Adversarial Robustness Toolbox (ART) - Python Library for Machine Learning Security - Evasion, Poisoning, Extraction, Inference - Red and Blue Teams
This release of ART 1.17.1 provides updates to ART 1.17
[None]
[None]
scikit-learn
to reduce dependency conflicts and facilitate integration with other libraries.[None]
This release of ART 1.17.0 introduces new adversarial training protocols, membership inference attacks, composite adversarial attacks for evasion and more.
fit
and predict
of all classification estimators (#2334)[None]
[None]
ActivateDefense
and SpectralSignatures
poisoning defences by flattening the outputs when calling get_activations()
(#2327)This release of ART 1.16.0 introduces multiple estimators for certified robustness and Hugging Face models, adversarial training with Adversarial Weight Perturbation, improvements for inference attacks, and more.
__repr__
to all attacks (#2274)set_params
to raise ValueError
if a not previously defined attributed is set (#2257)[None]
TargetedUniversalPerturbation
(#2212)AdversarialPatchTensorFlowV2
(#2276)AutoAttack
to avoid that attacks which do not support targeted mode are skipped (#2257)This release of ART 1.15.2 provides updates to ART 1.15
[None]
[None]
[None]
PyTorchYolo
and PyTorchObjectDetector
object detection estimators modified the original input Numpy array (#2263)channels_first
argument of PyTorchObjectDetector
and PyTorchFasterRCNN
received the wrong default value of False
instead of True
(#2264)This release of ART 1.15.1 provides updates to ART 1.15
[None]
[None]
[None]
from scipy.ndimage.filters import median_filter
with from scipy.ndimage import median_filter
(#2211)AutoProjectedGradientDescent
and AutoConjugateGradient
attacks to be images to support any input shapes (#2214)AdversarialTrainerTRADESPyTorch
(#2231)PyTorchObjectDetector
and PyTorchYolo
estimators to support non-leaf tensors to retain gradient properties if moved to another device (#2238, #2249)Pillow
to be optional again (#2240)art.estimators.certification
(#2241)This release of ART 1.15.0 introduces a default training loop for TensorFlowV2Classifier, the TRADES adversarial training protocol, an estimator for DEtection TRansformer (DETR) object detection models, and more.
TensorFlowV2Classifier
(#2124)BadDet
poisoning attacks (#2189)fit
and predict
methods for PyTorchClassifier
, PyTorchRegressor
, PyTorchRandomizedSmoothing
, PyTorchObjectDetector
, and PyTorchYolo
and optimized the predict
method of TensorFlowV2Classifier
by using a TensorFlow dataset and applying @tf.function decorator (#2180)PyTorchObjectDetector
to apply channels_first
argument and improved performance by applying batch processing provided by newer PyTorch versions. (#2180)[None]
SignOPTAttack
(#2129)ProjectedGradientDescentPyTorch
(#2135)PyTorchYolo
estimator and updated format of targets passed to the estimator in AdversarialPatchPyTorch
to reflect updates to PyTorchYolo
(#2169)analyze_by_distance
and analyze_by_size
of ClusteringAnalyzer
(#2195)This release of ART 1.14.1 provides updates to ART 1.14
[None]
[None]
[None]
PytorchYolo
object detection estimator to correctly normalize the bounding boxes (#2091)adversarial_accuracy
metric in __init__.py
(#2093 )AdversarialTrainerCertifiedIBPPyTorch
(#2102)AutoProjectedGradientDescent
's new cross entropy loss class introduced in ART 1.14.0 and ensured correct attributes in PyTorchClassifier
(#2117)This release of ART 1.14.0 introduces poisoning attacks on object detection models, privacy risk metrics, new white-box evasion attack based on conjugate gradients, and more.
fit
to object detection estimators PyTorchFasterRCNN
, PyTorchObjectDetector
, and PyTorchYolo
(#2067)EvasionDetector
base class (#1993)audio_perturbations
to cache trigger to accelerate loading (#2053)AdversarialTrainerCertifiedPytorch
(#2070)[None]
add_single_bd
and add_pattern_bd
to avoid confusing height and width of the trigger image and transposing the trigger (#2046)This release of ART 1.13.1 provides updates to ART 1.13
[None]
apply_fit
and apply_predict
for the Data Augmentation defenses CutMix*
, CutOut*
, and MixUp*
(#1987)[None]
PixelThreshold
attack to support batches of a single sample (#1982)DPInstaHideTrainer
for PyTorchClassifier
by casting random noise to correct type (#1987)OBJECT_DETECTOR_TYPE
, PYTORCH_ESTIMATOR_TYPE
, and TENSORFLOWV2_ESTIMATOR_TYPE
(#1999)insert_tone_trigger
and insert_audio_trigger
(#2016)FeatureAdversariesPyTorch
to enable running on GPUs (#2021)PyTorchClassifier
(#2022)check_and_transform_label_format
(#2025)This release of ART 1.13.0 introduces black-box regression estimator, DP-InstaHide, object detection estimator for TensorFlow v2, and more.
CutOut
data augmentation as preprocessor in Numpy, TensorFlow and PyTorch (#1850)MixUp
data augmentation as preprocessor in Numpy, TensorFlow and PyTorch (#1885)CutMix
data augmentation as preprocessor in Numpy, TensorFlow and PyTorch (#1910)[None]
[None]
art.utils.load_cifar10
for loading raw dataset (#1962)SleeperAgentAttack
(#1955)