Initial commit adding UI v1.

Signed-off-by: Kieran Fraser <Kieran.Fraser@ibm.com>

.gitignore

@@ -0,0 +1,260 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+pip-wheel-metadata/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+.pytest_cache/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+.python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+#Pipfile.lock
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+
+!.vscode/*.code-snippets
+!.vscode/extensions.json
+!.vscode/launch.json
+!.vscode/settings.json
+!.vscode/tasks.json
+*$py.class
+*.code-workspace
+*.cover
+*.egg
+*.egg-info/
+*.iws
+*.log
+*.manifest
+*.mo
+*.pot
+*.py,cover
+*.py[cod]
+*.sage.py
+*.so
+*.spec
+*.vsix
+.Python
+.cache
+.coverage
+.coverage.*
+.dmypy.json
+.eggs/
+.env
+.history
+.history/
+.hypothesis/
+.idea/$CACHE_FILE$
+.idea/**/aws.xml
+.idea/**/azureSettings.xml
+.idea/**/contentModel.xml
+.idea/**/dataSources.ids
+.idea/**/dataSources.local.xml
+.idea/**/dataSources/
+.idea/**/dbnavigator.xml
+.idea/**/dictionaries
+.idea/**/dynamic.xml
+.idea/**/gradle.xml
+.idea/**/libraries
+.idea/**/markdown-navigator-enh.xml
+.idea/**/markdown-navigator.xml
+.idea/**/markdown-navigator/
+.idea/**/mongoSettings.xml
+.idea/**/shelf
+.idea/**/sonarIssues.xml
+.idea/**/sonarlint/
+.idea/**/sqlDataSources.xml
+.idea/**/tasks.xml
+.idea/**/uiDesigner.xml
+.idea/**/usage.statistics.xml
+.idea/**/workspace.xml
+.idea/caches/build_file_checksums.ser
+.idea/codestream.xml
+.idea/httpRequests
+.idea/replstate.xml
+.idea/sonarlint/
+.idea_modules/
+.installed.cfg
+.ionide
+.ipynb_checkpoints
+.mypy_cache/
+.nox/
+.pdm.toml
+.pybuilder/
+.pyre/
+.pytest_cache/
+.pytype/
+.ropeproject
+.scrapy
+.spyderproject
+.spyproject
+.tox/
+.venv
+.vscode/*
+.vscode/*.code-snippets
+.webassets-cache
+/site
+ENV/
+MANIFEST
+__pycache__/
+__pypackages__/
+atlassian-ide-plugin.xml
+build/
+celerybeat-schedule
+celerybeat.pid
+cmake-build-*/
+com_crashlytics_export_strings.xml
+cover/
+coverage.xml
+crashlytics-build.properties
+crashlytics.properties
+cython_debug/
+db.sqlite3
+db.sqlite3-journal
+develop-eggs/
+dist/
+dmypy.json
+docs/_build/
+downloads/
+eggs/
+env.bak/
+env/
+fabric.properties
+htmlcov/
+instance/
+ipython_config.py
+lib/
+lib64/
+local_settings.py
+nosetests.xml
+out/
+parts/
+pip-delete-this-directory.txt
+pip-log.txt
+profile_default/
+sdist/
+share/python-wheels/
+target/
+var/
+venv.bak/
+venv/
+wheels/
+Pipfile
+.vscode
+Pipfile.lock
+Data - DELETE AT THE END OF THE PROJECT

README.md

@@ -1,5 +1,5 @@
 ---
-title: Art Huggingface Demo
+title: ART Huggingface Demo
 emoji: 📚
 colorFrom: yellow
 colorTo: purple

