Implement semantic adversarial attacks

[sarathknv]

These are adversarial images that semantically represent the same object as the original images. For example, in [2] these are created by perturbing the following components of an image:

• Hue
• Saturation
• Rotation
• Brightness
• Contrast

Would these be of interest? If yes, I can implement them for ART.

My implementation: https://github.com/sarathknv/adversarial-examples-pytorch/tree/master/semantic_adversarial_examples

Papers:

1. Semantic Adversarial Examples (CVPR Workshops 2018)
2. Towards Compositional Adversarial Robustness: Generalizing Adversarial Training to Composite Semantic Perturbations (CVPR 2023)

[beat-buesser]

Hi @sarathknv Sorry for the delayed response. Yes, these attacks would be very interesting for ART and you are very welcome to implement them in ART. Are you already familiar with the architecture of ART?

[sarathknv]

Hi @sarathknv Sorry for the delayed response.

Hi @beat-buesser, it's not a problem.

These are the changes I need to make, right?

├── art
│   ├── attacks
│   │   ├── evasion
│   │   │   ├── __init__.py  # Update the imports.
│   │   │   ├── semantic_attacks  # Add a dir for all the semantic attacks.
│   │   │   │   ├── __init__.py
│   │   │   │   ├── hue_projected_gradient_descent_pytorch.py
│   │   │   │   ├── saturation_projected_gradient_descent_pytorch.py
│   │   │   │   ├── rotation_projected_gradient_descent_pytorch.py
│   │   │   │   ├── ...
├── tests
│   ├── attacks
│   │   ├── evasion
│   │   │   ├── test_semantic_attacks.py  # Add tests.  
├── notebooks
│   ├── attack_semantic.ipynb. # Add notebook.

[beat-buesser]

Hi @sarathknv Yes, this looks good. We are currently working branch dev_1.15.0 for the next release.