This is the initial release of ART. The following features are currently supported:
- `Classifier` interface, supporting a few predefined architectures (CNN, ResNet, MLP) for standard datasets (MNIST, CIFAR10), as well as custom models from users
- `Attack` interface, supporting a few evasion attacks
- FGM & FSGM
- Jacobian saliency map attack
- Carlini & Wagner L_2 attack
- DeepFool
- NewtonFool
- Virtual adversarial method (to be used for virtual adversarial training)
- Universal perturbation
- Defences
- Preprocessing interface, currently implemented by feature squeezing, label smoothing, spatial smoothing
- Adversarial training
- Metrics for measuring robustness: empirical robustness (minimal perturbation), loss sensitivity and CLEVER score
- Utilities for loading datasets, some preprocessing, common maths manipulations
- Scripts for launching some basic pipelines for training, tests and attacking
- Unit tests