A Python library for Secure and Explainable Machine Learning
See full release here: https://gitlab.com/secml/secml/-/releases/v0.14.1
COptimizerPGDLS
and COptimizerPGDLS
not working properly if the classifier's gradient has multiple components with the same (max) value.CConstraintL1
crashing when projecting sparse data using default center value (scalar 0).CConstraintL1
projection caused by type casting.discrete
from COptimizerPGDLS
and COptimizerPGDExp
.CAttackEvasion
, COptimizer
, CLineSearch
, and corresponding subclasses.See full release here: https://gitlab.com/secml/secml/-/releases/v0.14
adv.attacks.evasion.foolbox
with a wrapper for Foolbox.secml
is now tested for compatibility with Python 3.8.CArray
.secml
is now tested for compatibility with Python 3.8.scipy >= 1.3.2
, scikit-learn >= 0.22
, matplotlib >= 3
.pytorch
extra component now installs: torch >= 1.4
, torchvision >= 0.5
.cleverhans
extra component is now available on Python < 3.8 only, due to tensorflow 1
compatibility.adv.attacks.evasion.foolbox
with a wrapper for Foolbox.shape
parameter to the following CArray
methods: get_data
, tondarray
, tocsr
, tocoo
, tocsc
, todia
, todok
, tolil
, tolist
. The reshaping operation is performed after casting the array to the desired output data format.CMetricFNRatFPR
, CMetricTHatFPR
, CMetricTPRatTH
, CMetricFNRatTH
.CArray
. If the number of dimensions of input data is higher than 2, the data is reshaped to 2 dims, and the original shape is stored in the new attribute input_shape
.CDataLoaderMNIST
now downloads the files from our model-zoo mirror (https://gitlab.com/secml/secml-zoo/-/tree/datasets/MNIST).CDataLoaderTorchDataset
in a "pytorch" subfolder of SECML_DS_DIR
to avoid naming collisions.CAttackPoisoning
when y_target != None
due to missing broadcasting to expected shape.StandardScaler
, CScalerNorm
, CScalerMinMax
arguments using keywords to fix scikit futurewarning in version 0.23 or later.ValueError: k exceeds matrix dimensions
not raised by scipy v1.5 if a k
outside the array dimensions is used to extract a diagonal.frameon
from CFigure.savefig
as it is deprecated in matplotlib >= 3.1.papertype
from CFigure.savefig
as it is deprecated in matplotlib >= 3.3.MNIST
typo in notebook 10.See full release here: https://gitlab.com/secml/secml/-/releases/v0.13
CAttackEvasionPGDExp
.CClassifierDNR
implementing Deep Neural Rejection (DNR). See Sotgiu et al. “Deep neural rejection against adversarial examples”, EURASIP J. on Info. Security (2020).CClassifierMulticlassOVO
implementing One-vs-One multiclass classification scheme.CModule
to support trainable modules via fit
and fit_forward
functions.attack_params.<param_name>
as an input argument for the constructor of CSecEval
.ml.scalers
with a different implementation of ml.features.normalization
classes directly based Scikit-Learn's scalers. Included classes are: CScalerMinMax
, CScalerStd
, CScalerNorm
.CArray
to specific scipy.sparse
array formats: tocoo
, tocsc
, todia
, todok
, tolil
.CAttackPoisoning
now exposes: x0
, xc
, yc
, objective_function
and objective_function_gradient
.n_jobs
is now a init parameter of CModule
and subclasses and not passed via fit
anymore.CClassifierSVM
native support to OVA multiclass scheme, without replicating the kernel in each one-vs-all classifier._clear_cache
mechanism to CModule
and classes that require caching data in the forward pass before backward (e.g., exponential kernels do that to avoid re-computing the kernel matrix in the backward pass).forward
method for CClassifierMulticlassOVA
and CClassifierMulticlassOVO
.CAttack
interface (now only requires implementing run
as required by CSecEval
).CAttackEvasionPGDLS
). Now gradient is called once rather than twice to compute the gradient of the objective function.CSecEval
will now check that the param_name
input argument can be found in the attack class used in the evaluation.COptimizerPGD
now exits optimization if constraint radius is 0. COptimizerPGD
, COptimizerPGDLS
and COptimizerPGDExp
will now raise a warning if the 0-radius constraint is defined outside the given bounds.CClassifierSVM
now uses n_jobs
parameter for parallel execution of training in case of multiclass datasets.scipy.sparse
.hstack
and .vstack
instead of a custom implementation in CSparse.concatenate
.scipy.sparse
.argmin
and .argmax
instead of a custom implementation in CSparse.argmin
and CSparse.argmax
.CClassifierSVM
.store_dual_vars
and kernel.setter
from CClassifierSVM
. Now a linear SVM is trained in the primal (w,b) if kernel=None
, otherwise it is trained in the dual (alpha and b), on the precomputed training kernel matrix.fit
interface from fit(ds)
to fit(x,y)
to be consistent across normalizers and classifiers.gradient(x, w)
from CKernelRBF
, CKernelLaplacian
, CKernelEuclidean
, CClassifierDNN
, CNormalizerUnitNorm
. The protected property grad_requires_forward
now specifies if gradient has to compute an explicit forward pass or only propagate the input x
through the pre-processing chain before calling backward
.surrogate_data
parameter from CAttackPoisoning
and renamed it to double_init_ds
in CAttackEvasion
subclasses.CClassifierRejectThreshold
now returns wrapped classifier classes plus the reject class (-1).COptimizerPGD
which was missing index i
.CAttackEvasionPGDLS
to fix a crash when the class index of data points is greater or equal than the number of alternative data points.CClassifierPyTorch.backward
not working properly due to a miscalculation of the number of input features of the model when a CNormalizeDNN
is used as preprocessor.CClassifierRejectThreshold
which can be bypassed by using the clf attribute setter, now removed.CCreator.set
not allowing to set writable attributes of level-0 readable-only attributes.CCreator.get_params
not returning level-0 not-writable attributes having one or more writable attributes.CFigure
on Windows systems.model_zoo.load_model
improperly building download urls depending on the system default url separator.CSparse
to ensure they properly work independently from the sparse array format: save
, load
, __pow__
, round
, nan_to_num
, logical_and
, unique
, bincount
, prod
, all
, any
, min
, max
.CArray.tocsr()
now always returns a scipy.sparse.csr_matrix
array as expected.discrete
and surrogate_classifier
parameter from CAttack
.kernel
is now removed from CClassifierSGD
, CClassifierRidge
and CClassifierLogistic
classifiers.numpydoc
to < 1.1
to avoid compatibility issues of the newest version.CClassifierRejectThreshold.predict
method.random_state
not set for CClassifierDecisionTree
in notebook 4.