Adversarial-robustness-toolbox

This release of ART 1.19.0 introduces Steal Now Attack Later and Rescaling Auto Conjugate Gradient attacks and the Be Your Own Neighbourhood Detector (BEYOND) for adversarial examples.

Added

- Added the Steal Now Attack Later (SNAL) evasion attack (2440)
- Added the Rescaling Auto Conjugate Gradient (ReACG) descent evasion attack (2460)
- Added the Be Your Own Neighbourhood Detector (BEYOND) for adversarial examples in PyTorch (2489)
- Added support for scikit-learn models with multiples outputs (2505)

Changed

- Changed AutoAttack to allow defining number of processes used in parallel processing (2529)

Removed

[None]

Fixed

- Fixed use of deprecated function `binom_test` from `scipy` (2517)
- Fixed bug in random sampling of patch locations in masks for adversarial patch attacks in PyTorch (2539)

This release of ART 1.18.2 provides updates to ART 1.18

Added

[None]

Changed

- Changed version checks for imported libraries requiring checks to use standard library functions (2500)

Removed

[None]

Fixed

[None]

This release of ART 1.18.1 provides updates to ART 1.18

Added

[None]

Changed

[None]

Removed

[None]

Fixed

- Fixed missing transfer to device/GPU in `ProjectedGradientDescentPyTorch` (2455)

This release of ART 1.18.0 introduces Overload Attack on object detection models and provides fast accurate loss gradients in Projected Gradient Descent for all norms.

Added

- Added Overload Attack on object detection models (2337)
- Added support for all norms in Projected Gradient Descent attacks (2382)
- Added support for feature scaling in inference attacks (2384)

Changed

- Replaced model specific estimators for Yolo and Faster-RCNN with single estimator for all object detection models in PyTorch (2321 )

Removed

[None]

Fixed

- Fixed scaling of gradients of non-L[2, infinity] norms in Projected Gradient Descent attacks (2382)

This release of ART 1.17.1 provides updates to ART 1.17

Added

[None]

Changed

[None]

Removed

- Removed upper limit for `scikit-learn` to reduce dependency conflicts and facilitate integration with other libraries.

Fixed

[None]

This release of ART 1.17.0 introduces new adversarial training protocols, membership inference attacks, composite adversarial attacks for evasion and more.

Added

- Added Composite Adversarial Attack as evasion attack in PyTorch (2287)
- Added support for black-box membership inference attacks without true labels (2293)
- Added verbose option for progress bars in methods `fit` and `predict` of all classification estimators (2334)
- Added Oracle Aligned Adversarial Training (OAAT) in PyTorch (2348)

Changed

[None]

Removed

[None]

Fixed

- Fixed bug in `ActivateDefense` and `SpectralSignatures` poisoning defences by flattening the outputs when calling `get_activations()` (2327)
- Fixed bug in Hugging Face classification estimator to correctly infer device if provided model is already on GPU (2300)