app.py

@@ -0,0 +1,543 @@
+'''
+ART-JATIC Gradio Example App
+
+To run: 
+- clone the repository
+- execute: gradio examples/gradio_app.py or python examples/gradio_app.py
+- navigate to local URL e.g. http://127.0.0.1:7860
+'''
+
+import gradio as gr
+import numpy as np
+from carbon_theme import Carbon
+
+import numpy as np
+import torch
+import transformers
+
+from art.estimators.classification.hugging_face import HuggingFaceClassifierPyTorch
+from art.attacks.evasion import ProjectedGradientDescentPyTorch, AdversarialPatchPyTorch
+from art.utils import load_dataset
+
+from art.attacks.poisoning import PoisoningAttackBackdoor
+from art.attacks.poisoning.perturbations import insert_image
+
+device = torch.device('cuda' if torch.cuda.is_available() else 'cpu')
+
+css = """
+.input-image { margin: auto !important }
+.plot-padding { padding: 20px; }
+"""
+
+def clf_evasion_evaluate(*args):
+    '''
+    Run a classification task evaluation
+    '''
+    attack = args[0]
+    model_type = args[1]
+    model_url = args[2]
+    model_channels = args[3]
+    model_height = args[4]
+    model_width = args[5]
+    model_classes = args[6]
+    model_clip = args[7]
+    model_upsample = args[8]
+    attack_max_iter = args[9]
+    attack_eps = args[10]
+    attack_eps_steps = args[11]
+    x_location = args[12]
+    y_location = args[13]
+    patch_height = args[14] 
+    patch_width = args[15] 
+    data_type = args[-1]
+    
+    if model_type == "Example":
+        model = transformers.AutoModelForImageClassification.from_pretrained(
+            'facebook/deit-tiny-distilled-patch16-224',
+            ignore_mismatched_sizes=True,
+            num_labels=10
+        )
+        upsampler = torch.nn.Upsample(scale_factor=7, mode='nearest')
+        optimizer = torch.optim.Adam(model.parameters(), lr=1e-4)
+        loss_fn = torch.nn.CrossEntropyLoss()
+
+        hf_model = HuggingFaceClassifierPyTorch(
+            model=model,
+            loss=loss_fn,
+            optimizer=optimizer,
+            input_shape=(3, 32, 32),
+            nb_classes=10,
+            clip_values=(0, 1),
+            processor=upsampler
+        )
+        model_checkpoint_path = './state_dicts/deit_cifar_base_model.pt'
+        hf_model.model.load_state_dict(torch.load(model_checkpoint_path, map_location=device))
+        
+    if data_type == "Example":
+        (x_train, y_train), (_, _), _, _ = load_dataset('cifar10')
+        x_train = np.transpose(x_train, (0, 3, 1, 2)).astype(np.float32)
+        y_train = np.argmax(y_train, axis=1)
+
+        classes = np.unique(y_train)
+        samples_per_class = 1
+
+        x_subset = []
+        y_subset = []
+
+        for c in classes:
+            indices = y_train == c
+            x_subset.append(x_train[indices][:samples_per_class])
+            y_subset.append(y_train[indices][:samples_per_class])
+
+        x_subset = np.concatenate(x_subset)
+        y_subset = np.concatenate(y_subset)
+        
+        label_names = [
+            'airplane',
+            'automobile',
+            'bird',
+            'cat',
+            'deer',
+            'dog',
+            'frog',
+            'horse',
+            'ship',
+            'truck',
+        ]
+        
+    outputs = hf_model.predict(x_subset)
+    clean_preds = np.argmax(outputs, axis=1)
+    clean_acc = np.mean(clean_preds == y_subset)
+    benign_gallery_out = []
+    for i, im in enumerate(x_subset):
+        benign_gallery_out.append(( im.transpose(1,2,0), label_names[np.argmax(outputs[i])] ))
+        
+    if attack == "PGD":
+        attacker = ProjectedGradientDescentPyTorch(hf_model, max_iter=attack_max_iter,
+                                                eps=attack_eps, eps_step=attack_eps_steps)
+        x_adv = attacker.generate(x_subset)
+        
+        outputs = hf_model.predict(x_adv)
+        adv_preds = np.argmax(outputs, axis=1)
+        adv_acc = np.mean(adv_preds == y_subset)
+        adv_gallery_out = []
+        for i, im in enumerate(x_adv):
+            adv_gallery_out.append(( im.transpose(1,2,0), label_names[np.argmax(outputs[i])] ))
+            
+        delta = ((x_subset - x_adv) + 8/255) * 10
+        delta_gallery_out = delta.transpose(0, 2, 3, 1)
+        
+    if attack == "Adversarial Patch":
+        scale_min = 0.3
+        scale_max = 1.0
+        rotation_max = 0
+        learning_rate = 5000.
+        attacker = AdversarialPatchPyTorch(hf_model, scale_max=scale_max,
+                                           scale_min=scale_min,
+                                           rotation_max=rotation_max,
+                                           learning_rate=learning_rate,
+                                           max_iter=attack_max_iter, patch_type='square',
+                                                patch_location=(x_location, y_location),
+                                                patch_shape=(3, patch_height, patch_width))
