This release of ART 1.11.0 introduces estimators for YOLO object detection and regression models, the first audio poisoning attack, new query-efficient black-box evasion attacks, certified defenses against adversarial patch attacks, metrics quantifying membership inference and more.
Added
- Added Momentum-Iterative FGSM evasion attack in
MomentumIterativeMethodand added optional momentum to loss gradients inProjectedGradientDescent*attacks. (#1614) - Added metrics measuring worst-case scores of membership inference attacks. (#1709)
- Added estimator for YOLO v3 models in PyTorch in
PyTorchYolo. (#1715) - Added estimators for de-randomized smoothing certification against patch attacks in
PyTorchDeRandomizedSmoothingandTensorFlowV2DeRandomizedSmoothing. (#1729) - Added query-efficient hard-label black-box evasion attack Sign-Opt in
SignOPTAttack. (#1730) - Added Sleeper Agent poisoning attack PyTorch in
SleeperAgentAttack. (#1736) - Added exclusionary reclassification to
ActivationDefence. (#1738) - Added dirty-label backdoor poisoning attack on audio classification in
art.attacks.poisoning.perturbations.audio_perturbations. (#1740) - Added estimators for regression in
PyTorchRegressorandKerasRegressorfor PyTorch and Keras. (#1651) - Added option for targeted attacks to
AdversarialPatchandAdversarialPatchNumpy. (#1759)
Changed
- Changed
check_and_transform_label_formatfornb_classes=Noneto automatically determine the number of classes in the provided labels. (#1747) - Added additional documentation to
ZOOAttackand cleaned up the code of methodcompare. (#1648) - Changed default value for number of epochs
nb_epochsinAdversarialTrainerMadryPGDto match 80'000 training steps of Madry et al. (#1758)
Removed
[None]