ART 1.20.1

This release of ART 1.20.1 provides updates to ART 1.20

Added

[None]

Changed

[None]

Removed

[None]

Fixed

• Fixed a bug preventing backward compatibility for YOLO object detection model earlier than v5 in PyTorchYolo object detection estimator. (#2686 )

ART 1.20.0

This release of ART 1.20.0 introduces support for YOLO object detection models v8 and later versions and the new GREAT score measuring robustness with Generative AI.

Added

• Added GREAT Score: Global Robustness Evaluation of Adversarial Perturbation using Generative Models (#2527)
• Added support for YOLO object detection models of version v8 and later. (#2675)

Changed

[None]

Removed

• Removed support for TensorFlow v1 and MXNet including tools and attacks that were implemented only frameworks-specific in these frameworks. (#2621)

Fixed

[None]

ART 1.19.2

This release of ART 1.19.2 provides updates to ART 1.19

Added

[None]

Changed

• Replaced art/attacks/evasion/overload/box_iou.py under APGL license with code released under MIT License (#2615)

Removed

• Removed accidental installation of tests module in site-packages (#2616)

Fixed

• Fixed bug in PyTorchObjectDetector. _get_losses which did not freeze batch normalisation layers of the object detection model. All methods of PyTorchObjectDetector calculating losses or loss gradients therefore modified the batch normalisation parameters of the model. This resulted in inaccurate loss gradients and a gradually changing model in its batch normalisation layers. (#2663)

ART 1.19.1

This release of ART 1.19.1 provides updates to ART 1.19

Added

[None]

Changed

[None]

Removed

[None]

Fixed

• Fixed string literals in returned AutoAttack metadata to correctly use f-strings (#2550)
• Fixed typing and doctoring on AdversarialPatchPyTorch attack to account for object detection data (#2557)
• Fixed a missing PyTorch transfer to device in ProjectedGradientDescentPyTorch attack (#2558)

ART 1.19.0

This release of ART 1.19.0 introduces Steal Now Attack Later and Rescaling Auto Conjugate Gradient attacks and the Be Your Own Neighbourhood Detector (BEYOND) for adversarial examples.

Added

• Added the Steal Now Attack Later (SNAL) evasion attack (#2440)
• Added the Rescaling Auto Conjugate Gradient (ReACG) descent evasion attack (#2460)
• Added the Be Your Own Neighbourhood Detector (BEYOND) for adversarial examples in PyTorch (#2489)
• Added support for scikit-learn models with multiples outputs (#2505)

Changed

• Changed AutoAttack to allow defining number of processes used in parallel processing (#2529)

Removed

[None]

Fixed

• Fixed use of deprecated function binom_test from scipy (#2517)
• Fixed bug in random sampling of patch locations in masks for adversarial patch attacks in PyTorch (#2539)

ART 1.18.2

This release of ART 1.18.2 provides updates to ART 1.18

Added

[None]

Changed

• Changed version checks for imported libraries requiring checks to use standard library functions (#2500)

Removed

[None]

Fixed

[None]

ART 1.18.1

This release of ART 1.18.1 provides updates to ART 1.18

Added

[None]

Changed

[None]

Removed

[None]

Fixed

• Fixed missing transfer to device/GPU in ProjectedGradientDescentPyTorch (#2455)

ART 1.18.0

This release of ART 1.18.0 introduces Overload Attack on object detection models and provides fast accurate loss gradients in Projected Gradient Descent for all norms.

Added

• Added Overload Attack on object detection models (#2337)
• Added support for all norms in Projected Gradient Descent attacks (#2382)
• Added support for feature scaling in inference attacks (#2384)

Changed

• Replaced model specific estimators for Yolo and Faster-RCNN with single estimator for all object detection models in PyTorch (#2321 )

Removed

[None]

Fixed

• Fixed scaling of gradients of non-L[2, infinity] norms in Projected Gradient Descent attacks (#2382)

ART 1.17.1

This release of ART 1.17.1 provides updates to ART 1.17

Added

[None]

Changed

[None]

Removed

• Removed upper limit for scikit-learn to reduce dependency conflicts and facilitate integration with other libraries.

Fixed

[None]

ART 1.17.0

This release of ART 1.17.0 introduces new adversarial training protocols, membership inference attacks, composite adversarial attacks for evasion and more.

Added

• Added Composite Adversarial Attack as evasion attack in PyTorch (#2287)
• Added support for black-box membership inference attacks without true labels (#2293)
• Added verbose option for progress bars in methods fit and predict of all classification estimators (#2334)
• Added Oracle Aligned Adversarial Training (OAAT) in PyTorch (#2348)

Changed

[None]

Removed

[None]

Fixed

• Fixed bug in ActivateDefense and SpectralSignatures poisoning defences by flattening the outputs when calling get_activations() (#2327)
• Fixed bug in Hugging Face classification estimator to correctly infer device if provided model is already on GPU (#2300)