+        patch, _ = attacker.generate(x_subset)
+        x_adv = attacker.apply_patch(x_subset, scale=0.3)
+        
+        outputs = hf_model.predict(x_adv)
+        adv_preds = np.argmax(outputs, axis=1)
+        adv_acc = np.mean(adv_preds == y_subset)
+        adv_gallery_out = []
+        for i, im in enumerate(x_adv):
+            adv_gallery_out.append(( im.transpose(1,2,0), label_names[np.argmax(outputs[i])] ))
+            
+        delta_gallery_out = np.expand_dims(patch, 0).transpose(0,2,3,1)
+    
+    return benign_gallery_out, adv_gallery_out, delta_gallery_out, clean_acc, adv_acc
+
+def clf_poison_evaluate(*args):
+    
+    attack = args[0]
+    model_type = args[1]
+    trigger_image = args[2]
+    target_class = args[3]
+    data_type = args[-1]
+    
+    
+    if model_type == "Example":
+        model = transformers.AutoModelForImageClassification.from_pretrained(
+            'facebook/deit-tiny-distilled-patch16-224',
+            ignore_mismatched_sizes=True,
+            num_labels=10
+        )
+        optimizer = torch.optim.Adam(model.parameters(), lr=1e-4)
+        loss_fn = torch.nn.CrossEntropyLoss()
+
+        hf_model = HuggingFaceClassifierPyTorch(
+            model=model,
+            loss=loss_fn,
+            optimizer=optimizer,
+            input_shape=(3, 224, 224),
+            nb_classes=10,
+            clip_values=(0, 1),
+        )
+        
+    if data_type == "Example":
+        import torchvision
+        transform = torchvision.transforms.Compose([
+            torchvision.transforms.Resize((224, 224)),
+            torchvision.transforms.ToTensor(),
+        ])
+        train_dataset = torchvision.datasets.ImageFolder(root="./data/imagenette2-320/train", transform=transform)
+        labels = np.asarray(train_dataset.targets)
+        classes = np.unique(labels)
+        samples_per_class = 100
+
+        x_subset = []
+        y_subset = []
+
+        for c in classes:
+            indices = np.where(labels == c)[0][:samples_per_class]
+            for i in indices:
+                x_subset.append(train_dataset[i][0])
+                y_subset.append(train_dataset[i][1])
+
+        x_subset = np.stack(x_subset)
+        y_subset = np.asarray(y_subset)
+        label_names = [
+            'fish',
+            'dog',
+            'cassette player',
+            'chainsaw',
+            'church',
+            'french horn',
+            'garbage truck',
+            'gas pump',
+            'golf ball',
+            'parachutte',
+        ]
+        
+    if attack == "Backdoor":
+        from PIL import Image
+        im = Image.fromarray(trigger_image)
+        im.save("./tmp.png")
+        def poison_func(x):
+            return insert_image(
+                x,
+                backdoor_path='./tmp.png',
+                channels_first=True,
+                random=False,
+                x_shift=0,
+                y_shift=0,
+                size=(32, 32),
+                mode='RGB',
+                blend=0.8
+            )
+        backdoor = PoisoningAttackBackdoor(poison_func)
+        source_class = 0
+        target_class = label_names.index(target_class)
+        poison_percent = 0.5
+
+        x_poison = np.copy(x_subset)
+        y_poison = np.copy(y_subset)
+        is_poison = np.zeros(len(x_subset)).astype(bool)
+
+        indices = np.where(y_subset == source_class)[0]
+        num_poison = int(poison_percent * len(indices))
+
+        for i in indices[:num_poison]:
+            x_poison[i], _ = backdoor.poison(x_poison[i], [])
+            y_poison[i] = target_class
+            is_poison[i] = True
+
+        poison_indices = np.where(is_poison)[0]
+        hf_model.fit(x_poison, y_poison, nb_epochs=2)
+        
+        clean_x = x_poison[~is_poison]
+        clean_y = y_poison[~is_poison]
+
+        outputs = hf_model.predict(clean_x)
+        clean_preds = np.argmax(outputs, axis=1)
+        clean_acc = np.mean(clean_preds == clean_y)
+        
+        clean_out = []
+        for i, im in enumerate(clean_x):
+            clean_out.append( (im.transpose(1,2,0), label_names[clean_preds[i]]) )
+        
+        poison_x = x_poison[is_poison]
+        poison_y = y_poison[is_poison]
+
+        outputs = hf_model.predict(poison_x)
+        poison_preds = np.argmax(outputs, axis=1)
+        poison_acc = np.mean(poison_preds == poison_y)
+        
+        poison_out = []
+        for i, im in enumerate(poison_x):
+            poison_out.append( (im.transpose(1,2,0), label_names[poison_preds[i]]) )
+            
+        
+        return clean_out, poison_out, clean_acc, poison_acc
+        
+    
+def show_params(type):
+    '''
+    Show model parameters based on selected model type
+    '''
+    if type!="Example":
+        return gr.Column(visible=True)
+    return gr.Column(visible=False)
+
+def run_inference(*args):
+    model_type = args[0]
