This release of ART 1.10.0 introduces multiple poisoning attacks on image classification and deep generative models, the first attack with dynamic patches on object tracking in videos, classification certification based on zonotope representations, EoT support for object detection in image rotation and center cropping, new features for attribute inference attacks and more.

Added

• Added Gradient Matching (Witches' Brew) attack art.attacks.poisoning.GradientMatchingAttack in TensorFlow (#1587)
• Added functions projection_l1_1 and projection_l1_2 to art.utils for two algorithms computing orthogonal projections on L1-norm balls (#1586)
• Added perspective transformations to art.attacks.evasion.AdversarialTexturePyTorch attack to enable dynamic texture/patches (#1557)
• Added support for object detection in art.attacks.evasion.AdversarialPatchPyTorch (#1535)
• Added new features to attribute inference attacks including support for optional use of true labels in black-box attribute inference attacks, automatic calculation of values in fit() method, additional scaling method for labels/predictions and an additional attack model type (random forest) (#1534)
• Added estimator art.estimators.certification.PytorchDeepZ based on DeepZ for robustness certification using zonotope representations datapoints (#1531)
• Added Expectation over Transformation (EoT) for rotation and centre crop with support for classification and object detection (#1516)
• Added support for SummaryWriter in art.attacks.evasion.RobustDpatch (#1513)
• Added PGD L-Inf optimizer to art.attacks.evasion.AdversarialPatch* attacks (#1495)
• Added two backdoor poisoning attacks, Red in art.attacks.poisoning.BackdoorAttackDGMReD and Trail in art.attacks.poisoning.BackdoorAttackDGMTrail, targeting Deep Generative Models (#1490)
• Added Hidden Trigger Backdoor Poisoning Attack in Keras and PyTorch in art.attacks.poisoning.HiddenTriggerBackdoor (#1487)
• Added Feature Collision Poisoning Attack in PyTorch in art.attacks.poisoning.FeatureCollisionAttack (#1435 )

Changed

• Changed imports of TensorFlow v2 in TensorFlowClassifier to support TensorFlow v1 compatibility mode (#1560)
• Changed Python used for unit testing to newer versions, upgraded style checks and improved code quality (#1517)

Removed

[None]

Fixed

• Fixed import of Scipy in PixelThreshold attack to support scipy>=1.8 (#1589)
• Fixed bug of missing attribute in PixelAttack for scaled images (#1574)
• Fixed use of torchaudio.functional.magphase in PyTorchDeepSpeech to support Deep Speech 2 version 3 with torch>=1.10 (#1550)
• Fixed method fitof ScikitlearnRegressor to process labels correctly (#1537)
• Fixed scalar names of Indicators of Attack Failure 2 and 3 for aggregated losses (#1512)
• Fixed raising of DataConversionWarning in fitting black box membership inference attacks with attack_model_type 'rf' or 'gb (#1488)