my code
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes

[codecov-commenter]

Codecov Report

Merging #1678 (f6b4f91) into dev_1.10.2 (084e976) will decrease coverage by 0.18%.
The diff coverage is 86.27%.

@@              Coverage Diff               @@
##           dev_1.10.2    #1678      +/-   ##
==============================================
- Coverage       88.13%   87.94%   -0.19%     
==============================================
  Files             259      259              
  Lines           21349    21397      +48     
  Branches         3789     3800      +11     
==============================================
+ Hits            18816    18818       +2     
- Misses           1592     1625      +33     
- Partials          941      954      +13     

Impacted Files	Coverage Δ
...mators/certification/randomized_smoothing/numpy.py	85.00% <80.00%> (-2.10%)	⬇️
...s/certification/randomized_smoothing/tensorflow.py	91.37% <81.25%> (-6.35%)	⬇️
...tors/certification/randomized_smoothing/pytorch.py	92.10% <91.66%> (-4.13%)	⬇️
...ation/randomized_smoothing/randomized_smoothing.py	97.33% <100.00%> (-0.11%)	⬇️
...timators/poison_mitigation/neural_cleanse/keras.py	78.47% <0.00%> (-13.89%)	⬇️
art/estimators/certification/abstain.py	90.90% <0.00%> (-9.10%)	⬇️
...poison_mitigation/neural_cleanse/neural_cleanse.py	84.21% <0.00%> (-6.15%)	⬇️
art/estimators/poison_mitigation/strip/strip.py	94.44% <0.00%> (-5.56%)	⬇️
art/defences/preprocessor/mp3_compression.py	84.05% <0.00%> (-5.01%)	⬇️
... and 3 more

[lgtm-com]

This pull request introduces 2 alerts when merging 048aab5 into 084e976 - view on LGTM.com

new alerts:

• 2 for Module is imported more than once

[beat-buesser]

Hi @GiulioZizzo Thank you very much for noticing this issue and fixing it with your pull request! I have made a few very minor comments on ordering imports and adding comments. What do you think?

[lgtm-com]

This pull request introduces 2 alerts when merging f6b4f91 into 67fa652 - view on LGTM.com

new alerts:

• 2 for Module is imported more than once

[beat-buesser]

Hi @GiulioZizzo Thank you very much!