+    model_url = args[1]
+    model_channels = args[2]
+    model_height = args[3]
+    model_width = args[4]
+    model_classes = args[5]
+    model_clip = args[6]
+    model_upsample = args[7]
+    data_type = args[8]
+    
+    if model_type == "Example":
+        model = transformers.AutoModelForImageClassification.from_pretrained(
+            'facebook/deit-tiny-distilled-patch16-224',
+            ignore_mismatched_sizes=True,
+            num_labels=10
+        )
+        upsampler = torch.nn.Upsample(scale_factor=7, mode='nearest')
+        optimizer = torch.optim.Adam(model.parameters(), lr=1e-4)
+        loss_fn = torch.nn.CrossEntropyLoss()
+
+        hf_model = HuggingFaceClassifierPyTorch(
+            model=model,
+            loss=loss_fn,
+            optimizer=optimizer,
+            input_shape=(3, 32, 32),
+            nb_classes=10,
+            clip_values=(0, 1),
+            processor=upsampler
+        )
+        model_checkpoint_path = './state_dicts/deit_cifar_base_model.pt'
+        hf_model.model.load_state_dict(torch.load(model_checkpoint_path, map_location=device))
+        
+    if data_type == "Example":
+        (x_train, y_train), (_, _), _, _ = load_dataset('cifar10')
+        x_train = np.transpose(x_train, (0, 3, 1, 2)).astype(np.float32)
+        y_train = np.argmax(y_train, axis=1)
+
+        classes = np.unique(y_train)
+        samples_per_class = 5
+
+        x_subset = []
+        y_subset = []
+
+        for c in classes:
+            indices = y_train == c
+            x_subset.append(x_train[indices][:samples_per_class])
+            y_subset.append(y_train[indices][:samples_per_class])
+
+        x_subset = np.concatenate(x_subset)
+        y_subset = np.concatenate(y_subset)
+        
+        label_names = [
+            'airplane',
+            'automobile',
+            'bird',
+            'cat',
+            'deer',
+            'dog',
+            'frog',
+            'horse',
+            'ship',
+            'truck',
+        ]
+        
+    outputs = hf_model.predict(x_subset)
+    clean_preds = np.argmax(outputs, axis=1)
+    clean_acc = np.mean(clean_preds == y_subset)
+    gallery_out = []
+    for i, im in enumerate(x_subset):
+        gallery_out.append(( im.transpose(1,2,0), label_names[np.argmax(outputs[i])] ))
+        
+    return gallery_out, clean_acc
+        
+    
+
+# e.g. To use a local alternative theme: carbon_theme = Carbon()
+carbon_theme = Carbon()
+with gr.Blocks(css=css, theme=gr.themes.Base()) as demo:
+    import art
+    text = art.__version__
+    
+    with gr.Row():
+        with gr.Column(scale=1):
+            gr.Image(value="./art_lfai.png", show_label=False, show_download_button=False, width=100)
+        with gr.Column(scale=20):
+            gr.Markdown(f"<h1>Red-teaming HuggingFace with ART (v{text})</h1>", elem_classes="plot-padding")
+        
+    
+    gr.Markdown('''This app guides you through a common workflow for assessing the robustness
+                of HuggingFace models using standard datasets and state-of-the-art adversarial attacks
+                found within the Adversarial Robustness Toolbox (ART).<br/><br/>Follow the instructions in each
+                step below to carry out your own evaluation and determine the risks associated with using
+                some of your favorite models! <b>#redteaming</b> <b>#trustworthyAI</b>''')
+    
+    # Model and Dataset Selection
+    with gr.Accordion("1. Model selection", open=False):
+        
+        gr.Markdown("Select a Hugging Face model to launch an adversarial attack against.")
+        model_type = gr.Radio(label="Hugging Face Model", choices=["Example", "Other"], value="Example")
+        with gr.Column(visible=False) as other_model:
+            model_url = gr.Text(label="Model URL",
+                    placeholder="e.g. facebook/deit-tiny-distilled-patch16-224",
+                    value='facebook/deit-tiny-distilled-patch16-224')
+            model_input_channels = gr.Text(label="Input channels", value=3)
+            model_input_height = gr.Text(label="Input height", value=32)
+            model_input_width = gr.Text(label="Input width", value=32)
+            model_num_classes = gr.Text(label="Number of classes", value=10)
+            model_clip_values = gr.Radio(label="Clip values", choices=[1, 255], value=1)
+            model_upsample_scaling = gr.Slider(label="Upsample scale factor", minimum=1, maximum=10, value=7)
+        
+        model_type.change(show_params, model_type, other_model)
+        
+    with gr.Accordion("2. Data selection", open=False):
+        gr.Markdown("This section enables you to select a dataset for evaluation or upload your own image.")
+        data_type = gr.Radio(label="Hugging Face dataset", choices=["Example", "URL", "Local"], value="Example")
+        with gr.Column(visible=False) as other_dataset:
