Skip to content

Releases: Trusted-AI/adversarial-robustness-toolbox

ART 1.19.0

20 Dec 00:51
Compare
Choose a tag to compare

This release of ART 1.19.0 introduces Steal Now Attack Later and Rescaling Auto Conjugate Gradient attacks and the Be Your Own Neighbourhood Detector (BEYOND) for adversarial examples.

Added

  • Added the Steal Now Attack Later (SNAL) evasion attack (#2440)
  • Added the Rescaling Auto Conjugate Gradient (ReACG) descent evasion attack (#2460)
  • Added the Be Your Own Neighbourhood Detector (BEYOND) for adversarial examples in PyTorch (#2489)
  • Added support for scikit-learn models with multiples outputs (#2505)

Changed

  • Changed AutoAttack to allow defining number of processes used in parallel processing (#2529)

Removed

[None]

Fixed

  • Fixed use of deprecated function binom_test from scipy (#2517)
  • Fixed bug in random sampling of patch locations in masks for adversarial patch attacks in PyTorch (#2539)

ART 1.18.2

02 Oct 21:30
Compare
Choose a tag to compare

This release of ART 1.18.2 provides updates to ART 1.18

Added

[None]

Changed

  • Changed version checks for imported libraries requiring checks to use standard library functions (#2500)

Removed

[None]

Fixed

[None]

ART 1.18.1

03 Jul 17:29
Compare
Choose a tag to compare

This release of ART 1.18.1 provides updates to ART 1.18

Added

[None]

Changed

[None]

Removed

[None]

Fixed

  • Fixed missing transfer to device/GPU in ProjectedGradientDescentPyTorch (#2455)

ART 1.18.0

16 Jun 22:19
Compare
Choose a tag to compare

This release of ART 1.18.0 introduces Overload Attack on object detection models and provides fast accurate loss gradients in Projected Gradient Descent for all norms.

Added

  • Added Overload Attack on object detection models (#2337)
  • Added support for all norms in Projected Gradient Descent attacks (#2382)
  • Added support for feature scaling in inference attacks (#2384)

Changed

  • Replaced model specific estimators for Yolo and Faster-RCNN with single estimator for all object detection models in PyTorch (#2321 )

Removed

[None]

Fixed

  • Fixed scaling of gradients of non-L[2, infinity] norms in Projected Gradient Descent attacks (#2382)

ART 1.17.1

17 Feb 23:58
Compare
Choose a tag to compare

This release of ART 1.17.1 provides updates to ART 1.17

Added

[None]

Changed

[None]

Removed

  • Removed upper limit for scikit-learn to reduce dependency conflicts and facilitate integration with other libraries.

Fixed

[None]

ART 1.17.0

27 Dec 22:17
Compare
Choose a tag to compare

This release of ART 1.17.0 introduces new adversarial training protocols, membership inference attacks, composite adversarial attacks for evasion and more.

Added

  • Added Composite Adversarial Attack as evasion attack in PyTorch (#2287)
  • Added support for black-box membership inference attacks without true labels (#2293)
  • Added verbose option for progress bars in methods fit and predict of all classification estimators (#2334)
  • Added Oracle Aligned Adversarial Training (OAAT) in PyTorch (#2348)

Changed

[None]

Removed

[None]

Fixed

  • Fixed bug in ActivateDefense and SpectralSignatures poisoning defences by flattening the outputs when calling get_activations() (#2327)
  • Fixed bug in Hugging Face classification estimator to correctly infer device if provided model is already on GPU (#2300)

ART 1.16.0

22 Sep 14:42
Compare
Choose a tag to compare

This release of ART 1.16.0 introduces multiple estimators for certified robustness and Hugging Face models, adversarial training with Adversarial Weight Perturbation, improvements for inference attacks, and more.

