This release of ART 1.5.1 provides updates to ART 1.5.

Added

• Added an option to select to probability values for model extraction attacks in addition to index labels in art.attacks.extraction.CopycatCNN and art.attacks.extraction.KnockoffNets. (#825)
• Added a new notebook demonstrating model extraction attacks and defences. (#825)
• Added art.attacks.evasion.CarliniWagnerASR as a special case of art.attacks.evasion.ImperceptibleASR where max_iter_stage_2=0 skipping the second stage of the ImperceptibleASR. (#784)

Changed

• Changed method generate of art.attacks.evasion.ProjectedGradientDescentPyTorch and art.attacks.evasion.ProjectedGradientDescentTensorFlowV2 to create a copy of the input data to guard the input data from being overwritten by a model that unexpectedly overwrites its input data. This change follows the implementation of art.attacks.evasion.ProjectedGradientDescentNumpy and provides an extra layer of protection against unexpected model behavior. (#805)
• Change numerical precision in art.attacks.evasion.Wasserstein from float to double to reduce numerical overflow in numpy.log and replace input pixel values of 0 with EPS_LOG=10^-10 to prevent division by zero in numpy.log. (#780)
• Changed tqdm imports to use tqdm.auto to automatically run its Jupyter widgets where supported. (#799)
• Improved documentation, argument value checks and added support for index labels in art.attacks.inference.member_ship.LabelOnlyDecisionBoundary. (#790)

Removed

[None]

Fixed

• Fixed bug in art.estimators.classification.KerasClassifier.custom_loss_gradient() to support keras and tensorflow.keras. (#810)
• Fixed bug in art.attacks.evasion.PixelThreshold.generate to correctly scale images in range [0, 255]. (#802)
• Fixed bug in art.attacks.evasion.PixelThreshold to run CMA Evolution Strategy max_iter iterations instead of 1 iteration. (#802)
• Fixed bug in art.estimators.object_detection.PyTorchFasterRCNN by adding missing argument model in super().init. (#789)