Adversarial-robustness-toolbox

This release of ART 1.18.2 provides updates to ART 1.18

Added

[None]

Changed

- Changed version checks for imported libraries requiring checks to use standard library functions (2500)

Removed

[None]

Fixed

[None]

This release of ART 1.18.1 provides updates to ART 1.18

Added

[None]

Changed

[None]

Removed

[None]

Fixed

- Fixed missing transfer to device/GPU in `ProjectedGradientDescentPyTorch` (2455)

This release of ART 1.18.0 introduces Overload Attack on object detection models and provides fast accurate loss gradients in Projected Gradient Descent for all norms.

Added

- Added Overload Attack on object detection models (2337)
- Added support for all norms in Projected Gradient Descent attacks (2382)
- Added support for feature scaling in inference attacks (2384)

Changed

- Replaced model specific estimators for Yolo and Faster-RCNN with single estimator for all object detection models in PyTorch (2321 )

Removed

[None]

Fixed

- Fixed scaling of gradients of non-L[2, infinity] norms in Projected Gradient Descent attacks (2382)

This release of ART 1.17.1 provides updates to ART 1.17

Added

[None]

Changed

[None]

Removed

- Removed upper limit for `scikit-learn` to reduce dependency conflicts and facilitate integration with other libraries.

Fixed

[None]

This release of ART 1.17.0 introduces new adversarial training protocols, membership inference attacks, composite adversarial attacks for evasion and more.

Added

- Added Composite Adversarial Attack as evasion attack in PyTorch (2287)
- Added support for black-box membership inference attacks without true labels (2293)
- Added verbose option for progress bars in methods `fit` and `predict` of all classification estimators (2334)
- Added Oracle Aligned Adversarial Training (OAAT) in PyTorch (2348)

Changed

[None]

Removed

[None]

Fixed

- Fixed bug in `ActivateDefense` and `SpectralSignatures` poisoning defences by flattening the outputs when calling `get_activations()` (2327)
- Fixed bug in Hugging Face classification estimator to correctly infer device if provided model is already on GPU (2300)

This release of ART 1.16.0 introduces multiple estimators for certified robustness and Hugging Face models, adversarial training with Adversarial Weight Perturbation, improvements for inference attacks, and more.

Added

- Added estimator for smoothed vision transformers as defence against evasion with adversarial patches (2171)
- Added estimators for variations of randomised smoothing including MACER, SmoothAdv, and SmoothMix for PyTorch and TensorFlow (2218)
- Added adversarial training with Adversarial Weight Perturbation protocol in PyTorch (2224)
- Added estimator for Hugging Face models with PyTorch backend (2245)
- Added ObjectSeeker certifiably robust defence for object detectors against poisoning and adversarial patches (2246)
- Added representation string `__repr__` to all attacks (2274)

Changed

- Changed inference attacks to support additional attack model types (e.g., KNN, LR, etc.) and replaced scikit-learn's MLPClassifier with a PyTorch neural network model (2253)
- Changes attacks's method `set_params` to raise `ValueError` if a not previously defined attributed is set (2257)
- Changed AutoAttack to support multiprocessing and support running attacks in parallel (2258)

Removed

[None]

Fixed

- Fixed docstring of `TargetedUniversalPerturbation` (2212)
- Fixed bug of unsupported operands because of dependency updates in `AdversarialPatchTensorFlowV2` (2276)
- Fixed bug in `AutoAttack` to avoid that attacks which do not support targeted mode are skipped (2257)