ART 1.11.0
This release of ART 1.11.0 introduces estimators for YOLO object detection and regression models, the first audio poisoning attack, new query-efficient black-box evasion attacks, certified defenses against adversarial patch attacks, metrics quantifying membership inference and more.
Added
- Added Momentum-Iterative FGSM evasion attack in
MomentumIterativeMethod
and added optional momentum to loss gradients inProjectedGradientDescent*
attacks. (#1614) - Added metrics measuring worst-case scores of membership inference attacks. (#1709)
- Added estimator for YOLO v3 models in PyTorch in
PyTorchYolo
. (#1715) - Added estimators for de-randomized smoothing certification against patch attacks in
PyTorchDeRandomizedSmoothing
andTensorFlowV2DeRandomizedSmoothing
. (#1729) - Added query-efficient hard-label black-box evasion attack Sign-Opt in
SignOPTAttack
. (#1730) - Added Sleeper Agent poisoning attack PyTorch in
SleeperAgentAttack
. (#1736) - Added exclusionary reclassification to
ActivationDefence
. (#1738) - Added dirty-label backdoor poisoning attack on audio classification in
art.attacks.poisoning.perturbations.audio_perturbations
. (#1740) - Added estimators for regression in
PyTorchRegressor
andKerasRegressor
for PyTorch and Keras. (#1651) - Added option for targeted attacks to
AdversarialPatch
andAdversarialPatchNumpy
. (#1759)
Changed
- Changed
check_and_transform_label_format
fornb_classes=None
to automatically determine the number of classes in the provided labels. (#1747) - Added additional documentation to
ZOOAttack
and cleaned up the code of methodcompare
. (#1648) - Changed default value for number of epochs
nb_epochs
inAdversarialTrainerMadryPGD
to match 80'000 training steps of Madry et al. (#1758)
Removed
[None]