+            gr.Markdown("Coming soon.")
+        data_type.change(show_params, data_type, other_dataset)
+    
+    with gr.Accordion("3. Model inference", open=False):
+        
+        with gr.Row():
+            with gr.Column(scale=1):
+                preds_gallery = gr.Gallery(label="Predictions", preview=False, show_download_button=True)
+            with gr.Column(scale=2):
+                clean_accuracy = gr.Number(label="Clean accuracy", 
+                                        info="The accuracy achieved by the model in normal (non-adversarial) conditions.")
+                bt_run_inference = gr.Button("Run inference")
+                bt_clear = gr.ClearButton(components=[preds_gallery, clean_accuracy])
+            
+        bt_run_inference.click(run_inference, inputs=[model_type, model_url, model_input_channels, model_input_height, model_input_width,
+                                                      model_num_classes, model_clip_values, model_upsample_scaling, data_type],
+                               outputs=[preds_gallery, clean_accuracy])
+        
+    # Attack Selection
+    with gr.Accordion("4. Run attack", open=False):
+        
+        gr.Markdown("In this section you can select the type of adversarial attack you wish to deploy against your selected model.")
+            
+        with gr.Accordion("Evasion", open=False):
+            gr.Markdown("Evasion attacks are deployed to cause a model to incorrectly classify or detect items/objects in an image.")
+            
+            with gr.Accordion("Projected Gradient Descent", open=False):
+                gr.Markdown("This attack uses PGD to identify adversarial examples.")
+                
+                with gr.Row():
+                    
+                    with gr.Column(scale=1):
+                        attack = gr.Textbox(visible=True, value="PGD", label="Attack", interactive=False)
+                        max_iter = gr.Slider(minimum=1, maximum=1000, label="Max iterations", value=10)
+                        eps = gr.Slider(minimum=0.0001, maximum=255, label="Epslion", value=8/255) 
+                        eps_steps = gr.Slider(minimum=0.0001, maximum=255, label="Epsilon steps", value=1/255) 
+                        bt_eval_pgd = gr.Button("Evaluate")
+                        
+                    # Evaluation Output. Visualisations of success/failures of running evaluation attacks.
+                    with gr.Column(scale=3):
+                        with gr.Row():
+                            with gr.Column():
+                                original_gallery = gr.Gallery(label="Original", preview=False, show_download_button=True)
+                                benign_output = gr.Label(num_top_classes=3, visible=False)
+                                clean_accuracy = gr.Number(label="Clean Accuracy", precision=2)
+                                quality_plot = gr.LinePlot(label="Gradient Quality", x='iteration', y='value', color='metric',
+                                                            x_title='Iteration', y_title='Avg in Gradients (%)', 
+                                                            caption="""Illustrates the average percent of zero, infinity 
+                                                            or NaN gradients identified in images
+                                                            across all batches.""", elem_classes="plot-padding", visible=False)
+                                
+                            with gr.Column():
+                                adversarial_gallery = gr.Gallery(label="Adversarial", preview=False, show_download_button=True)
+                                adversarial_output = gr.Label(num_top_classes=3, visible=False)
+                                robust_accuracy = gr.Number(label="Robust Accuracy", precision=2)
+                                
+                            with gr.Column():
+                                delta_gallery = gr.Gallery(label="Added perturbation", preview=False, show_download_button=True)
+                                
+                    bt_eval_pgd.click(clf_evasion_evaluate, inputs=[attack, model_type, model_url, model_input_channels, model_input_height, model_input_width,
+                                                                    model_num_classes, model_clip_values, model_upsample_scaling, 
+                                                                    max_iter, eps, eps_steps, attack, attack, attack, attack, data_type],
+                                                            outputs=[original_gallery, adversarial_gallery, delta_gallery, clean_accuracy,
+                                                                    robust_accuracy])
+                    
+            with gr.Accordion("Adversarial Patch", open=False):
+                gr.Markdown("This attack crafts an adversarial patch that facilitates evasion.")
