Added support for Composite Adversarial Attacks [JATIC-I2-IBM]

[twweeb]

Description

This pull request adds the support of the Composite Adversarial Attack (CAA) proposed in [1]. It provides an example notebook for explaining how to launch CAA.

[1] Towards Compositional Adversarial Robustness: Generalizing Adversarial Training to Composite Semantic Perturbations (CVPR 2023). [Paper], [Demo], and [Official repo].

Type of change

Please check all relevant options.

• Improvement (non-breaking)
• Bug fix (non-breaking)
• New feature (non-breaking)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

Testing

Please describe the tests that you ran to verify your changes. Consider listing any relevant details of your test configuration.

• Unit Test
• Notebook Example

Test Configuration:

• OS: Linux
• Python version: 3.8.18
• ART version or commit number: 818b50e99cbf659560d1a31a9b5283a94896e488
• PyTorch version: 2.0.1+cu117
• Kornia version: 0.7.0

Checklist

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• I have commented my code
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes

[codecov-commenter]

Codecov Report

Merging #2287 (d8f2a10) into dev_1.17.0 (dec5ddf) will increase coverage by 7.09%.
The diff coverage is 92.53%.

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@              Coverage Diff               @@
##           dev_1.17.0    #2287      +/-   ##
==============================================
+ Coverage       76.66%   83.75%   +7.09%     
==============================================
  Files             326      327       +1     
  Lines           30509    30777     +268     
  Branches         5645     5697      +52     
==============================================
+ Hits            23390    25778    +2388     
+ Misses           5776     3547    -2229     
- Partials         1343     1452     +109     

Files	Coverage Δ
art/attacks/evasion/__init__.py	98.24% <100.00%> (+0.03%)	⬆️
...rt/attacks/evasion/composite_adversarial_attack.py	92.50% <92.50%> (ø)

... and 33 files with indirect coverage changes

[beat-buesser]

Hi @twweeb Thank you very much for your pull request and contributing the Composite Adversarial Attack to ART! Your code looks good and I have added a few comments on the integration with ART. Please let me know what you think.

[github-advanced-security]

CodeQL found more than 10 potential problems in the proposed changes. Check the Files changed tab for more details.

[beat-buesser]

Hi @twweeb Thank you very much for the updates. I have added my final review and found only a few minor required changes.

[twweeb]

All comments are addressed.

[beat-buesser]

Hi @twweeb Thank you very much for your first contribution to ART!