Added

  • Added estimator for smoothed vision transformers as defence against evasion with adversarial patches (#2171)
  • Added estimators for variations of randomised smoothing including MACER, SmoothAdv, and SmoothMix for PyTorch and TensorFlow (#2218)
  • Added adversarial training with Adversarial Weight Perturbation protocol in PyTorch (#2224)
  • Added estimator for Hugging Face models with PyTorch backend (#2245)
  • Added ObjectSeeker certifiably robust defence for object detectors against poisoning and adversarial patches (#2246)
  • Added representation string __repr__ to all attacks (#2274)

Changed

  • Changed inference attacks to support additional attack model types (e.g., KNN, LR, etc.) and replaced scikit-learn's MLPClassifier with a PyTorch neural network model (#2253)
  • Changes attacks's method set_params to raise ValueError if a not previously defined attributed is set (#2257)
  • Changed AutoAttack to support multiprocessing and support running attacks in parallel (#2258)

Removed

[None]

Fixed

  • Fixed docstring of TargetedUniversalPerturbation (#2212)
  • Fixed bug of unsupported operands because of dependency updates in AdversarialPatchTensorFlowV2 (#2276)
  • Fixed bug in AutoAttack to avoid that attacks which do not support targeted mode are skipped (#2257)

ART 1.15.2

12 Sep 20:55
Compare
Choose a tag to compare

This release of ART 1.15.2 provides updates to ART 1.15

Added

[None]

Changed

[None]

Removed

[None]

Fixed

  • Fixed bug where PyTorchYolo and PyTorchObjectDetector object detection estimators modified the original input Numpy array (#2263)
  • Fixed bug where channels_first argument of PyTorchObjectDetector and PyTorchFasterRCNN received the wrong default value of False instead of True (#2264)

ART 1.15.1

20 Aug 22:36
Compare
Choose a tag to compare

This release of ART 1.15.1 provides updates to ART 1.15

Added

[None]

Changed

[None]

Removed

[None]

Fixed

  • Fixed deprecation warning by replacing the import statement from scipy.ndimage.filters import median_filter with from scipy.ndimage import median_filter (#2211)
  • Fixed bug limiting input shapes in AutoProjectedGradientDescent and AutoConjugateGradient attacks to be images to support any input shapes (#2214)
  • Fixed missing support for index-labels in AdversarialTrainerTRADESPyTorch (#2231)
  • Fix bug in PyTorchObjectDetector and PyTorchYolo estimators to support non-leaf tensors to retain gradient properties if moved to another device (#2238, #2249)
  • Fixed unintended required dependency Pillow to be optional again (#2240)
  • Fixed circular dependencies in art.estimators.certification (#2241)

ART 1.15.0

30 Jun 22:18
Compare
Choose a tag to compare

This release of ART 1.15.0 introduces a default training loop for TensorFlowV2Classifier, the TRADES adversarial training protocol, an estimator for DEtection TRansformer (DETR) object detection models, and more.

Added

  • Added default training function to TensorFlowV2Classifier (#2124)
  • Added TRADES adversarial training protocol in PyTorch (#2131)
  • Added preprocessors for images supporting padding and resizing in PyTorch, TensorFlow and framework-independent (#2138)
  • Added support for arbitrarily sized images in BadDet poisoning attacks (#2189)
  • Added estimator for DEtection TRansformer (DETR) object detection models based on transformer architectures (#2192)

Changed

  • Changed PyTorch estimators to use PyTorch datasets and dataloaders to optimize the fit and predict methods for PyTorchClassifier, PyTorchRegressor, PyTorchRandomizedSmoothing, PyTorchObjectDetector, and PyTorchYolo and optimized the predict method of TensorFlowV2Classifier by using a TensorFlow dataset and applying @tf.function decorator (#2180)
  • Changed PyTorchObjectDetector to apply channels_first argument and improved performance by applying batch processing provided by newer PyTorch versions. (#2180)

Removed

[None]

Fixed

  • Fixed unnecessary duplicate prediction calls to estimator in SignOPTAttack (#2129)
  • Fixed missing transfer of tensor to device in ProjectedGradientDescentPyTorch (#2135)
  • Fixed trigger placement for image poisoning perturbations by correctly accessing height and width of the trigger image instead of swapping both (#2143)
  • Fixed key error in loss gradients of PyTorchYolo estimator and updated format of targets passed to the estimator in AdversarialPatchPyTorch to reflect updates to PyTorchYolo(#2169)
  • Fixed Visible Deprecation Warning in analyze_by_distance and analyze_by_size of ClusteringAnalyzer (#2195)