+                
+                with gr.Row():
+                    
+                    with gr.Column(scale=1):
+                        attack = gr.Textbox(visible=True, value="Adversarial Patch", label="Attack", interactive=False)
+                        max_iter = gr.Slider(minimum=1, maximum=1000, label="Max iterations", value=10)
+                        x_location = gr.Slider(minimum=1, maximum=32, label="Location (x)", value=1) 
+                        y_location = gr.Slider(minimum=1, maximum=32, label="Location (y)", value=1) 
+                        patch_height = gr.Slider(minimum=1, maximum=32, label="Patch height", value=12) 
+                        patch_width = gr.Slider(minimum=1, maximum=32, label="Patch width", value=12) 
+                        eval_btn_patch = gr.Button("Evaluate")
+                        
+                    # Evaluation Output. Visualisations of success/failures of running evaluation attacks.
+                    with gr.Column(scale=3):
+                        with gr.Row():
+                            with gr.Column():
+                                original_gallery = gr.Gallery(label="Original", preview=False, show_download_button=True)
+                                clean_accuracy = gr.Number(label="Clean Accuracy", precision=2)
+                                
+                            with gr.Column():
+                                adversarial_gallery = gr.Gallery(label="Adversarial", preview=False, show_download_button=True)
+                                robust_accuracy = gr.Number(label="Robust Accuracy", precision=2)
+                                
+                            with gr.Column():
+                                delta_gallery = gr.Gallery(label="Patches", preview=False, show_download_button=True)
+                                
+                    eval_btn_patch.click(clf_evasion_evaluate, inputs=[attack, model_type, model_url, model_input_channels, model_input_height, model_input_width,
+                                                                    model_num_classes, model_clip_values, model_upsample_scaling, 
+                                                                    max_iter, eps, eps_steps, x_location, y_location, patch_height, patch_width, data_type],
+                                                            outputs=[original_gallery, adversarial_gallery, delta_gallery, clean_accuracy,
+                                                                    robust_accuracy])
+                                
+        with gr.Accordion("Poisoning", open=False):
+                
+            with gr.Accordion("Backdoor"):
+                
+                with gr.Row():
+                    with gr.Column(scale=1):
+                        attack = gr.Textbox(visible=True, value="Backdoor", label="Attack", interactive=False)
+                        target_class = gr.Radio(label="Target class", info="The class you wish to force the model to predict.",
+                                                    choices=['dog',
+                                                    'cassette player',
+                                                    'chainsaw',
+                                                    'church',
+                                                    'french horn',
+                                                    'garbage truck',
+                                                    'gas pump',
+                                                    'golf ball',
+                                                    'parachutte',], value='dog')
+                        trigger_image = gr.Image(label="Trigger Image",  value="./baby-on-board.png")
+                        eval_btn_patch = gr.Button("Evaluate")
+                    with gr.Column(scale=2):
+                        clean_gallery = gr.Gallery(label="Clean", preview=False, show_download_button=True)
+                        clean_accuracy = gr.Number(label="Clean Accuracy", precision=2)
+                    with gr.Column(scale=2):
+                        poison_gallery = gr.Gallery(label="Poisoned", preview=False, show_download_button=True)
+                        poison_success = gr.Number(label="Poison Success", precision=2)
+                    
+                eval_btn_patch.click(clf_poison_evaluate, inputs=[attack, model_type, trigger_image, target_class, data_type],
+                            outputs=[clean_gallery, poison_gallery, clean_accuracy, poison_success])  
+
+if __name__ == "__main__":
+    
+    # For development
+    '''demo.launch(show_api=False, debug=True, share=False,
+                server_name="0.0.0.0", 
+                server_port=7777, 
+                ssl_verify=False,
+                max_threads=20)'''
+                
+    # For deployment
+    demo.launch(share=True, ssl_verify=False)

