Adversarial Robustness Toolbox (ART) - Python Library for Machine Learning Security - Evasion, Poisoning, Extraction, Inference - Red and Blue Teams
This release of ART 1.12.2 provides updates to ART 1.12.
drop_last
option to method fit
of PyTorchClassifier
(#1883)art.metrics.verification_decisions_trees.RobustnessVerificationTreeModelsCliqueMethod
to provide addiitonal information (#1897)BoundaryAttack
to enable binary classification by removing unnecessary input check (#1890)[None]
SleeperAgentAttack
(#1892)projection_l1_1
and projection_l1_2
where in rare cases they returned the input point rather than the its projection (#1870)This release of ART 1.12.1 provides updates to ART 1.12.
[None]
[None]
[None]
PyTorchYolo
to not modify tracked statistics of batch-norm layers of the YOLO model during loss and loss gradient calculations (#1860)This release of ART 1.12.0 introduces the first black-box adversarial patch attack, overlapping shadow datasets for membership inference, certified adversarial training, and more.
art.attacks.poisoning.SleeperAgentAttack
(#1769)art.utils.uniform_sample_from_sphere_or_ball
to sample uniformly from either the ball or the sphere with a given norm and radii (#1804)art.attacks.evasion.DPatch
to accept true labels (#1780)art.utils.random_sphere
to use a different, faster algorithm for norm=1 based on exponential distribution (#1805)[None]
[None]
This release of ART 1.11.1 provides updates to ART 1.11.
[None]
[None]
[None]
AdversarialPatch
and delegated check to framework-specific implementations (#1768)AdversarialPatchPyTorch.apply_patch()
(#1771)PyTorchClassifier.predict()
(#1785)art.utils.random_sphere()
for norm=1
to sample uniformly in the L1 ball (#1802) PyTorchRegressor
(#1824)PDTP
(#1825)ElasticNet
evasion attack (#1833)This release of ART 1.11.0 introduces estimators for YOLO object detection and regression models, the first audio poisoning attack, new query-efficient black-box evasion attacks, certified defenses against adversarial patch attacks, metrics quantifying membership inference and more.
MomentumIterativeMethod
and added optional momentum to loss gradients in ProjectedGradientDescent*
attacks. (#1614)PyTorchYolo
. (#1715)PyTorchDeRandomizedSmoothing
and TensorFlowV2DeRandomizedSmoothing
. (#1729)SignOPTAttack
. (#1730)SleeperAgentAttack
. (#1736)ActivationDefence
. (#1738)art.attacks.poisoning.perturbations.audio_perturbations
. (#1740)PyTorchRegressor
and KerasRegressor
for PyTorch and Keras. (#1651)AdversarialPatch
and AdversarialPatchNumpy
. (#1759)check_and_transform_label_format
for nb_classes=None
to automatically determine the number of classes in the provided labels. (#1747)ZOOAttack
and cleaned up the code of method compare
. (#1648)nb_epochs
in AdversarialTrainerMadryPGD
to match 80'000 training steps of Madry et al. (#1758)[None]
PyTorchClassifier.clone_fore_refitting
by deleting optimizer from parameters before calling set_param()
to avoid creating the cloned model with the old optimizer. (#1742)nb_classes
to method check_and_transform_label_format
in inference attacks. (#1713)This release of ART 1.10.3 provides updates to ART 1.10.
[None]
[None]
[None]
art.attacks.evasion.AdversarialTexturePyTorch
(#1724, #1726 )This release of ART 1.10.2 provides updates to ART 1.10.
[None]
PyTorchClassifier
to use a new optimizer when cloned with clone_for_refitting
(#1580)art.estimators.gan.*
and art.estimators.generator.*
to follow naming convention (#1655)Mp3CompressionPyTorch
and PyTorchDeepSpeech
to add support for samples in 2D non-object arrays (#1680, #1702)python_object_detector.py
to pytorch_object_detector.py
to follow naming convention (#1687)CarliniLInfMethod
by adding argument for batch_size
(#1699).[None]
ImperceptibleASRPyTorch
by adding missing .detach().cpu()
and .cpu()
calls (#1677)art.estimators.certification.randomized_smoothing
estimators to correctly apply Gaussian noise (#1678)GaussianNoise
the post-processing defence to keep number of dimensions constant during normalisation (#1684)RobustDPatch
for channels first images to correctly un-transform loss gradients (#1693)PoisoningAttackCleanLabelBackdoor
(#1698)This release of ART 1.10.1 provides updates to ART 1.10.
[None]
AdversarialTrainerMadryPGD.fit
to support arguments nb_epochs
and batch_size
(#1612)GradientMatchingAttack
to add support for models with undefined input shape by abstracting the shape information from the input data (#1624)PyTorchObjectDetector
to support inputs with number of channels other than 1 and 3 (#1633)[None]
AdversarialPatchPyTorch.apply_patch
to correctly check if mask
is None
(#1607)This release of ART 1.10.0 introduces multiple poisoning attacks on image classification and deep generative models, the first attack with dynamic patches on object tracking in videos, classification certification based on zonotope representations, EoT support for object detection in image rotation and center cropping, new features for attribute inference attacks and more.
art.attacks.poisoning.GradientMatchingAttack
in TensorFlow (#1587)projection_l1_1
and projection_l1_2
to art.utils
for two algorithms computing orthogonal projections on L1-norm balls (#1586)art.attacks.evasion.AdversarialTexturePyTorch
attack to enable dynamic texture/patches (#1557)art.attacks.evasion.AdversarialPatchPyTorch
(#1535)art.estimators.certification.PytorchDeepZ
based on DeepZ for robustness certification using zonotope representations datapoints (#1531)art.attacks.evasion.RobustDpatch
(#1513)art.attacks.evasion.AdversarialPatch*
attacks (#1495)art.attacks.poisoning.BackdoorAttackDGMReD
and Trail in art.attacks.poisoning.BackdoorAttackDGMTrail
, targeting Deep Generative Models (#1490)art.attacks.poisoning.HiddenTriggerBackdoor
(#1487)art.attacks.poisoning.FeatureCollisionAttack
(#1435 )TensorFlowClassifier
to support TensorFlow v1 compatibility mode (#1560)[None]
PixelThreshold
attack to support scipy>=1.8
(#1589)PixelAttack
for scaled images (#1574)torchaudio.functional.magphase
in PyTorchDeepSpeech
to support Deep Speech 2 version 3 with torch>=1.10
(#1550)fit
of ScikitlearnRegressor
to process labels correctly (#1537)This release of ART 1.9.1 provides updates to ART 1.9.
KerasClassifier.compute_loss
. (#1466)art.defences.preprocessor.VideoCompression*
. (#1470)[None]
[None]
art.utils.load_nursery
for loading nursery dataset with argument raw=True
. (#1460)matplotlib
to keep it an optional dependency. (#1467)PyTorchGoturn.predict
by adding back missing sample dimension. (#1470)PyTorchClassifier.get_activations
to also apply preprocessing if argument framework=True
. This fix likely changes the results obtained with BullseyePolytopeAttackPyTorch
, the main attack using framework=True
. (#1471)