Adversarial-robustness-toolbox

This release of ART 1.15.2 provides updates to ART 1.15

Added

[None]

Changed

[None]

Removed

[None]

Fixed

- Fixed bug where `PyTorchYolo` and `PyTorchObjectDetector` object detection estimators modified the original input Numpy array (2263)
- Fixed bug where `channels_first` argument of `PyTorchObjectDetector` and `PyTorchFasterRCNN` received the wrong default value of `False` instead of `True` (2264)

This release of ART 1.15.1 provides updates to ART 1.15

Added

[None]

Changed

[None]

Removed

[None]

Fixed

- Fixed deprecation warning by replacing the import statement `from scipy.ndimage.filters import median_filter` with `from scipy.ndimage import median_filter` (2211)
- Fixed bug limiting input shapes in `AutoProjectedGradientDescent` and `AutoConjugateGradient` attacks to be images to support any input shapes (2214)
- Fixed missing support for index-labels in `AdversarialTrainerTRADESPyTorch` (2231)
- Fix bug in `PyTorchObjectDetector` and `PyTorchYolo` estimators to support non-leaf tensors to retain gradient properties if moved to another device (2238, 2249)
- Fixed unintended required dependency `Pillow` to be optional again (2240)
- Fixed circular dependencies in `art.estimators.certification` (2241)

This release of ART 1.15.0 introduces a default training loop for TensorFlowV2Classifier, the TRADES adversarial training protocol, an estimator for DEtection TRansformer (DETR) object detection models, and more.

Added

- Added default training function to `TensorFlowV2Classifier` (2124)
- Added TRADES adversarial training protocol in PyTorch (2131)
- Added preprocessors for images supporting padding and resizing in PyTorch, TensorFlow and framework-independent (2138)
- Added support for arbitrarily sized images in `BadDet` poisoning attacks (2189)
- Added estimator for DEtection TRansformer (DETR) object detection models based on transformer architectures (2192)

Changed

- Changed PyTorch estimators to use PyTorch datasets and dataloaders to optimize the `fit` and `predict` methods for `PyTorchClassifier`, `PyTorchRegressor`, `PyTorchRandomizedSmoothing`, `PyTorchObjectDetector`, and `PyTorchYolo` and optimized the `predict` method of `TensorFlowV2Classifier` by using a TensorFlow dataset and applying tf.function decorator (2180)
- Changed `PyTorchObjectDetector` to apply `channels_first` argument and improved performance by applying batch processing provided by newer PyTorch versions. (2180)

Removed

[None]

Fixed

- Fixed unnecessary duplicate prediction calls to estimator in `SignOPTAttack` (2129)
- Fixed missing transfer of tensor to device in `ProjectedGradientDescentPyTorch` (2135)
- Fixed trigger placement for image poisoning perturbations by correctly accessing height and width of the trigger image instead of swapping both (2143)
- Fixed key error in loss gradients of `PyTorchYolo` estimator and updated format of targets passed to the estimator in `AdversarialPatchPyTorch` to reflect updates to `PyTorchYolo`(2169)
- Fixed Visible Deprecation Warning in `analyze_by_distance` and `analyze_by_size` of `ClusteringAnalyzer` (2195)

This release of ART 1.14.1 provides updates to ART 1.14

Added

[None]

Changed

[None]

Removed

[None]

Fixed

- Fixed bug in `PytorchYolo` object detection estimator to correctly normalize the bounding boxes (2091)
- Fixed missing `adversarial_accuracy` metric in `__init__.py` (2093 )
- Fixed bug of default value for a loss weighting parameter being used rather than user supplied inputs in `AdversarialTrainerCertifiedIBPPyTorch` (2102)
- Fixed Regional Misclassification Attack (RMA) to be able to poison all bounding boxes regardless of the class type (2110 )
- Fixed wrong order of predictions and targets arguments in `AutoProjectedGradientDescent`'s new cross entropy loss class introduced in ART 1.14.0 and ensured correct attributes in `PyTorchClassifier` (2117)

This release of ART 1.14.0 introduces poisoning attacks on object detection models, privacy risk metrics, new white-box evasion attack based on conjugate gradients, and more.

Added

- Added implementation of SHAPr membership privacy risk metric (1978)
- Added support for categorical non-numeric as well as continuous features in attribute inference attacks and improvements in shadow model tools (2006)
- Added implementation of Auto Conjugate Gradient Attack for white-box evasion (2028)
- Added implementation of adversarial training with interval bound propagation (2044)
- Added implementation of method `fit` to object detection estimators `PyTorchFasterRCNN`, `PyTorchObjectDetector`, and `PyTorchYolo` (2067)
- Added BadDet object detection poisoning attacks (RMA, GMA, OGA, ODA) (2054, 2069)

Changed

- Changed evasion detectors module by refactoring the entire module and introducing common API with the `EvasionDetector` base class (1993)
- Changed loading of audio triggers with `audio_perturbations` to cache trigger to accelerate loading (2053)
- Changed tested and officially supported Python versions to 3.9, 3.10, 3.11 (2063)
- Changed checks and internal improvements to `AdversarialTrainerCertifiedPytorch` (2070)

Removed

[None]

Fixed

- Fixed bug in `add_single_bd` and `add_pattern_bd` to avoid confusing height and width of the trigger image and transposing the trigger (2046)

This release of ART 1.13.1 provides updates to ART 1.13

Added

[None]

Changed

- Changed PDTP privacy metric to support two comparison: ratio (default) and new difference mode (1984)
- Changed default parameters for `apply_fit` and `apply_predict` for the Data Augmentation defenses `CutMix*`, `CutOut*`, and `MixUp*` (1987)

Removed

[None]

Fixed

- Fixed bug in `PixelThreshold` attack to support batches of a single sample (1982)
- Fixed type error in `DPInstaHideTrainer` for `PyTorchClassifier` by casting random noise to correct type (1987)
- Added missing classes to union types `OBJECT_DETECTOR_TYPE`, `PYTORCH_ESTIMATOR_TYPE`, and `TENSORFLOWV2_ESTIMATOR_TYPE` (1999)
- Fixed audio perturbations going out of clip values in `insert_tone_trigger` and `insert_audio_trigger` (2016)
- Fixed missing transfer to device in `FeatureAdversariesPyTorch` to enable running on GPUs (2021)
- Fixed missing covnersion to float to support floor() on GPUs in `PyTorchClassifier` (2022)
- Fixed incorrect integer return type in `check_and_transform_label_format` (2025)