carbon_colors.py

@@ -0,0 +1,173 @@
+from __future__ import annotations
+
+
+class Color:
+    all = []
+
+    def __init__(
+        self,
+        c50: str,
+        c100: str,
+        c200: str,
+        c300: str,
+        c400: str,
+        c500: str,
+        c600: str,
+        c700: str,
+        c800: str,
+        c900: str,
+        c950: str,
+        name: str | None = None,
+    ):
+        self.c50 = c50
+        self.c100 = c100
+        self.c200 = c200
+        self.c300 = c300
+        self.c400 = c400
+        self.c500 = c500
+        self.c600 = c600
+        self.c700 = c700
+        self.c800 = c800
+        self.c900 = c900
+        self.c950 = c950
+        self.name = name
+        Color.all.append(self)
+
+    def expand(self) -> list[str]:
+        return [
+            self.c50,
+            self.c100,
+            self.c200,
+            self.c300,
+            self.c400,
+            self.c500,
+            self.c600,
+            self.c700,
+            self.c800,
+            self.c900,
+            self.c950,
+        ]
+
+
+black = Color(
+    name="black",
+    c50="#000000",
+    c100="#000000",
+    c200="#000000",
+    c300="#000000",
+    c400="#000000",
+    c500="#000000",
+    c600="#000000",
+    c700="#000000",
+    c800="#000000",
+    c900="#000000",
+    c950="#000000",
+)
+
+blackHover = Color(
+    name="blackHover",
+    c50="#212121",
+    c100="#212121",
+    c200="#212121",
+    c300="#212121",
+    c400="#212121",
+    c500="#212121",
+    c600="#212121",
+    c700="#212121",
+    c800="#212121",
+    c900="#212121",
+    c950="#212121",
+)
+
+white = Color(
+    name="white",
+    c50="#ffffff",
+    c100="#ffffff",
+    c200="#ffffff",
+    c300="#ffffff",
+    c400="#ffffff",
+    c500="#ffffff",
+    c600="#ffffff",
+    c700="#ffffff",
+    c800="#ffffff",
+    c900="#ffffff",
+    c950="#ffffff",
+)
+
+whiteHover = Color(
+    name="whiteHover",
+    c50="#e8e8e8",
+    c100="#e8e8e8",
+    c200="#e8e8e8",
+    c300="#e8e8e8",
+    c400="#e8e8e8",
+    c500="#e8e8e8",
+    c600="#e8e8e8",
+    c700="#e8e8e8",
+    c800="#e8e8e8",
+    c900="#e8e8e8",
+    c950="#e8e8e8",
+)
+
+red = Color(
+    name="red",
+    c50="#fff1f1",
+    c100="#ffd7d9",
+    c200="#ffb3b8",
+    c300="#ff8389",
+    c400="#fa4d56",
+    c500="#da1e28",
+    c600="#a2191f",
+    c700="#750e13",
+    c800="#520408",
+    c900="#2d0709",
+    c950="#2d0709",
+)
+
+redHover = Color(
+    name="redHover",
+    c50="#540d11",
+    c100="#66050a",
+    c200="#921118",
+    c300="#c21e25",
+    c400="#b81922",
+    c500="#ee0713",
+    c600="#ff6168",
+    c700="#ff99a0",
+    c800="#ffc2c5",
+    c900="#ffe0e0",
+    c950="#ffe0e0",
+)
+
+blue = Color(
+    name="blue",
+    c50="#edf5ff",
+    c100="#d0e2ff",
+    c200="#a6c8ff",
+    c300="#78a9ff",
+    c400="#4589ff",
+    c500="#0f62fe",
+    c600="#0043ce",
+    c700="#002d9c",
+    c800="#001d6c",
+    c900="#001141",
+    c950="#001141",
+)
+
+blueHover = Color(
+    name="blueHover",
+    
+    c50="#001f75",
+    c100="#00258a",
+    c200="#0039c7",
+    c300="#0053ff",
+    c400="#0050e6",
+    c500="#1f70ff",
+    c600="#5c97ff",
+    c700="#8ab6ff",
+    c800="#b8d3ff",
+    c900="#dbebff",
+    c950="#dbebff",
+)
+
+

