An adversarial example library for constructing attacks, building defenses, and benchmarking both
We now support 3 frameworks: JAX, PyTorch, and TF2; we no longer support TF1.
If necessary, you can still access the TF1 implementations under the cleverhans_v3.1.0/ directory.
This is the final release that supports TF1 and Python 2; future versions will only support TF2, PyTorch and JAX on Python 3.
Compared to v3.0.1, this release provides various bug fixes and code refactoring (the main difference is that attacks are now stored in separate files for better modularity), as well as beta implementations of attacks in TF2, PyTorch and JAX in preparation for the upcoming version 4 release.
Compared to v.3.0.0, this release fixes bugs related to the:
Relative to v2.1.0, this release adds:
Support for TensorFlow prior to 1.8 is now deprecated.
CleverHans version numbers are based on the semantic versioning system. This release increments the major version number because it makes API changes that are incompatible with the previous release.
In particular, many attacks are now stronger in this release. Benchmark results generated using 2.x should not be compared to benchmark results using 3.x.
The following features were added:
The following additions were made to the examples/
folder:
This release also provides various bug fixes and code maintainability improvements, as well as improvements to the documentation.
CleverHans version numbers are based on the semantic versioning system. This release increments the minor version number because it adds functionality in a backwards-compatible manner.
Relative to v1.0.0, this release adds:
Model
and Attack
base classes providing a uniform interface for all library functionality and the ability to extend the library with 3rd party subclassesThis release also deprecates some features:
CleverHans version numbers are based on the semantic versioning system. This release increments the major version number because it makes API changes that are incompatible with the previous release. Most of these API changes are related to the standardization of the attacks to all implement the Attack
interface and access the model via the Model
interface.
New features and improvements since v0.1:
jsma
, the saliency map attacktf_model_loss
that reduced the effectiveness of both model training and adversarial example construction.tf_model_eval
that could result in overestimating the accuracy.This initial public release includes: