This release of ART 1.14.0 introduces poisoning attacks on object detection models, privacy risk metrics, new white-box evasion attack based on conjugate gradients, and more.

Added

• Added implementation of SHAPr membership privacy risk metric (#1978)
• Added support for categorical non-numeric as well as continuous features in attribute inference attacks and improvements in shadow model tools (#2006)
• Added implementation of Auto Conjugate Gradient Attack for white-box evasion (#2028)
• Added implementation of adversarial training with interval bound propagation (#2044)
• Added implementation of method fit to object detection estimators PyTorchFasterRCNN, PyTorchObjectDetector, and PyTorchYolo (#2067)
• Added BadDet object detection poisoning attacks (RMA, GMA, OGA, ODA) (#2054, #2069)

Changed

• Changed evasion detectors module by refactoring the entire module and introducing common API with the EvasionDetector base class (#1993)
• Changed loading of audio triggers with audio_perturbations to cache trigger to accelerate loading (#2053)
• Changed tested and officially supported Python versions to 3.9, 3.10, 3.11 (#2063)
• Changed checks and internal improvements to AdversarialTrainerCertifiedPytorch (#2070)

Removed

[None]

Fixed

• Fixed bug in add_single_bd and add_pattern_bd to avoid confusing height and width of the trigger image and transposing the trigger (#2046)