carbon_theme.py

@@ -0,0 +1,102 @@
+from __future__ import annotations
+
+from typing import Iterable
+
+from gradio.themes.base import Base
+from gradio.themes.utils import colors, fonts, sizes
+import carbon_colors
+
+
+class Carbon(Base):
+    def __init__(
+        self,
+        *,
+        primary_hue: carbon_colors.Color | str = carbon_colors.white,
+        secondary_hue: carbon_colors.Color | str = carbon_colors.red,
+        neutral_hue: carbon_colors.Color | str = carbon_colors.blue,
+        spacing_size: sizes.Size | str = sizes.spacing_lg,
+        radius_size: sizes.Size | str = sizes.radius_none,
+        text_size: sizes.Size | str = sizes.text_md,
+        font: fonts.Font
+        | str
+        | Iterable[fonts.Font | str] = (
+            fonts.GoogleFont("IBM Plex Mono"),
+            fonts.GoogleFont("IBM Plex Sans"),
+            fonts.GoogleFont("IBM Plex Serif"),
+        ),
+        font_mono: fonts.Font
+        | str
+        | Iterable[fonts.Font | str] = (
+            fonts.GoogleFont("IBM Plex Mono"),
+        ),
+    ):
+        super().__init__(
+            primary_hue=primary_hue,
+            secondary_hue=secondary_hue,
+            neutral_hue=neutral_hue,
+            spacing_size=spacing_size,
+            radius_size=radius_size,
+            text_size=text_size,
+            font=font,
+            font_mono=font_mono,
+        )
+        self.name = "carbon"
+        super().set(
+            # Colors 
+            slider_color="*neutral_900", 
+            slider_color_dark="*neutral_500",
+            body_text_color="*neutral_900",
+            block_label_text_color="*body_text_color",
+            block_title_text_color="*body_text_color",
+            body_text_color_subdued="*neutral_700",
+            background_fill_primary_dark="*neutral_900",
+            background_fill_secondary_dark="*neutral_800",
+            block_background_fill_dark="*neutral_800",
+            input_background_fill_dark="*neutral_700",
+            # Button Colors
+            button_primary_background_fill=carbon_colors.blue.c500,
+            button_primary_background_fill_hover="*neutral_300",
+            button_primary_text_color="white",
+            button_primary_background_fill_dark="*neutral_600",
+            button_primary_background_fill_hover_dark="*neutral_600",
+            button_primary_text_color_dark="white",
+            button_secondary_background_fill="*button_primary_background_fill",
+            button_secondary_background_fill_hover="*button_primary_background_fill_hover",
+            button_secondary_text_color="*button_primary_text_color",
+            button_cancel_background_fill="*button_primary_background_fill",
+            button_cancel_background_fill_hover="*button_primary_background_fill_hover",
+            button_cancel_text_color="*button_primary_text_color",
+            checkbox_background_color=carbon_colors.black.c50,
+            checkbox_label_background_fill="*button_primary_background_fill",
+            checkbox_label_background_fill_hover="*button_primary_background_fill_hover",
+            checkbox_label_text_color="*button_primary_text_color",
+            checkbox_background_color_selected=carbon_colors.black.c50,
+            checkbox_border_width="1px",
+            checkbox_border_width_dark="1px",
+            checkbox_border_color=carbon_colors.white.c50,
+            checkbox_border_color_dark=carbon_colors.white.c50,
+            
+            checkbox_border_color_focus=carbon_colors.blue.c900,
+            checkbox_border_color_focus_dark=carbon_colors.blue.c900,
+            checkbox_border_color_selected=carbon_colors.white.c50,
+            checkbox_border_color_selected_dark=carbon_colors.white.c50,
+            
+            checkbox_background_color_hover=carbon_colors.black.c50,
+            checkbox_background_color_hover_dark=carbon_colors.black.c50,
+            checkbox_background_color_dark=carbon_colors.black.c50,
+            checkbox_background_color_selected_dark=carbon_colors.black.c50,
+            # Padding
+            checkbox_label_padding="16px",
+            button_large_padding="*spacing_lg",
+            button_small_padding="*spacing_sm",
+            # Borders
+            block_border_width="0px",
+            block_border_width_dark="1px",
+            shadow_drop_lg="0 1px 4px 0 rgb(0 0 0 / 0.1)",
+            block_shadow="*shadow_drop_lg",
+            block_shadow_dark="none",
+            # Block Labels
+            block_title_text_weight="600",
+            block_label_text_weight="600",
+            block_label_text_size="*text_md",
+        )

requirements.txt

@@ -0,0 +1,10 @@
+pandas
+jupyter
+torch
+torchvision
+transformers
+tensorflow==2.10.1; sys_platform != "darwin"
+tensorflow-macos; sys_platform == "darwin"
+tensorflow-metal; sys_platform == "darwin"
+adversarial-robustness-toolbox
+gradio==4.2

state_dicts/deit_cifar_base_model.pt

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c3add51bcd51ca3c1c7836d60cabf85798c8c551e8bc9c4450f4fb6cb3227421
+size 22192555

state_dicts/deit_imagenette_poisoned_model.pt

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7ead74cf5a180328dfb7fa179d91d51f79081f25eb7de7a146d0ab0cbc0dd01b
+size 22192555