BadDet Regional Misclassification Attack Implementation

[f4str]

Description

Implementation of the BadDet Regional Misclassification Attack. This creates a new poisoning object art.attacks.poisoning.BadDetRegionalMisclassificationAttack which is can be used to generate poisoned samples. Since this is the first poisoning attack on object detector models, a new abstract class art.attacks.attack.PoisoningAttackObjectDetector was created which will serve as the base for all future poisoning attacks on object detectors.

Additionally, a demo notebook notebooks/poisoning_attack_bad_det_rma.ipynb was created to demonstrate how to use the attack.

Paper link: https://arxiv.org/abs/2205.14497

This is a partial implementation of #2038 as the other three attacks need to also be implemented.

Type of change

Please check all relevant options.

• Improvement (non-breaking)
• Bug fix (non-breaking)
• New feature (non-breaking)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

Testing

Please describe the tests that you ran to verify your changes. Consider listing any relevant details of your test configuration.

• Tests for BadDetRegionalMisclassificationAttack which are framework agnostic

Test Configuration:

• OS
• Python version
• ART version or commit number
• TensorFlow / Keras / PyTorch / MXNet version

Checklist

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• I have commented my code
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes

[codecov-commenter]

Codecov Report

Merging #2054 (43e79fe) into dev_1.14.0 (0a0a701) will increase coverage by 0.04%.
The diff coverage is 96.92%.

📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more

@@              Coverage Diff               @@
##           dev_1.14.0    #2054      +/-   ##
==============================================
+ Coverage       85.57%   85.62%   +0.04%     
==============================================
  Files             293      294       +1     
  Lines           26158    26221      +63     
  Branches         4733     4744      +11     
==============================================
+ Hits            22386    22452      +66     
+ Misses           2556     2553       -3     
  Partials         1216     1216              

Impacted Files	Coverage Δ
art/attacks/poisoning/bad_det/bad_det_rma.py	96.42% <96.42%> (ø)
art/attacks/__init__.py	100.00% <100.00%> (ø)
art/attacks/attack.py	92.85% <100.00%> (+0.26%)	⬆️
art/attacks/poisoning/__init__.py	100.00% <100.00%> (ø)

... and 4 files with indirect coverage changes

[beat-buesser]

Separate standard library from third party imports with blank line.

Suggested change

	import logging
	import os
	import numpy as np
	import pytest
	import logging
	import os
	import numpy as np
	import pytest

[beat-buesser]

Hi @f4str Thank you very much for this pull request adding the BadDet Regional Misclassification Attack! I only have found a very, very small item during my review, otherwise the code looks good to me.