Releases: Trusted-AI/adversarial-robustness-toolbox
ART 1.19.0
This release of ART 1.19.0 introduces Steal Now Attack Later and Rescaling Auto Conjugate Gradient attacks and the Be Your Own Neighbourhood Detector (BEYOND) for adversarial examples.
Added
- Added the Steal Now Attack Later (SNAL) evasion attack (#2440)
- Added the Rescaling Auto Conjugate Gradient (ReACG) descent evasion attack (#2460)
- Added the Be Your Own Neighbourhood Detector (BEYOND) for adversarial examples in PyTorch (#2489)
- Added support for scikit-learn models with multiples outputs (#2505)
Changed
- Changed AutoAttack to allow defining number of processes used in parallel processing (#2529)
Removed
[None]
Fixed
ART 1.18.2
This release of ART 1.18.2 provides updates to ART 1.18
Added
[None]
Changed
- Changed version checks for imported libraries requiring checks to use standard library functions (#2500)
Removed
[None]
Fixed
[None]
ART 1.18.1
This release of ART 1.18.1 provides updates to ART 1.18
Added
[None]
Changed
[None]
Removed
[None]
Fixed
- Fixed missing transfer to device/GPU in
ProjectedGradientDescentPyTorch
(#2455)
ART 1.18.0
This release of ART 1.18.0 introduces Overload Attack on object detection models and provides fast accurate loss gradients in Projected Gradient Descent for all norms.
Added
- Added Overload Attack on object detection models (#2337)
- Added support for all norms in Projected Gradient Descent attacks (#2382)
- Added support for feature scaling in inference attacks (#2384)
Changed
- Replaced model specific estimators for Yolo and Faster-RCNN with single estimator for all object detection models in PyTorch (#2321 )
Removed
[None]
Fixed
- Fixed scaling of gradients of non-L[2, infinity] norms in Projected Gradient Descent attacks (#2382)
ART 1.17.1
This release of ART 1.17.1 provides updates to ART 1.17
Added
[None]
Changed
[None]
Removed
- Removed upper limit for
scikit-learn
to reduce dependency conflicts and facilitate integration with other libraries.
Fixed
[None]
ART 1.17.0
This release of ART 1.17.0 introduces new adversarial training protocols, membership inference attacks, composite adversarial attacks for evasion and more.
Added
- Added Composite Adversarial Attack as evasion attack in PyTorch (#2287)
- Added support for black-box membership inference attacks without true labels (#2293)
- Added verbose option for progress bars in methods
fit
andpredict
of all classification estimators (#2334) - Added Oracle Aligned Adversarial Training (OAAT) in PyTorch (#2348)
Changed
[None]
Removed
[None]
Fixed
ART 1.16.0
This release of ART 1.16.0 introduces multiple estimators for certified robustness and Hugging Face models, adversarial training with Adversarial Weight Perturbation, improvements for inference attacks, and more.
Added
- Added estimator for smoothed vision transformers as defence against evasion with adversarial patches (#2171)
- Added estimators for variations of randomised smoothing including MACER, SmoothAdv, and SmoothMix for PyTorch and TensorFlow (#2218)
- Added adversarial training with Adversarial Weight Perturbation protocol in PyTorch (#2224)
- Added estimator for Hugging Face models with PyTorch backend (#2245)
- Added ObjectSeeker certifiably robust defence for object detectors against poisoning and adversarial patches (#2246)
- Added representation string
__repr__
to all attacks (#2274)
Changed
- Changed inference attacks to support additional attack model types (e.g., KNN, LR, etc.) and replaced scikit-learn's MLPClassifier with a PyTorch neural network model (#2253)
- Changes attacks's method
set_params
to raiseValueError
if a not previously defined attributed is set (#2257) - Changed AutoAttack to support multiprocessing and support running attacks in parallel (#2258)
Removed
[None]
Fixed
ART 1.15.2
This release of ART 1.15.2 provides updates to ART 1.15
Added
[None]
Changed
[None]
Removed
[None]
Fixed
ART 1.15.1
This release of ART 1.15.1 provides updates to ART 1.15
Added
[None]
Changed
[None]
Removed
[None]
Fixed
- Fixed deprecation warning by replacing the import statement
from scipy.ndimage.filters import median_filter
withfrom scipy.ndimage import median_filter
(#2211) - Fixed bug limiting input shapes in
AutoProjectedGradientDescent
andAutoConjugateGradient
attacks to be images to support any input shapes (#2214) - Fixed missing support for index-labels in
AdversarialTrainerTRADESPyTorch
(#2231) - Fix bug in
PyTorchObjectDetector
andPyTorchYolo
estimators to support non-leaf tensors to retain gradient properties if moved to another device (#2238, #2249) - Fixed unintended required dependency
Pillow
to be optional again (#2240) - Fixed circular dependencies in
art.estimators.certification
(#2241)
ART 1.15.0
This release of ART 1.15.0 introduces a default training loop for TensorFlowV2Classifier, the TRADES adversarial training protocol, an estimator for DEtection TRansformer (DETR) object detection models, and more.
Added
- Added default training function to
TensorFlowV2Classifier
(#2124) - Added TRADES adversarial training protocol in PyTorch (#2131)
- Added preprocessors for images supporting padding and resizing in PyTorch, TensorFlow and framework-independent (#2138)
- Added support for arbitrarily sized images in
BadDet
poisoning attacks (#2189) - Added estimator for DEtection TRansformer (DETR) object detection models based on transformer architectures (#2192)
Changed
- Changed PyTorch estimators to use PyTorch datasets and dataloaders to optimize the
fit
andpredict
methods forPyTorchClassifier
,PyTorchRegressor
,PyTorchRandomizedSmoothing
,PyTorchObjectDetector
, andPyTorchYolo
and optimized thepredict
method ofTensorFlowV2Classifier
by using a TensorFlow dataset and applying @tf.function decorator (#2180) - Changed
PyTorchObjectDetector
to applychannels_first
argument and improved performance by applying batch processing provided by newer PyTorch versions. (#2180)
Removed
[None]
Fixed
- Fixed unnecessary duplicate prediction calls to estimator in
SignOPTAttack
(#2129) - Fixed missing transfer of tensor to device in
ProjectedGradientDescentPyTorch
(#2135) - Fixed trigger placement for image poisoning perturbations by correctly accessing height and width of the trigger image instead of swapping both (#2143)
- Fixed key error in loss gradients of
PyTorchYolo
estimator and updated format of targets passed to the estimator inAdversarialPatchPyTorch
to reflect updates toPyTorchYolo
(#2169) - Fixed Visible Deprecation Warning in
analyze_by_distance
andanalyze_by_size
ofClusteringAnalyzer
(#2195)