Lots of new features code and bug fixes

[rikonaka]

Add a user-friendly input prompt and restrict the domain of the atanh function in cw attack.

PR Type and Checklist

What kind of change does this PR introduce?

• [ ] FIX BUG
  • [ ] Check CURRENT and PREVIOUS ISSUES..
  • [ ] Check WORFLOW result after PR.
  • [x] Fix CW targeted attack bug in issues.
• [ ] ADD ATTACK
  • [ ] DEFAULT values of arguments should be given except model.
  • [ ] Classname should be given as CamelCase.
  • [ ] Python file name should be SMALL letters of the classname.
  • [ ] Add attack in init.py
  • [ ] Check supported_mode wheter the attack supports targeted mode.
  • [ ] README.md should be updated.
  • [ ] Check WORFLOW result after PR.
  • [x] Add SPSA attack.
  • [x] Add JSMA attack.
• [x] Other... Please describe:
  • [x] Restrict the domain of the torch.atanh function from -1 to 1 in the cw attack (The atanh function is nonsensical in other domains of definition).
  • [x] Add user-friendly usage hints (check if the input is between 0 and 1, if not display a hint message and raise a ValueError, it is meaningless to continue calculating a tensor that is not between 0 and 1).
  • [x] Changed part of the README.md so that the instructions for the default hidden targeted attack part are no longer hidden.
  • [x] New note in README.md explaining how to provide labels for targeted attacks.
  • [x] Add a targeted attack by label function, this function can attack based on the label provided by the user.
  • [x] Added a demo on targeted attacks by label.
  • [x] Addition of setup.py file for source code installation and related instructions.
  • [x] Fix img_list not define error in pgdrs.py.
  • [x] Add quiet mode for set_modetargeted* function.

[Framartin]

My 2 cents: it may be advisable to create a _check_inputs() method to torchattacks.Attack base class and call this method inside the forward() method of each attack to avoid copy/pasting code.

Moreover, I think it would be better to raise a ValueError exception if the inputs are not in the valid range, instead of quietly returning a tensor of zeros.

[rikonaka]

My 2 cents: it may be advisable to create a _check_inputs() method to torchattacks.Attack base class and call this method inside the forward() method of each attack to avoid copy/pasting code.

Moreover, I think it would be better to raise a ValueError exception if the inputs are not in the valid range, instead of quietly returning a tensor of zeros.

Hi @Framartin, following the advice you provided, I modified the code then I found an img_list not define error in pgdrs.py, so I also modified it together.

[Harry24k]

Thank you for your wonderful work! I really appreciate your contribution. Some points will be modified:

• EAD will be erased in init.py since EAD was not pushed.
• Setup.py will be modified.

[rikonaka]

@Harry24k I'm very sorry, it was my mistake, I forgot to push the latest branch locally.

[Harry24k]

@rikonaka, I got it! It would be great if you push EAD! BTW, I tested SPSA and JSMA, but their success rate is lower than I expected. First of all, the current version of SPSA requires a heavy amount of GPU memory due to its approximation, so I added torch.no_grad(): torchattacks/attacks/spsa.py. Could you compare the performance of SPSA and JSMA to yours via code coverage codes?: https://github.com/Harry24k/adversarial-attacks-pytorch/blob/master/code_coverage/on_server.ipynb

[rikonaka]

Hi @Harry24k , about the EAD attack, there is still a bug caused code failed to run, I will push the code to the repository after the bug is fixed. And about the SPSA and JSMA, I noticed the low success rate of these two attack algorithms when I did experiments earlier, the previous code was too complex and difficult to understand to maintain, now I'm going to rewrite the two attack methods, and I'll commit the code to the repository when I'm done. 😉